summaryrefslogtreecommitdiff
path: root/lib/cryptohi
diff options
context:
space:
mode:
authorFranziskus Kiefer <franziskuskiefer@gmail.com>2016-01-18 15:03:31 +0100
committerFranziskus Kiefer <franziskuskiefer@gmail.com>2016-01-18 15:03:31 +0100
commitce899a1259196e049f62b6df5726037a630e0207 (patch)
tree9e3095d336076f5502d8d062c78804bc2b60806e /lib/cryptohi
parent419545ad071f68acb0ca404937a333a7b5a820db (diff)
downloadnss-hg-ce899a1259196e049f62b6df5726037a630e0207.tar.gz
Bug 1235586, clang-format on lib/cryptohi with manual corrections, r=kaieNSS_3_22_BETA1
Diffstat (limited to 'lib/cryptohi')
-rw-r--r--lib/cryptohi/cryptohi.h110
-rw-r--r--lib/cryptohi/cryptoht.h1
-rw-r--r--lib/cryptohi/dsautil.c138
-rw-r--r--lib/cryptohi/keyhi.h80
-rw-r--r--lib/cryptohi/keyi.h3
-rw-r--r--lib/cryptohi/keythi.h69
-rw-r--r--lib/cryptohi/sechash.c443
-rw-r--r--lib/cryptohi/sechash.h44
-rw-r--r--lib/cryptohi/seckey.c1953
-rw-r--r--lib/cryptohi/secsign.c454
-rw-r--r--lib/cryptohi/secvfy.c778
11 files changed, 2074 insertions, 1999 deletions
diff --git a/lib/cryptohi/cryptohi.h b/lib/cryptohi/cryptohi.h
index 6661b6644..f658daa9e 100644
--- a/lib/cryptohi/cryptohi.h
+++ b/lib/cryptohi/cryptohi.h
@@ -17,10 +17,8 @@
#include "keyt.h"
#include "certt.h"
-
SEC_BEGIN_PROTOS
-
/****************************************/
/*
** DER encode/decode (EC)DSA signatures
@@ -39,14 +37,14 @@ extern SECItem *DSAU_DecodeDerSig(const SECItem *item);
* on the size of q or the EC key used for signing.
*
* We can reuse the DSAU_EncodeDerSig interface to DER encode
- * raw ECDSA signature keeping in mind that the length of r
+ * raw ECDSA signature keeping in mind that the length of r
* is the same as that of s and exactly half of src->len.
*
* For decoding, we need to pass the length of the desired
* raw signature (twice the key size) explicitly.
*/
-extern SECStatus DSAU_EncodeDerSigWithLen(SECItem *dest, SECItem *src,
- unsigned int len);
+extern SECStatus DSAU_EncodeDerSigWithLen(SECItem *dest, SECItem *src,
+ unsigned int len);
extern SECItem *DSAU_DecodeDerSigToLen(const SECItem *item, unsigned int len);
/****************************************/
@@ -81,7 +79,7 @@ extern SECStatus SGN_Begin(SGNContext *cx);
** "inputLen" the length of the input data
*/
extern SECStatus SGN_Update(SGNContext *cx, const unsigned char *input,
- unsigned int inputLen);
+ unsigned int inputLen);
/*
** Finish the signature process. Use either k0 or k1 to sign the data
@@ -100,12 +98,12 @@ extern SECStatus SGN_End(SGNContext *cx, SECItem *result);
** "buf" the input data to sign
** "len" the amount of data to sign
** "pk" the private key to encrypt with
-** "algid" the signature/hash algorithm to sign with
+** "algid" the signature/hash algorithm to sign with
** (must be compatible with the key type).
*/
extern SECStatus SEC_SignData(SECItem *result,
- const unsigned char *buf, int len,
- SECKEYPrivateKey *pk, SECOidTag algid);
+ const unsigned char *buf, int len,
+ SECKEYPrivateKey *pk, SECOidTag algid);
/*
** Sign a pre-digested block of data using private key encryption, encoding
@@ -116,7 +114,7 @@ extern SECStatus SEC_SignData(SECItem *result,
** "algtag" The algorithm tag to encode (need for RSA only)
*/
extern SECStatus SGN_Digest(SECKEYPrivateKey *privKey,
- SECOidTag algtag, SECItem *result, SECItem *digest);
+ SECOidTag algtag, SECItem *result, SECItem *digest);
/*
** DER sign a single block of data using private key encryption and the
@@ -130,8 +128,8 @@ extern SECStatus SGN_Digest(SECKEYPrivateKey *privKey,
** "pk" the private key to encrypt with
*/
extern SECStatus SEC_DerSignData(PLArenaPool *arena, SECItem *result,
- const unsigned char *buf, int len,
- SECKEYPrivateKey *pk, SECOidTag algid);
+ const unsigned char *buf, int len,
+ SECKEYPrivateKey *pk, SECOidTag algid);
/*
** Destroy a signed-data object.
@@ -155,18 +153,18 @@ extern SECOidTag SEC_GetSignatureAlgorithmOidTag(KeyType keyType,
/*
** Create a signature verification context. This version is deprecated,
-** This function is deprecated. Use VFY_CreateContextDirect or
+** This function is deprecated. Use VFY_CreateContextDirect or
** VFY_CreateContextWithAlgorithmID instead.
** "key" the public key to verify with
** "sig" the encrypted signature data if sig is NULL then
** VFY_EndWithSignature must be called with the correct signature at
** the end of the processing.
-** "sigAlg" specifies the signing algorithm to use (including the
+** "sigAlg" specifies the signing algorithm to use (including the
** hash algorthim). This must match the key type.
** "wincx" void pointer to the window context
*/
extern VFYContext *VFY_CreateContext(SECKEYPublicKey *key, SECItem *sig,
- SECOidTag sigAlg, void *wincx);
+ SECOidTag sigAlg, void *wincx);
/*
** Create a signature verification context.
** "key" the public key to verify with
@@ -174,9 +172,9 @@ extern VFYContext *VFY_CreateContext(SECKEYPublicKey *key, SECItem *sig,
** VFY_EndWithSignature must be called with the correct signature at
** the end of the processing.
** "pubkAlg" specifies the cryptographic signing algorithm to use (the
-** raw algorithm without any hash specified. This must match the key
+** raw algorithm without any hash specified. This must match the key
** type.
-** "hashAlg" specifies the hashing algorithm used. If the key is an
+** "hashAlg" specifies the hashing algorithm used. If the key is an
** RSA key, and sig is not NULL, then hashAlg can be SEC_OID_UNKNOWN.
** the hash is selected from data in the sig.
** "hash" optional pointer to return the actual hash algorithm used.
@@ -186,10 +184,10 @@ extern VFYContext *VFY_CreateContext(SECKEYPublicKey *key, SECItem *sig,
** "wincx" void pointer to the window context
*/
extern VFYContext *VFY_CreateContextDirect(const SECKEYPublicKey *key,
- const SECItem *sig,
- SECOidTag pubkAlg,
- SECOidTag hashAlg,
- SECOidTag *hash, void *wincx);
+ const SECItem *sig,
+ SECOidTag pubkAlg,
+ SECOidTag hashAlg,
+ SECOidTag *hash, void *wincx);
/*
** Create a signature verification context from a algorithm ID.
** "key" the public key to verify with
@@ -198,15 +196,15 @@ extern VFYContext *VFY_CreateContextDirect(const SECKEYPublicKey *key,
** the end of the processing.
** "algid" specifies the signing algorithm and parameters to use.
** This must match the key type.
-** "hash" optional pointer to return the oid of the actual hash used in
+** "hash" optional pointer to return the oid of the actual hash used in
** the signature. If this value is NULL no, hash oid is returned.
** "wincx" void pointer to the window context
*/
-extern VFYContext *VFY_CreateContextWithAlgorithmID(const SECKEYPublicKey *key,
- const SECItem *sig,
- const SECAlgorithmID *algid,
- SECOidTag *hash,
- void *wincx);
+extern VFYContext *VFY_CreateContextWithAlgorithmID(const SECKEYPublicKey *key,
+ const SECItem *sig,
+ const SECAlgorithmID *algid,
+ SECOidTag *hash,
+ void *wincx);
/*
** Destroy a verification-context object.
@@ -226,7 +224,7 @@ extern SECStatus VFY_Begin(VFYContext *cx);
** "inputLen" the amount of input data
*/
extern SECStatus VFY_Update(VFYContext *cx, const unsigned char *input,
- unsigned int inputLen);
+ unsigned int inputLen);
/*
** Finish the verification process. The return value is a status which
@@ -243,19 +241,18 @@ extern SECStatus VFY_End(VFYContext *cx);
** returned. Otherwise, SECFailure is returned and the error code found
** using PORT_GetError() indicates what failure occurred. If signature is
** supplied the verification uses this signature to verify, otherwise the
-** signature passed in VFY_CreateContext() is used.
+** signature passed in VFY_CreateContext() is used.
** VFY_EndWithSignature(cx,NULL); is identical to VFY_End(cx);.
** "cx" the context
** "sig" the encrypted signature data
*/
extern SECStatus VFY_EndWithSignature(VFYContext *cx, SECItem *sig);
-
/*
** Verify the signature on a block of data for which we already have
** the digest. The signature data is an RSA private key encrypted
** block of data formatted according to PKCS#1.
-** This function is deprecated. Use VFY_VerifyDigestDirect or
+** This function is deprecated. Use VFY_VerifyDigestDirect or
** VFY_VerifyDigestWithAlgorithmID instead.
** "dig" the digest
** "key" the public key to check the signature with
@@ -265,7 +262,7 @@ extern SECStatus VFY_EndWithSignature(VFYContext *cx, SECItem *sig);
** "wincx" void pointer to the window context
**/
extern SECStatus VFY_VerifyDigest(SECItem *dig, SECKEYPublicKey *key,
- SECItem *sig, SECOidTag sigAlg, void *wincx);
+ SECItem *sig, SECOidTag sigAlg, void *wincx);
/*
** Verify the signature on a block of data for which we already have
** the digest. The signature data is an RSA private key encrypted
@@ -274,15 +271,15 @@ extern SECStatus VFY_VerifyDigest(SECItem *dig, SECKEYPublicKey *key,
** "key" the public key to check the signature with
** "sig" the encrypted signature data
** "pubkAlg" specifies the cryptographic signing algorithm to use (the
-** raw algorithm without any hash specified. This must match the key
+** raw algorithm without any hash specified. This must match the key
** type.
** "hashAlg" specifies the hashing algorithm used.
** "wincx" void pointer to the window context
**/
-extern SECStatus VFY_VerifyDigestDirect(const SECItem *dig,
- const SECKEYPublicKey *key,
- const SECItem *sig, SECOidTag pubkAlg,
- SECOidTag hashAlg, void *wincx);
+extern SECStatus VFY_VerifyDigestDirect(const SECItem *dig,
+ const SECKEYPublicKey *key,
+ const SECItem *sig, SECOidTag pubkAlg,
+ SECOidTag hashAlg, void *wincx);
/*
** Verify the signature on a block of data for which we already have
** the digest. The signature data is an RSA private key encrypted
@@ -297,15 +294,15 @@ extern SECStatus VFY_VerifyDigestDirect(const SECItem *dig,
** not set to SEC_OID_UNKNOWN, it must match the hash of the signature.
** "wincx" void pointer to the window context
*/
-extern SECStatus VFY_VerifyDigestWithAlgorithmID(const SECItem *dig,
- const SECKEYPublicKey *key, const SECItem *sig,
- const SECAlgorithmID *algid, SECOidTag hash,
- void *wincx);
+extern SECStatus VFY_VerifyDigestWithAlgorithmID(const SECItem *dig,
+ const SECKEYPublicKey *key, const SECItem *sig,
+ const SECAlgorithmID *algid, SECOidTag hash,
+ void *wincx);
/*
** Verify the signature on a block of data. The signature data is an RSA
** private key encrypted block of data formatted according to PKCS#1.
-** This function is deprecated. Use VFY_VerifyDataDirect or
+** This function is deprecated. Use VFY_VerifyDataDirect or
** VFY_VerifyDataWithAlgorithmID instead.
** "buf" the input data
** "len" the length of the input data
@@ -316,8 +313,8 @@ extern SECStatus VFY_VerifyDigestWithAlgorithmID(const SECItem *dig,
** "wincx" void pointer to the window context
*/
extern SECStatus VFY_VerifyData(const unsigned char *buf, int len,
- const SECKEYPublicKey *key, const SECItem *sig,
- SECOidTag sigAlg, void *wincx);
+ const SECKEYPublicKey *key, const SECItem *sig,
+ SECOidTag sigAlg, void *wincx);
/*
** Verify the signature on a block of data. The signature data is an RSA
** private key encrypted block of data formatted according to PKCS#1.
@@ -326,9 +323,9 @@ extern SECStatus VFY_VerifyData(const unsigned char *buf, int len,
** "key" the public key to check the signature with
** "sig" the encrypted signature data
** "pubkAlg" specifies the cryptographic signing algorithm to use (the
-** raw algorithm without any hash specified. This must match the key
+** raw algorithm without any hash specified. This must match the key
** type.
-** "hashAlg" specifies the hashing algorithm used. If the key is an
+** "hashAlg" specifies the hashing algorithm used. If the key is an
** RSA key, and sig is not NULL, then hashAlg can be SEC_OID_UNKNOWN.
** the hash is selected from data in the sig.
** "hash" optional pointer to return the actual hash algorithm used.
@@ -338,10 +335,10 @@ extern SECStatus VFY_VerifyData(const unsigned char *buf, int len,
** "wincx" void pointer to the window context
*/
extern SECStatus VFY_VerifyDataDirect(const unsigned char *buf, int len,
- const SECKEYPublicKey *key,
- const SECItem *sig,
- SECOidTag pubkAlg, SECOidTag hashAlg,
- SECOidTag *hash, void *wincx);
+ const SECKEYPublicKey *key,
+ const SECItem *sig,
+ SECOidTag pubkAlg, SECOidTag hashAlg,
+ SECOidTag *hash, void *wincx);
/*
** Verify the signature on a block of data. The signature data is an RSA
@@ -352,16 +349,15 @@ extern SECStatus VFY_VerifyDataDirect(const unsigned char *buf, int len,
** "sig" the encrypted signature data
** "algid" specifies the signing algorithm and parameters to use.
** This must match the key type.
-** "hash" optional pointer to return the oid of the actual hash used in
+** "hash" optional pointer to return the oid of the actual hash used in
** the signature. If this value is NULL no, hash oid is returned.
** "wincx" void pointer to the window context
*/
-extern SECStatus VFY_VerifyDataWithAlgorithmID(const unsigned char *buf,
- int len, const SECKEYPublicKey *key,
- const SECItem *sig,
- const SECAlgorithmID *algid, SECOidTag *hash,
- void *wincx);
-
+extern SECStatus VFY_VerifyDataWithAlgorithmID(const unsigned char *buf,
+ int len, const SECKEYPublicKey *key,
+ const SECItem *sig,
+ const SECAlgorithmID *algid, SECOidTag *hash,
+ void *wincx);
SEC_END_PROTOS
diff --git a/lib/cryptohi/cryptoht.h b/lib/cryptohi/cryptoht.h
index aca489959..5780bf47a 100644
--- a/lib/cryptohi/cryptoht.h
+++ b/lib/cryptohi/cryptoht.h
@@ -11,5 +11,4 @@
typedef struct SGNContextStr SGNContext;
typedef struct VFYContextStr VFYContext;
-
#endif /* _CRYPTOHT_H_ */
diff --git a/lib/cryptohi/dsautil.c b/lib/cryptohi/dsautil.c
index fb699ba02..db397dfd5 100644
--- a/lib/cryptohi/dsautil.c
+++ b/lib/cryptohi/dsautil.c
@@ -7,7 +7,7 @@
#include "prerr.h"
#ifndef DSA1_SUBPRIME_LEN
-#define DSA1_SUBPRIME_LEN 20 /* bytes */
+#define DSA1_SUBPRIME_LEN 20 /* bytes */
#endif
typedef struct {
@@ -16,16 +16,16 @@ typedef struct {
} DSA_ASN1Signature;
const SEC_ASN1Template DSA_SignatureTemplate[] =
-{
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(DSA_ASN1Signature) },
- { SEC_ASN1_INTEGER, offsetof(DSA_ASN1Signature,r) },
- { SEC_ASN1_INTEGER, offsetof(DSA_ASN1Signature,s) },
- { 0 }
-};
+ {
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(DSA_ASN1Signature) },
+ { SEC_ASN1_INTEGER, offsetof(DSA_ASN1Signature, r) },
+ { SEC_ASN1_INTEGER, offsetof(DSA_ASN1Signature, s) },
+ { 0 }
+ };
/* Input is variable length multi-byte integer, MSB first (big endian).
-** Most signficant bit of first byte is NOT treated as a sign bit.
-** May be one or more leading bytes of zeros.
+** Most signficant bit of first byte is NOT treated as a sign bit.
+** May be one or more leading bytes of zeros.
** Output is variable length multi-byte integer, MSB first (big endian).
** Most significant bit of first byte will be zero (positive sign bit)
** No more than one leading zero byte.
@@ -37,21 +37,21 @@ DSAU_ConvertUnsignedToSigned(SECItem *dest, SECItem *src)
{
unsigned char *pSrc = src->data;
unsigned char *pDst = dest->data;
- unsigned int cntSrc = src->len;
+ unsigned int cntSrc = src->len;
/* skip any leading zeros. */
- while (cntSrc && !(*pSrc)) {
- pSrc++;
- cntSrc--;
+ while (cntSrc && !(*pSrc)) {
+ pSrc++;
+ cntSrc--;
}
if (!cntSrc) {
- *pDst = 0;
- dest->len = 1;
- return;
+ *pDst = 0;
+ dest->len = 1;
+ return;
}
if (*pSrc & 0x80)
- *pDst++ = 0;
+ *pDst++ = 0;
PORT_Memcpy(pDst, pSrc, cntSrc);
dest->len = (pDst - dest->data) + cntSrc;
@@ -71,27 +71,27 @@ DSAU_ConvertSignedToFixedUnsigned(SECItem *dest, SECItem *src)
{
unsigned char *pSrc = src->data;
unsigned char *pDst = dest->data;
- unsigned int cntSrc = src->len;
- unsigned int cntDst = dest->len;
- int zCount = cntDst - cntSrc;
+ unsigned int cntSrc = src->len;
+ unsigned int cntDst = dest->len;
+ int zCount = cntDst - cntSrc;
if (zCount > 0) {
- PORT_Memset(pDst, 0, zCount);
- PORT_Memcpy(pDst + zCount, pSrc, cntSrc);
- return SECSuccess;
+ PORT_Memset(pDst, 0, zCount);
+ PORT_Memcpy(pDst + zCount, pSrc, cntSrc);
+ return SECSuccess;
}
if (zCount <= 0) {
- /* Source is longer than destination. Check for leading zeros. */
- while (zCount++ < 0) {
- if (*pSrc++ != 0)
- goto loser;
- }
+ /* Source is longer than destination. Check for leading zeros. */
+ while (zCount++ < 0) {
+ if (*pSrc++ != 0)
+ goto loser;
+ }
}
PORT_Memcpy(pDst, pSrc, cntDst);
return SECSuccess;
loser:
- PORT_SetError( PR_INVALID_ARGUMENT_ERROR );
+ PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
return SECFailure;
}
@@ -101,52 +101,56 @@ loser:
static SECStatus
common_EncodeDerSig(SECItem *dest, SECItem *src)
{
- SECItem * item;
- SECItem srcItem;
+ SECItem *item;
+ SECItem srcItem;
DSA_ASN1Signature sig;
- unsigned char *signedR;
- unsigned char *signedS;
+ unsigned char *signedR;
+ unsigned char *signedS;
unsigned int len;
/* Allocate memory with room for an extra byte that
* may be required if the top bit in the first byte
* is already set.
*/
- len = src->len/2;
- signedR = (unsigned char *) PORT_Alloc(len + 1);
- if (!signedR) return SECFailure;
- signedS = (unsigned char *) PORT_ZAlloc(len + 1);
+ len = src->len / 2;
+ signedR = (unsigned char *)PORT_Alloc(len + 1);
+ if (!signedR)
+ return SECFailure;
+ signedS = (unsigned char *)PORT_ZAlloc(len + 1);
if (!signedS) {
- if (signedR) PORT_Free(signedR);
- return SECFailure;
+ if (signedR)
+ PORT_Free(signedR);
+ return SECFailure;
}
PORT_Memset(&sig, 0, sizeof(sig));
/* Must convert r and s from "unsigned" integers to "signed" integers.
** If the high order bit of the first byte (MSB) is 1, then must
- ** prepend with leading zero.
+ ** prepend with leading zero.
** Must remove all but one leading zero byte from numbers.
*/
sig.r.type = siUnsignedInteger;
sig.r.data = signedR;
- sig.r.len = sizeof signedR;
+ sig.r.len = sizeof signedR;
sig.s.type = siUnsignedInteger;
sig.s.data = signedS;
- sig.s.len = sizeof signedR;
+ sig.s.len = sizeof signedR;
srcItem.data = src->data;
- srcItem.len = len;
+ srcItem.len = len;
DSAU_ConvertUnsignedToSigned(&sig.r, &srcItem);
srcItem.data += len;
DSAU_ConvertUnsignedToSigned(&sig.s, &srcItem);
item = SEC_ASN1EncodeItem(NULL, dest, &sig, DSA_SignatureTemplate);
- if (signedR) PORT_Free(signedR);
- if (signedS) PORT_Free(signedS);
+ if (signedR)
+ PORT_Free(signedR);
+ if (signedS)
+ PORT_Free(signedS);
if (item == NULL)
- return SECFailure;
+ return SECFailure;
/* XXX leak item? */
return SECSuccess;
@@ -161,54 +165,54 @@ common_EncodeDerSig(SECItem *dest, SECItem *src)
static SECItem *
common_DecodeDerSig(const SECItem *item, unsigned int len)
{
- SECItem * result = NULL;
- SECStatus status;
+ SECItem *result = NULL;
+ SECStatus status;
DSA_ASN1Signature sig;
- SECItem dst;
+ SECItem dst;
PORT_Memset(&sig, 0, sizeof(sig));
result = PORT_ZNew(SECItem);
if (result == NULL)
- goto loser;
+ goto loser;
- result->len = 2 * len;
- result->data = (unsigned char*)PORT_Alloc(2 * len);
+ result->len = 2 * len;
+ result->data = (unsigned char *)PORT_Alloc(2 * len);
if (result->data == NULL)
- goto loser;
+ goto loser;
sig.r.type = siUnsignedInteger;
sig.s.type = siUnsignedInteger;
status = SEC_ASN1DecodeItem(NULL, &sig, DSA_SignatureTemplate, item);
if (status != SECSuccess)
- goto loser;
+ goto loser;
- /* Convert sig.r and sig.s from variable length signed integers to
+ /* Convert sig.r and sig.s from variable length signed integers to
** fixed length unsigned integers.
*/
dst.data = result->data;
- dst.len = len;
+ dst.len = len;
status = DSAU_ConvertSignedToFixedUnsigned(&dst, &sig.r);
if (status != SECSuccess)
- goto loser;
+ goto loser;
dst.data += len;
status = DSAU_ConvertSignedToFixedUnsigned(&dst, &sig.s);
if (status != SECSuccess)
- goto loser;
+ goto loser;
done:
if (sig.r.data != NULL)
- PORT_Free(sig.r.data);
+ PORT_Free(sig.r.data);
if (sig.s.data != NULL)
- PORT_Free(sig.s.data);
+ PORT_Free(sig.s.data);
return result;
loser:
if (result != NULL) {
- SECITEM_FreeItem(result, PR_TRUE);
- result = NULL;
+ SECITEM_FreeItem(result, PR_TRUE);
+ result = NULL;
}
goto done;
}
@@ -221,8 +225,8 @@ DSAU_EncodeDerSig(SECItem *dest, SECItem *src)
{
PORT_Assert(src->len == 2 * DSA1_SUBPRIME_LEN);
if (src->len != 2 * DSA1_SUBPRIME_LEN) {
- PORT_SetError( PR_INVALID_ARGUMENT_ERROR );
- return SECFailure;
+ PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
+ return SECFailure;
}
return common_EncodeDerSig(dest, src);
@@ -237,8 +241,8 @@ DSAU_EncodeDerSigWithLen(SECItem *dest, SECItem *src, unsigned int len)
PORT_Assert((src->len == len) && (len % 2 == 0));
if ((src->len != len) || (src->len % 2 != 0)) {
- PORT_SetError( PR_INVALID_ARGUMENT_ERROR );
- return SECFailure;
+ PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
+ return SECFailure;
}
return common_EncodeDerSig(dest, src);
@@ -263,5 +267,5 @@ DSAU_DecodeDerSig(const SECItem *item)
SECItem *
DSAU_DecodeDerSigToLen(const SECItem *item, unsigned int len)
{
- return common_DecodeDerSig(item, len/2);
+ return common_DecodeDerSig(item, len / 2);
}
diff --git a/lib/cryptohi/keyhi.h b/lib/cryptohi/keyhi.h
index 0ed3698eb..180990049 100644
--- a/lib/cryptohi/keyhi.h
+++ b/lib/cryptohi/keyhi.h
@@ -16,7 +16,6 @@
SEC_BEGIN_PROTOS
-
/*
** Destroy a subject-public-key-info object.
*/
@@ -27,15 +26,15 @@ extern void SECKEY_DestroySubjectPublicKeyInfo(CERTSubjectPublicKeyInfo *spki);
** appropriately (memory is allocated for each of the sub objects).
*/
extern SECStatus SECKEY_CopySubjectPublicKeyInfo(PLArenaPool *arena,
- CERTSubjectPublicKeyInfo *dst,
- CERTSubjectPublicKeyInfo *src);
+ CERTSubjectPublicKeyInfo *dst,
+ CERTSubjectPublicKeyInfo *src);
/*
** Update the PQG parameters for a cert's public key.
** Only done for DSA certs
*/
extern SECStatus
-SECKEY_UpdateCertPQG(CERTCertificate * subjectCert);
+SECKEY_UpdateCertPQG(CERTCertificate *subjectCert);
/*
** Return the number of bits in the provided big integer. This assumes that the
@@ -77,19 +76,19 @@ extern SECKEYPublicKey *SECKEY_ConvertToPublicKey(SECKEYPrivateKey *privateKey);
* create a new RSA key pair. The private Key is returned...
*/
SECKEYPrivateKey *SECKEY_CreateRSAPrivateKey(int keySizeInBits,
- SECKEYPublicKey **pubk, void *cx);
-
+ SECKEYPublicKey **pubk, void *cx);
+
/*
* create a new DH key pair. The private Key is returned...
*/
SECKEYPrivateKey *SECKEY_CreateDHPrivateKey(SECKEYDHParams *param,
- SECKEYPublicKey **pubk, void *cx);
+ SECKEYPublicKey **pubk, void *cx);
/*
* create a new EC key pair. The private Key is returned...
*/
SECKEYPrivateKey *SECKEY_CreateECPrivateKey(SECKEYECParams *param,
- SECKEYPublicKey **pubk, void *cx);
+ SECKEYPublicKey **pubk, void *cx);
/*
** Create a subject-public-key-info based on a public key.
@@ -103,11 +102,11 @@ SECKEY_CreateSubjectPublicKeyInfo(const SECKEYPublicKey *k);
*/
extern CERTSubjectPublicKeyInfo *
SECKEY_ConvertAndDecodePublicKeyAndChallenge(char *pkacstr, char *challenge,
- void *cx);
+ void *cx);
/*
** Encode a CERTSubjectPublicKeyInfo structure. into a
-** DER encoded subject public key info.
+** DER encoded subject public key info.
*/
SECItem *
SECKEY_EncodeDERSubjectPublicKeyInfo(const SECKEYPublicKey *pubk);
@@ -139,7 +138,6 @@ SECKEY_ExtractPublicKey(const CERTSubjectPublicKeyInfo *);
*/
extern void SECKEY_DestroyPrivateKey(SECKEYPrivateKey *key);
-
/*
** Destroy a public key object.
** "key" the object
@@ -147,54 +145,54 @@ extern void SECKEY_DestroyPrivateKey(SECKEYPrivateKey *key);
extern void SECKEY_DestroyPublicKey(SECKEYPublicKey *key);
/* Destroy and zero out a private key info structure. for now this
- * function zero's out memory allocated in an arena for the key
- * since PORT_FreeArena does not currently do this.
+ * function zero's out memory allocated in an arena for the key
+ * since PORT_FreeArena does not currently do this.
*
- * NOTE -- If a private key info is allocated in an arena, one should
- * not call this function with freeit = PR_FALSE. The function should
- * destroy the arena.
+ * NOTE -- If a private key info is allocated in an arena, one should
+ * not call this function with freeit = PR_FALSE. The function should
+ * destroy the arena.
*/
extern void
SECKEY_DestroyPrivateKeyInfo(SECKEYPrivateKeyInfo *pvk, PRBool freeit);
/* Destroy and zero out an encrypted private key info.
*
- * NOTE -- If a encrypted private key info is allocated in an arena, one should
- * not call this function with freeit = PR_FALSE. The function should
- * destroy the arena.
+ * NOTE -- If a encrypted private key info is allocated in an arena, one should
+ * not call this function with freeit = PR_FALSE. The function should
+ * destroy the arena.
*/
extern void
SECKEY_DestroyEncryptedPrivateKeyInfo(SECKEYEncryptedPrivateKeyInfo *epki,
- PRBool freeit);
+ PRBool freeit);
-/* Copy private key info structure.
+/* Copy private key info structure.
* poolp is the arena into which the contents of from is to be copied.
* NULL is a valid entry.
* to is the destination private key info
* from is the source private key info
- * if either from or to is NULL or an error occurs, SECFailure is
+ * if either from or to is NULL or an error occurs, SECFailure is
* returned. otherwise, SECSuccess is returned.
*/
extern SECStatus
SECKEY_CopyPrivateKeyInfo(PLArenaPool *poolp,
- SECKEYPrivateKeyInfo *to,
- const SECKEYPrivateKeyInfo *from);
+ SECKEYPrivateKeyInfo *to,
+ const SECKEYPrivateKeyInfo *from);
extern SECStatus
-SECKEY_CacheStaticFlags(SECKEYPrivateKey* key);
+SECKEY_CacheStaticFlags(SECKEYPrivateKey *key);
-/* Copy encrypted private key info structure.
+/* Copy encrypted private key info structure.
* poolp is the arena into which the contents of from is to be copied.
* NULL is a valid entry.
* to is the destination encrypted private key info
* from is the source encrypted private key info
- * if either from or to is NULL or an error occurs, SECFailure is
+ * if either from or to is NULL or an error occurs, SECFailure is
* returned. otherwise, SECSuccess is returned.
*/
extern SECStatus
SECKEY_CopyEncryptedPrivateKeyInfo(PLArenaPool *poolp,
- SECKEYEncryptedPrivateKeyInfo *to,
- const SECKEYEncryptedPrivateKeyInfo *from);
+ SECKEYEncryptedPrivateKeyInfo *to,
+ const SECKEYEncryptedPrivateKeyInfo *from);
/*
* Accessor functions for key type of public and private keys.
*/
@@ -205,10 +203,10 @@ KeyType SECKEY_GetPublicKeyType(const SECKEYPublicKey *pubKey);
* Creates a PublicKey from its DER encoding.
* Currently only supports RSA, DSA, and DH keys.
*/
-SECKEYPublicKey*
+SECKEYPublicKey *
SECKEY_ImportDERPublicKey(const SECItem *derKey, CK_KEY_TYPE type);
-SECKEYPrivateKeyList*
+SECKEYPrivateKeyList *
SECKEY_NewPrivateKeyList(void);
void
@@ -218,14 +216,14 @@ void
SECKEY_RemovePrivateKeyListNode(SECKEYPrivateKeyListNode *node);
SECStatus
-SECKEY_AddPrivateKeyToListTail( SECKEYPrivateKeyList *list,
- SECKEYPrivateKey *key);
+SECKEY_AddPrivateKeyToListTail(SECKEYPrivateKeyList *list,
+ SECKEYPrivateKey *key);
-#define PRIVKEY_LIST_HEAD(l) ((SECKEYPrivateKeyListNode*)PR_LIST_HEAD(&l->list))
+#define PRIVKEY_LIST_HEAD(l) ((SECKEYPrivateKeyListNode *)PR_LIST_HEAD(&l->list))
#define PRIVKEY_LIST_NEXT(n) ((SECKEYPrivateKeyListNode *)n->links.next)
-#define PRIVKEY_LIST_END(n,l) (((void *)n) == ((void *)&l->list))
+#define PRIVKEY_LIST_END(n, l) (((void *)n) == ((void *)&l->list))
-SECKEYPublicKeyList*
+SECKEYPublicKeyList *
SECKEY_NewPublicKeyList(void);
void
@@ -235,12 +233,12 @@ void
SECKEY_RemovePublicKeyListNode(SECKEYPublicKeyListNode *node);
SECStatus
-SECKEY_AddPublicKeyToListTail( SECKEYPublicKeyList *list,
- SECKEYPublicKey *key);
+SECKEY_AddPublicKeyToListTail(SECKEYPublicKeyList *list,
+ SECKEYPublicKey *key);
-#define PUBKEY_LIST_HEAD(l) ((SECKEYPublicKeyListNode*)PR_LIST_HEAD(&l->list))
+#define PUBKEY_LIST_HEAD(l) ((SECKEYPublicKeyListNode *)PR_LIST_HEAD(&l->list))
#define PUBKEY_LIST_NEXT(n) ((SECKEYPublicKeyListNode *)n->links.next)
-#define PUBKEY_LIST_END(n,l) (((void *)n) == ((void *)&l->list))
+#define PUBKEY_LIST_END(n, l) (((void *)n) == ((void *)&l->list))
/*
* Length in bits of the EC's field size. This is also the length of
@@ -266,7 +264,7 @@ extern int SECKEY_ECParamsToBasePointOrderLen(const SECItem *params);
*
* Return 0 on failure (unknown EC domain parameters).
*/
-SECOidTag SECKEY_GetECCOid(const SECKEYECParams * params);
+SECOidTag SECKEY_GetECCOid(const SECKEYECParams *params);
SEC_END_PROTOS
diff --git a/lib/cryptohi/keyi.h b/lib/cryptohi/keyi.h
index 7d0304e8d..f8f5f7f7d 100644
--- a/lib/cryptohi/keyi.h
+++ b/lib/cryptohi/keyi.h
@@ -5,7 +5,6 @@
#ifndef _KEYI_H_
#define _KEYI_H_
-
SEC_BEGIN_PROTOS
/* NSS private functions */
/* map an oid to a keytype... actually this function and it's converse
@@ -16,7 +15,7 @@ KeyType seckey_GetKeyType(SECOidTag pubKeyOid);
* algorithm, key and parameters (parameters is the parameters field
* of a algorithm ID structure (SECAlgorithmID)*/
SECStatus sec_DecodeSigAlg(const SECKEYPublicKey *key, SECOidTag sigAlg,
- const SECItem *param, SECOidTag *encalg, SECOidTag *hashalg);
+ const SECItem *param, SECOidTag *encalg, SECOidTag *hashalg);
SEC_END_PROTOS
diff --git a/lib/cryptohi/keythi.h b/lib/cryptohi/keythi.h
index 9b9a27855..e0a9215a0 100644
--- a/lib/cryptohi/keythi.h
+++ b/lib/cryptohi/keythi.h
@@ -21,14 +21,14 @@
**
** rsaOaepKey maps to keys with SEC_OID_PKCS1_RSA_OAEP_ENCRYPTION and may only
** be used for encryption with OAEP padding (PKCS #1 v2.1).
-*/
+*/
-typedef enum {
- nullKey = 0,
- rsaKey = 1,
- dsaKey = 2,
+typedef enum {
+ nullKey = 0,
+ rsaKey = 1,
+ dsaKey = 2,
fortezzaKey = 3, /* deprecated */
- dhKey = 4,
+ dhKey = 4,
keaKey = 5, /* deprecated */
ecKey = 6,
rsaPssKey = 7,
@@ -54,20 +54,19 @@ SEC_ASN1_CHOOSER_DECLARE(SECKEY_RSAPublicKeyTemplate)
SEC_ASN1_CHOOSER_DECLARE(SECKEY_RSAPSSParamsTemplate)
SEC_END_PROTOS
-
/*
** RSA Public Key structures
-** member names from PKCS#1, section 7.1
+** member names from PKCS#1, section 7.1
*/
struct SECKEYRSAPublicKeyStr {
- PLArenaPool * arena;
+ PLArenaPool *arena;
SECItem modulus;
SECItem publicExponent;
};
typedef struct SECKEYRSAPublicKeyStr SECKEYRSAPublicKey;
-/*
+/*
** RSA-PSS parameters
*/
struct SECKEYRSAPSSParamsStr {
@@ -97,20 +96,19 @@ struct SECKEYDSAPublicKeyStr {
};
typedef struct SECKEYDSAPublicKeyStr SECKEYDSAPublicKey;
-
/*
** Diffie-Hellman Public Key structure
** Structure member names suggested by PKCS#3.
*/
struct SECKEYDHParamsStr {
- PLArenaPool * arena;
+ PLArenaPool *arena;
SECItem prime; /* p */
- SECItem base; /* g */
+ SECItem base; /* g */
};
typedef struct SECKEYDHParamsStr SECKEYDHParams;
struct SECKEYDHPublicKeyStr {
- PLArenaPool * arena;
+ PLArenaPool *arena;
SECItem prime;
SECItem base;
SECItem publicValue;
@@ -126,8 +124,8 @@ typedef SECItem SECKEYECParams;
struct SECKEYECPublicKeyStr {
SECKEYECParams DEREncodedParams;
- int size; /* size in bits */
- SECItem publicValue; /* encoded point */
+ int size; /* size in bits */
+ SECItem publicValue; /* encoded point */
/* XXX Even though the PKCS#11 interface takes encoded parameters,
* we may still wish to decode them above PKCS#11 for things like
* printing key information. For named curves, which is what
@@ -141,9 +139,9 @@ typedef struct SECKEYECPublicKeyStr SECKEYECPublicKey;
** FORTEZZA Public Key structures
*/
struct SECKEYFortezzaPublicKeyStr {
- int KEAversion;
- int DSSversion;
- unsigned char KMID[8];
+ int KEAversion;
+ int DSSversion;
+ unsigned char KMID[8];
SECItem clearance;
SECItem KEApriviledge;
SECItem DSSpriviledge;
@@ -173,7 +171,7 @@ struct SECKEYKEAParamsStr {
SECItem hash;
};
typedef struct SECKEYKEAParamsStr SECKEYKEAParams;
-
+
struct SECKEYKEAPublicKeyStr {
SECKEYKEAParams params;
SECItem publicValue;
@@ -190,26 +188,26 @@ struct SECKEYPublicKeyStr {
CK_OBJECT_HANDLE pkcs11ID;
union {
SECKEYRSAPublicKey rsa;
- SECKEYDSAPublicKey dsa;
- SECKEYDHPublicKey dh;
+ SECKEYDSAPublicKey dsa;
+ SECKEYDHPublicKey dh;
SECKEYKEAPublicKey kea;
SECKEYFortezzaPublicKey fortezza;
- SECKEYECPublicKey ec;
+ SECKEYECPublicKey ec;
} u;
};
typedef struct SECKEYPublicKeyStr SECKEYPublicKey;
/* bit flag definitions for staticflags */
-#define SECKEY_Attributes_Cached 0x1 /* bit 0 states
- whether attributes are cached */
-#define SECKEY_CKA_PRIVATE (1U << 1) /* bit 1 is the value of CKA_PRIVATE */
-#define SECKEY_CKA_ALWAYS_AUTHENTICATE (1U << 2)
+#define SECKEY_Attributes_Cached 0x1 /* bit 0 states \
+ whether attributes are cached */
+#define SECKEY_CKA_PRIVATE (1U << 1) /* bit 1 is the value of CKA_PRIVATE */
+#define SECKEY_CKA_ALWAYS_AUTHENTICATE (1U << 2)
#define SECKEY_ATTRIBUTES_CACHED(key) \
- (0 != (key->staticflags & SECKEY_Attributes_Cached))
+ (0 != (key->staticflags & SECKEY_Attributes_Cached))
#define SECKEY_ATTRIBUTE_VALUE(key,attribute) \
- (0 != (key->staticflags & SECKEY_##attribute))
+ (0 != (key->staticflags & SECKEY_##attribute))
#define SECKEY_HAS_ATTRIBUTE_SET(key,attribute) \
(0 != (key->staticflags & SECKEY_Attributes_Cached)) ? \
@@ -223,15 +221,15 @@ typedef struct SECKEYPublicKeyStr SECKEYPublicKey;
/*
** A generic key structure
-*/
+*/
struct SECKEYPrivateKeyStr {
PLArenaPool *arena;
KeyType keyType;
- PK11SlotInfo *pkcs11Slot; /* pkcs11 slot this key lives in */
- CK_OBJECT_HANDLE pkcs11ID; /* ID of pkcs11 object */
- PRBool pkcs11IsTemp; /* temp pkcs11 object, delete it when done */
- void *wincx; /* context for errors and pw prompts */
- PRUint32 staticflags; /* bit flag of cached PKCS#11 attributes */
+ PK11SlotInfo *pkcs11Slot; /* pkcs11 slot this key lives in */
+ CK_OBJECT_HANDLE pkcs11ID; /* ID of pkcs11 object */
+ PRBool pkcs11IsTemp; /* temp pkcs11 object, delete it when done */
+ void *wincx; /* context for errors and pw prompts */
+ PRUint32 staticflags; /* bit flag of cached PKCS#11 attributes */
};
typedef struct SECKEYPrivateKeyStr SECKEYPrivateKey;
@@ -255,4 +253,3 @@ typedef struct {
PLArenaPool *arena;
} SECKEYPublicKeyList;
#endif /* _KEYTHI_H_ */
-
diff --git a/lib/cryptohi/sechash.c b/lib/cryptohi/sechash.c
index b9476c478..b12621100 100644
--- a/lib/cryptohi/sechash.c
+++ b/lib/cryptohi/sechash.c
@@ -5,7 +5,7 @@
#include "secoidt.h"
#include "secerr.h"
#include "blapi.h"
-#include "pk11func.h" /* for the PK11_ calls below. */
+#include "pk11func.h" /* for the PK11_ calls below. */
static void *
null_hash_new_context(void)
@@ -32,7 +32,7 @@ null_hash_update(void *v, const unsigned char *input, unsigned int length)
static void
null_hash_end(void *v, unsigned char *output, unsigned int *outLen,
- unsigned int maxOut)
+ unsigned int maxOut)
{
*outLen = 0;
}
@@ -43,134 +43,132 @@ null_hash_destroy_context(void *v, PRBool b)
PORT_Assert(v == NULL);
}
-
static void *
-md2_NewContext(void) {
- return (void *) PK11_CreateDigestContext(SEC_OID_MD2);
+md2_NewContext(void)
+{
+ return (void *)PK11_CreateDigestContext(SEC_OID_MD2);
}
static void *
-md5_NewContext(void) {
- return (void *) PK11_CreateDigestContext(SEC_OID_MD5);
+md5_NewContext(void)
+{
+ return (void *)PK11_CreateDigestContext(SEC_OID_MD5);
}
static void *
-sha1_NewContext(void) {
- return (void *) PK11_CreateDigestContext(SEC_OID_SHA1);
+sha1_NewContext(void)
+{
+ return (void *)PK11_CreateDigestContext(SEC_OID_SHA1);
}
static void *
-sha224_NewContext(void) {
- return (void *) PK11_CreateDigestContext(SEC_OID_SHA224);
+sha224_NewContext(void)
+{
+ return (void *)PK11_CreateDigestContext(SEC_OID_SHA224);
}
static void *
-sha256_NewContext(void) {
- return (void *) PK11_CreateDigestContext(SEC_OID_SHA256);
+sha256_NewContext(void)
+{
+ return (void *)PK11_CreateDigestContext(SEC_OID_SHA256);
}
static void *
-sha384_NewContext(void) {
- return (void *) PK11_CreateDigestContext(SEC_OID_SHA384);
+sha384_NewContext(void)
+{
+ return (void *)PK11_CreateDigestContext(SEC_OID_SHA384);
}
static void *
-sha512_NewContext(void) {
- return (void *) PK11_CreateDigestContext(SEC_OID_SHA512);
+sha512_NewContext(void)
+{
+ return (void *)PK11_CreateDigestContext(SEC_OID_SHA512);
}
const SECHashObject SECHashObjects[] = {
- { 0,
- (void * (*)(void)) null_hash_new_context,
- (void * (*)(void *)) null_hash_clone_context,
- (void (*)(void *, PRBool)) null_hash_destroy_context,
- (void (*)(void *)) null_hash_begin,
- (void (*)(void *, const unsigned char *, unsigned int)) null_hash_update,
- (void (*)(void *, unsigned char *, unsigned int *,
- unsigned int)) null_hash_end,
- 0,
- HASH_AlgNULL
- },
- { MD2_LENGTH,
- (void * (*)(void)) md2_NewContext,
- (void * (*)(void *)) PK11_CloneContext,
- (void (*)(void *, PRBool)) PK11_DestroyContext,
- (void (*)(void *)) PK11_DigestBegin,
- (void (*)(void *, const unsigned char *, unsigned int)) PK11_DigestOp,
- (void (*)(void *, unsigned char *, unsigned int *, unsigned int))
- PK11_DigestFinal,
- MD2_BLOCK_LENGTH,
- HASH_AlgMD2
- },
- { MD5_LENGTH,
- (void * (*)(void)) md5_NewContext,
- (void * (*)(void *)) PK11_CloneContext,
- (void (*)(void *, PRBool)) PK11_DestroyContext,
- (void (*)(void *)) PK11_DigestBegin,
- (void (*)(void *, const unsigned char *, unsigned int)) PK11_DigestOp,
- (void (*)(void *, unsigned char *, unsigned int *, unsigned int))
- PK11_DigestFinal,
- MD5_BLOCK_LENGTH,
- HASH_AlgMD5
- },
- { SHA1_LENGTH,
- (void * (*)(void)) sha1_NewContext,
- (void * (*)(void *)) PK11_CloneContext,
- (void (*)(void *, PRBool)) PK11_DestroyContext,
- (void (*)(void *)) PK11_DigestBegin,
- (void (*)(void *, const unsigned char *, unsigned int)) PK11_DigestOp,
- (void (*)(void *, unsigned char *, unsigned int *, unsigned int))
- PK11_DigestFinal,
- SHA1_BLOCK_LENGTH,
- HASH_AlgSHA1
- },
- { SHA256_LENGTH,
- (void * (*)(void)) sha256_NewContext,
- (void * (*)(void *)) PK11_CloneContext,
- (void (*)(void *, PRBool)) PK11_DestroyContext,
- (void (*)(void *)) PK11_DigestBegin,
- (void (*)(void *, const unsigned char *, unsigned int)) PK11_DigestOp,
- (void (*)(void *, unsigned char *, unsigned int *, unsigned int))
- PK11_DigestFinal,
- SHA256_BLOCK_LENGTH,
- HASH_AlgSHA256
- },
- { SHA384_LENGTH,
- (void * (*)(void)) sha384_NewContext,
- (void * (*)(void *)) PK11_CloneContext,
- (void (*)(void *, PRBool)) PK11_DestroyContext,
- (void (*)(void *)) PK11_DigestBegin,
- (void (*)(void *, const unsigned char *, unsigned int)) PK11_DigestOp,
- (void (*)(void *, unsigned char *, unsigned int *, unsigned int))
- PK11_DigestFinal,
- SHA384_BLOCK_LENGTH,
- HASH_AlgSHA384
- },
- { SHA512_LENGTH,
- (void * (*)(void)) sha512_NewContext,
- (void * (*)(void *)) PK11_CloneContext,
- (void (*)(void *, PRBool)) PK11_DestroyContext,
- (void (*)(void *)) PK11_DigestBegin,
- (void (*)(void *, const unsigned char *, unsigned int)) PK11_DigestOp,
- (void (*)(void *, unsigned char *, unsigned int *, unsigned int))
- PK11_DigestFinal,
- SHA512_BLOCK_LENGTH,
- HASH_AlgSHA512
- },
- { SHA224_LENGTH,
- (void * (*)(void)) sha224_NewContext,
- (void * (*)(void *)) PK11_CloneContext,
- (void (*)(void *, PRBool)) PK11_DestroyContext,
- (void (*)(void *)) PK11_DigestBegin,
- (void (*)(void *, const unsigned char *, unsigned int)) PK11_DigestOp,
- (void (*)(void *, unsigned char *, unsigned int *, unsigned int))
- PK11_DigestFinal,
- SHA224_BLOCK_LENGTH,
- HASH_AlgSHA224
- },
+ { 0,
+ (void *(*)(void))null_hash_new_context,
+ (void *(*)(void *))null_hash_clone_context,
+ (void (*)(void *, PRBool))null_hash_destroy_context,
+ (void (*)(void *))null_hash_begin,
+ (void (*)(void *, const unsigned char *, unsigned int))null_hash_update,
+ (void (*)(void *, unsigned char *, unsigned int *,
+ unsigned int))null_hash_end,
+ 0,
+ HASH_AlgNULL },
+ { MD2_LENGTH,
+ (void *(*)(void))md2_NewContext,
+ (void *(*)(void *))PK11_CloneContext,
+ (void (*)(void *, PRBool))PK11_DestroyContext,
+ (void (*)(void *))PK11_DigestBegin,
+ (void (*)(void *, const unsigned char *, unsigned int))PK11_DigestOp,
+ (void (*)(void *, unsigned char *, unsigned int *, unsigned int))
+ PK11_DigestFinal,
+ MD2_BLOCK_LENGTH,
+ HASH_AlgMD2 },
+ { MD5_LENGTH,
+ (void *(*)(void))md5_NewContext,
+ (void *(*)(void *))PK11_CloneContext,
+ (void (*)(void *, PRBool))PK11_DestroyContext,
+ (void (*)(void *))PK11_DigestBegin,
+ (void (*)(void *, const unsigned char *, unsigned int))PK11_DigestOp,
+ (void (*)(void *, unsigned char *, unsigned int *, unsigned int))
+ PK11_DigestFinal,
+ MD5_BLOCK_LENGTH,
+ HASH_AlgMD5 },
+ { SHA1_LENGTH,
+ (void *(*)(void))sha1_NewContext,
+ (void *(*)(void *))PK11_CloneContext,
+ (void (*)(void *, PRBool))PK11_DestroyContext,
+ (void (*)(void *))PK11_DigestBegin,
+ (void (*)(void *, const unsigned char *, unsigned int))PK11_DigestOp,
+ (void (*)(void *, unsigned char *, unsigned int *, unsigned int))
+ PK11_DigestFinal,
+ SHA1_BLOCK_LENGTH,
+ HASH_AlgSHA1 },
+ { SHA256_LENGTH,
+ (void *(*)(void))sha256_NewContext,
+ (void *(*)(void *))PK11_CloneContext,
+ (void (*)(void *, PRBool))PK11_DestroyContext,
+ (void (*)(void *))PK11_DigestBegin,
+ (void (*)(void *, const unsigned char *, unsigned int))PK11_DigestOp,
+ (void (*)(void *, unsigned char *, unsigned int *, unsigned int))
+ PK11_DigestFinal,
+ SHA256_BLOCK_LENGTH,
+ HASH_AlgSHA256 },
+ { SHA384_LENGTH,
+ (void *(*)(void))sha384_NewContext,
+ (void *(*)(void *))PK11_CloneContext,
+ (void (*)(void *, PRBool))PK11_DestroyContext,
+ (void (*)(void *))PK11_DigestBegin,
+ (void (*)(void *, const unsigned char *, unsigned int))PK11_DigestOp,
+ (void (*)(void *, unsigned char *, unsigned int *, unsigned int))
+ PK11_DigestFinal,
+ SHA384_BLOCK_LENGTH,
+ HASH_AlgSHA384 },
+ { SHA512_LENGTH,
+ (void *(*)(void))sha512_NewContext,
+ (void *(*)(void *))PK11_CloneContext,
+ (void (*)(void *, PRBool))PK11_DestroyContext,
+ (void (*)(void *))PK11_DigestBegin,
+ (void (*)(void *, const unsigned char *, unsigned int))PK11_DigestOp,
+ (void (*)(void *, unsigned char *, unsigned int *, unsigned int))
+ PK11_DigestFinal,
+ SHA512_BLOCK_LENGTH,
+ HASH_AlgSHA512 },
+ { SHA224_LENGTH,
+ (void *(*)(void))sha224_NewContext,
+ (void *(*)(void *))PK11_CloneContext,
+ (void (*)(void *, PRBool))PK11_DestroyContext,
+ (void (*)(void *))PK11_DigestBegin,
+ (void (*)(void *, const unsigned char *, unsigned int))PK11_DigestOp,
+ (void (*)(void *, unsigned char *, unsigned int *, unsigned int))
+ PK11_DigestFinal,
+ SHA224_BLOCK_LENGTH,
+ HASH_AlgSHA224 },
};
-const SECHashObject *
+const SECHashObject *
HASH_GetHashObject(HASH_HashType type)
{
return &SECHashObjects[type];
@@ -179,19 +177,34 @@ HASH_GetHashObject(HASH_HashType type)
HASH_HashType
HASH_GetHashTypeByOidTag(SECOidTag hashOid)
{
- HASH_HashType ht = HASH_AlgNULL;
-
- switch(hashOid) {
- case SEC_OID_MD2: ht = HASH_AlgMD2; break;
- case SEC_OID_MD5: ht = HASH_AlgMD5; break;
- case SEC_OID_SHA1: ht = HASH_AlgSHA1; break;
- case SEC_OID_SHA224: ht = HASH_AlgSHA224; break;
- case SEC_OID_SHA256: ht = HASH_AlgSHA256; break;
- case SEC_OID_SHA384: ht = HASH_AlgSHA384; break;
- case SEC_OID_SHA512: ht = HASH_AlgSHA512; break;
- default: ht = HASH_AlgNULL;
- PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
- break;
+ HASH_HashType ht = HASH_AlgNULL;
+
+ switch (hashOid) {
+ case SEC_OID_MD2:
+ ht = HASH_AlgMD2;
+ break;
+ case SEC_OID_MD5:
+ ht = HASH_AlgMD5;
+ break;
+ case SEC_OID_SHA1:
+ ht = HASH_AlgSHA1;
+ break;
+ case SEC_OID_SHA224:
+ ht = HASH_AlgSHA224;
+ break;
+ case SEC_OID_SHA256:
+ ht = HASH_AlgSHA256;
+ break;
+ case SEC_OID_SHA384:
+ ht = HASH_AlgSHA384;
+ break;
+ case SEC_OID_SHA512:
+ ht = HASH_AlgSHA512;
+ break;
+ default:
+ ht = HASH_AlgNULL;
+ PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+ break;
}
return ht;
}
@@ -201,17 +214,28 @@ HASH_GetHashOidTagByHMACOidTag(SECOidTag hmacOid)
{
SECOidTag hashOid = SEC_OID_UNKNOWN;
- switch(hmacOid) {
- /* no oid exists for HMAC_MD2 */
- /* NSS does not define a oid for HMAC_MD4 */
- case SEC_OID_HMAC_SHA1: hashOid = SEC_OID_SHA1; break;
- case SEC_OID_HMAC_SHA224: hashOid = SEC_OID_SHA224; break;
- case SEC_OID_HMAC_SHA256: hashOid = SEC_OID_SHA256; break;
- case SEC_OID_HMAC_SHA384: hashOid = SEC_OID_SHA384; break;
- case SEC_OID_HMAC_SHA512: hashOid = SEC_OID_SHA512; break;
- default: hashOid = SEC_OID_UNKNOWN;
- PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
- break;
+ switch (hmacOid) {
+ /* no oid exists for HMAC_MD2 */
+ /* NSS does not define a oid for HMAC_MD4 */
+ case SEC_OID_HMAC_SHA1:
+ hashOid = SEC_OID_SHA1;
+ break;
+ case SEC_OID_HMAC_SHA224:
+ hashOid = SEC_OID_SHA224;
+ break;
+ case SEC_OID_HMAC_SHA256:
+ hashOid = SEC_OID_SHA256;
+ break;
+ case SEC_OID_HMAC_SHA384:
+ hashOid = SEC_OID_SHA384;
+ break;
+ case SEC_OID_HMAC_SHA512:
+ hashOid = SEC_OID_SHA512;
+ break;
+ default:
+ hashOid = SEC_OID_UNKNOWN;
+ PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+ break;
}
return hashOid;
}
@@ -221,25 +245,36 @@ HASH_GetHMACOidTagByHashOidTag(SECOidTag hashOid)
{
SECOidTag hmacOid = SEC_OID_UNKNOWN;
- switch(hashOid) {
- /* no oid exists for HMAC_MD2 */
- /* NSS does not define a oid for HMAC_MD4 */
- case SEC_OID_SHA1: hmacOid = SEC_OID_HMAC_SHA1; break;
- case SEC_OID_SHA224: hmacOid = SEC_OID_HMAC_SHA224; break;
- case SEC_OID_SHA256: hmacOid = SEC_OID_HMAC_SHA256; break;
- case SEC_OID_SHA384: hmacOid = SEC_OID_HMAC_SHA384; break;
- case SEC_OID_SHA512: hmacOid = SEC_OID_HMAC_SHA512; break;
- default: hmacOid = SEC_OID_UNKNOWN;
- PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
- break;
+ switch (hashOid) {
+ /* no oid exists for HMAC_MD2 */
+ /* NSS does not define a oid for HMAC_MD4 */
+ case SEC_OID_SHA1:
+ hmacOid = SEC_OID_HMAC_SHA1;
+ break;
+ case SEC_OID_SHA224:
+ hmacOid = SEC_OID_HMAC_SHA224;
+ break;
+ case SEC_OID_SHA256:
+ hmacOid = SEC_OID_HMAC_SHA256;
+ break;
+ case SEC_OID_SHA384:
+ hmacOid = SEC_OID_HMAC_SHA384;
+ break;
+ case SEC_OID_SHA512:
+ hmacOid = SEC_OID_HMAC_SHA512;
+ break;
+ default:
+ hmacOid = SEC_OID_UNKNOWN;
+ PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+ break;
}
return hmacOid;
}
-const SECHashObject *
+const SECHashObject *
HASH_GetHashObjectByOidTag(SECOidTag hashOid)
{
- HASH_HashType ht = HASH_GetHashTypeByOidTag(hashOid);
+ HASH_HashType ht = HASH_GetHashTypeByOidTag(hashOid);
return (ht == HASH_AlgNULL) ? NULL : &SECHashObjects[ht];
}
@@ -248,11 +283,11 @@ HASH_GetHashObjectByOidTag(SECOidTag hashOid)
unsigned int
HASH_ResultLenByOidTag(SECOidTag hashOid)
{
- const SECHashObject * hashObject = HASH_GetHashObjectByOidTag(hashOid);
- unsigned int resultLen = 0;
+ const SECHashObject *hashObject = HASH_GetHashObjectByOidTag(hashOid);
+ unsigned int resultLen = 0;
if (hashObject)
- resultLen = hashObject->length;
+ resultLen = hashObject->length;
return resultLen;
}
@@ -260,45 +295,43 @@ HASH_ResultLenByOidTag(SECOidTag hashOid)
unsigned int
HASH_ResultLen(HASH_HashType type)
{
- if ( ( type < HASH_AlgNULL ) || ( type >= HASH_AlgTOTAL ) ) {
- PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
- return(0);
+ if ((type < HASH_AlgNULL) || (type >= HASH_AlgTOTAL)) {
+ PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+ return (0);
}
-
- return(SECHashObjects[type].length);
+
+ return (SECHashObjects[type].length);
}
unsigned int
HASH_ResultLenContext(HASHContext *context)
{
- return(context->hashobj->length);
+ return (context->hashobj->length);
}
-
-
SECStatus
HASH_HashBuf(HASH_HashType type,
- unsigned char *dest,
- const unsigned char *src,
- PRUint32 src_len)
+ unsigned char *dest,
+ const unsigned char *src,
+ PRUint32 src_len)
{
HASHContext *cx;
unsigned int part;
-
- if ( ( type < HASH_AlgNULL ) || ( type >= HASH_AlgTOTAL ) ) {
- return(SECFailure);
+
+ if ((type < HASH_AlgNULL) || (type >= HASH_AlgTOTAL)) {
+ return (SECFailure);
}
-
+
cx = HASH_Create(type);
- if ( cx == NULL ) {
- return(SECFailure);
+ if (cx == NULL) {
+ return (SECFailure);
}
HASH_Begin(cx);
HASH_Update(cx, src, src_len);
HASH_End(cx, dest, &part, HASH_ResultLenContext(cx));
HASH_Destroy(cx);
- return(SECSuccess);
+ return (SECSuccess);
}
HASHContext *
@@ -306,104 +339,100 @@ HASH_Create(HASH_HashType type)
{
void *hash_context = NULL;
HASHContext *ret = NULL;
-
- if ( ( type < HASH_AlgNULL ) || ( type >= HASH_AlgTOTAL ) ) {
- return(NULL);
+
+ if ((type < HASH_AlgNULL) || (type >= HASH_AlgTOTAL)) {
+ return (NULL);
}
-
- hash_context = (* SECHashObjects[type].create)();
- if ( hash_context == NULL ) {
- goto loser;
+
+ hash_context = (*SECHashObjects[type].create)();
+ if (hash_context == NULL) {
+ goto loser;
}
ret = (HASHContext *)PORT_Alloc(sizeof(HASHContext));
- if ( ret == NULL ) {
- goto loser;
+ if (ret == NULL) {
+ goto loser;
}
ret->hash_context = hash_context;
ret->hashobj = &SECHashObjects[type];
-
- return(ret);
-
+
+ return (ret);
+
loser:
- if ( hash_context != NULL ) {
- (* SECHashObjects[type].destroy)(hash_context, PR_TRUE);
+ if (hash_context != NULL) {
+ (*SECHashObjects[type].destroy)(hash_context, PR_TRUE);
}
-
- return(NULL);
-}
+ return (NULL);
+}
HASHContext *
HASH_Clone(HASHContext *context)
{
void *hash_context = NULL;
HASHContext *ret = NULL;
-
- hash_context = (* context->hashobj->clone)(context->hash_context);
- if ( hash_context == NULL ) {
- goto loser;
+
+ hash_context = (*context->hashobj->clone)(context->hash_context);
+ if (hash_context == NULL) {
+ goto loser;
}
ret = (HASHContext *)PORT_Alloc(sizeof(HASHContext));
- if ( ret == NULL ) {
- goto loser;
+ if (ret == NULL) {
+ goto loser;
}
ret->hash_context = hash_context;
ret->hashobj = context->hashobj;
-
- return(ret);
-
+
+ return (ret);
+
loser:
- if ( hash_context != NULL ) {
- (* context->hashobj->destroy)(hash_context, PR_TRUE);
+ if (hash_context != NULL) {
+ (*context->hashobj->destroy)(hash_context, PR_TRUE);
}
-
- return(NULL);
+ return (NULL);
}
void
HASH_Destroy(HASHContext *context)
{
- (* context->hashobj->destroy)(context->hash_context, PR_TRUE);
+ (*context->hashobj->destroy)(context->hash_context, PR_TRUE);
PORT_Free(context);
return;
}
-
void
HASH_Begin(HASHContext *context)
{
- (* context->hashobj->begin)(context->hash_context);
+ (*context->hashobj->begin)(context->hash_context);
return;
}
-
void
HASH_Update(HASHContext *context,
- const unsigned char *src,
- unsigned int len)
+ const unsigned char *src,
+ unsigned int len)
{
- (* context->hashobj->update)(context->hash_context, src, len);
+ (*context->hashobj->update)(context->hash_context, src, len);
return;
}
void
HASH_End(HASHContext *context,
- unsigned char *result,
- unsigned int *result_len,
- unsigned int max_result_len)
+ unsigned char *result,
+ unsigned int *result_len,
+ unsigned int max_result_len)
{
- (* context->hashobj->end)(context->hash_context, result, result_len,
- max_result_len);
+ (*context->hashobj->end)(context->hash_context, result, result_len,
+ max_result_len);
return;
}
HASH_HashType
HASH_GetType(HASHContext *context)
{
- return(context->hashobj->type);
+ return (context->hashobj->type);
}
diff --git a/lib/cryptohi/sechash.h b/lib/cryptohi/sechash.h
index 5c585511b..94ff7ed3d 100644
--- a/lib/cryptohi/sechash.h
+++ b/lib/cryptohi/sechash.h
@@ -12,42 +12,42 @@
SEC_BEGIN_PROTOS
/*
-** Generic hash api.
+** Generic hash api.
*/
-extern unsigned int HASH_ResultLen(HASH_HashType type);
+extern unsigned int HASH_ResultLen(HASH_HashType type);
-extern unsigned int HASH_ResultLenContext(HASHContext *context);
+extern unsigned int HASH_ResultLenContext(HASHContext *context);
-extern unsigned int HASH_ResultLenByOidTag(SECOidTag hashOid);
+extern unsigned int HASH_ResultLenByOidTag(SECOidTag hashOid);
-extern SECStatus HASH_HashBuf(HASH_HashType type,
- unsigned char *dest,
- const unsigned char *src,
- PRUint32 src_len);
+extern SECStatus HASH_HashBuf(HASH_HashType type,
+ unsigned char *dest,
+ const unsigned char *src,
+ PRUint32 src_len);
-extern HASHContext * HASH_Create(HASH_HashType type);
+extern HASHContext *HASH_Create(HASH_HashType type);
-extern HASHContext * HASH_Clone(HASHContext *context);
+extern HASHContext *HASH_Clone(HASHContext *context);
-extern void HASH_Destroy(HASHContext *context);
+extern void HASH_Destroy(HASHContext *context);
-extern void HASH_Begin(HASHContext *context);
+extern void HASH_Begin(HASHContext *context);
-extern void HASH_Update(HASHContext *context,
- const unsigned char *src,
- unsigned int len);
+extern void HASH_Update(HASHContext *context,
+ const unsigned char *src,
+ unsigned int len);
+
+extern void HASH_End(HASHContext *context,
+ unsigned char *result,
+ unsigned int *result_len,
+ unsigned int max_result_len);
-extern void HASH_End(HASHContext *context,
- unsigned char *result,
- unsigned int *result_len,
- unsigned int max_result_len);
-
extern HASH_HashType HASH_GetType(HASHContext *context);
-extern const SECHashObject * HASH_GetHashObject(HASH_HashType type);
+extern const SECHashObject *HASH_GetHashObject(HASH_HashType type);
-extern const SECHashObject * HASH_GetHashObjectByOidTag(SECOidTag hashOid);
+extern const SECHashObject *HASH_GetHashObjectByOidTag(SECOidTag hashOid);
extern HASH_HashType HASH_GetHashTypeByOidTag(SECOidTag hashOid);
extern SECOidTag HASH_GetHashOidTagByHMACOidTag(SECOidTag hmacOid);
diff --git a/lib/cryptohi/seckey.c b/lib/cryptohi/seckey.c
index 975fc1ff9..f31867828 100644
--- a/lib/cryptohi/seckey.c
+++ b/lib/cryptohi/seckey.c
@@ -20,27 +20,27 @@ SEC_ASN1_MKSUB(SEC_IntegerTemplate)
const SEC_ASN1Template CERT_SubjectPublicKeyInfoTemplate[] = {
{ SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTSubjectPublicKeyInfo) },
+ 0, NULL, sizeof(CERTSubjectPublicKeyInfo) },
{ SEC_ASN1_INLINE | SEC_ASN1_XTRN,
- offsetof(CERTSubjectPublicKeyInfo,algorithm),
- SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+ offsetof(CERTSubjectPublicKeyInfo, algorithm),
+ SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
{ SEC_ASN1_BIT_STRING,
- offsetof(CERTSubjectPublicKeyInfo,subjectPublicKey) },
+ offsetof(CERTSubjectPublicKeyInfo, subjectPublicKey) },
{ 0 }
};
const SEC_ASN1Template CERT_PublicKeyAndChallengeTemplate[] =
-{
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTPublicKeyAndChallenge) },
- { SEC_ASN1_ANY, offsetof(CERTPublicKeyAndChallenge,spki) },
- { SEC_ASN1_IA5_STRING, offsetof(CERTPublicKeyAndChallenge,challenge) },
- { 0 }
-};
+ {
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTPublicKeyAndChallenge) },
+ { SEC_ASN1_ANY, offsetof(CERTPublicKeyAndChallenge, spki) },
+ { SEC_ASN1_IA5_STRING, offsetof(CERTPublicKeyAndChallenge, challenge) },
+ { 0 }
+ };
const SEC_ASN1Template SECKEY_RSAPublicKeyTemplate[] = {
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECKEYPublicKey) },
- { SEC_ASN1_INTEGER, offsetof(SECKEYPublicKey,u.rsa.modulus) },
- { SEC_ASN1_INTEGER, offsetof(SECKEYPublicKey,u.rsa.publicExponent) },
+ { SEC_ASN1_INTEGER, offsetof(SECKEYPublicKey, u.rsa.modulus) },
+ { SEC_ASN1_INTEGER, offsetof(SECKEYPublicKey, u.rsa.publicExponent) },
{ 0 }
};
@@ -51,49 +51,49 @@ static const SEC_ASN1Template seckey_PointerToAlgorithmIDTemplate[] = {
/* Parameters for SEC_OID_PKCS1_RSA_PSS_SIGNATURE */
const SEC_ASN1Template SECKEY_RSAPSSParamsTemplate[] =
-{
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECKEYRSAPSSParams) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT |
- SEC_ASN1_CONTEXT_SPECIFIC | 0,
- offsetof(SECKEYRSAPSSParams, hashAlg),
- seckey_PointerToAlgorithmIDTemplate },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT |
- SEC_ASN1_CONTEXT_SPECIFIC | 1,
- offsetof(SECKEYRSAPSSParams, maskAlg),
- seckey_PointerToAlgorithmIDTemplate },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT |
- SEC_ASN1_XTRN | SEC_ASN1_CONTEXT_SPECIFIC | 2,
- offsetof(SECKEYRSAPSSParams, saltLength),
- SEC_ASN1_SUB(SEC_IntegerTemplate) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT |
- SEC_ASN1_XTRN | SEC_ASN1_CONTEXT_SPECIFIC | 3,
- offsetof(SECKEYRSAPSSParams, trailerField),
- SEC_ASN1_SUB(SEC_IntegerTemplate) },
- { 0 }
-};
+ {
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECKEYRSAPSSParams) },
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT |
+ SEC_ASN1_CONTEXT_SPECIFIC | 0,
+ offsetof(SECKEYRSAPSSParams, hashAlg),
+ seckey_PointerToAlgorithmIDTemplate },
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT |
+ SEC_ASN1_CONTEXT_SPECIFIC | 1,
+ offsetof(SECKEYRSAPSSParams, maskAlg),
+ seckey_PointerToAlgorithmIDTemplate },
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT |
+ SEC_ASN1_XTRN | SEC_ASN1_CONTEXT_SPECIFIC | 2,
+ offsetof(SECKEYRSAPSSParams, saltLength),
+ SEC_ASN1_SUB(SEC_IntegerTemplate) },
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT |
+ SEC_ASN1_XTRN | SEC_ASN1_CONTEXT_SPECIFIC | 3,
+ offsetof(SECKEYRSAPSSParams, trailerField),
+ SEC_ASN1_SUB(SEC_IntegerTemplate) },
+ { 0 }
+ };
const SEC_ASN1Template SECKEY_DSAPublicKeyTemplate[] = {
- { SEC_ASN1_INTEGER, offsetof(SECKEYPublicKey,u.dsa.publicValue) },
+ { SEC_ASN1_INTEGER, offsetof(SECKEYPublicKey, u.dsa.publicValue) },
{ 0 }
};
const SEC_ASN1Template SECKEY_PQGParamsTemplate[] = {
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECKEYPQGParams) },
- { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,prime) },
- { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,subPrime) },
- { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,base) },
+ { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams, prime) },
+ { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams, subPrime) },
+ { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams, base) },
{ 0 }
};
const SEC_ASN1Template SECKEY_DHPublicKeyTemplate[] = {
- { SEC_ASN1_INTEGER, offsetof(SECKEYPublicKey,u.dh.publicValue) },
+ { SEC_ASN1_INTEGER, offsetof(SECKEYPublicKey, u.dh.publicValue) },
{ 0 }
};
const SEC_ASN1Template SECKEY_DHParamKeyTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECKEYPublicKey) },
- { SEC_ASN1_INTEGER, offsetof(SECKEYPublicKey,u.dh.prime) },
- { SEC_ASN1_INTEGER, offsetof(SECKEYPublicKey,u.dh.base) },
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECKEYPublicKey) },
+ { SEC_ASN1_INTEGER, offsetof(SECKEYPublicKey, u.dh.prime) },
+ { SEC_ASN1_INTEGER, offsetof(SECKEYPublicKey, u.dh.base) },
/* XXX chrisk: this needs to be expanded for decoding of j and validationParms (RFC2459 7.3.2) */
{ SEC_ASN1_SKIP_REST },
{ 0 }
@@ -142,33 +142,33 @@ prepare_dh_pub_key_for_asn1(SECKEYPublicKey *pubk)
}
/* Create an RSA key pair is any slot able to do so.
-** The created keys are "session" (temporary), not "token" (permanent),
+** The created keys are "session" (temporary), not "token" (permanent),
** and they are "sensitive", which makes them costly to move to another token.
*/
SECKEYPrivateKey *
-SECKEY_CreateRSAPrivateKey(int keySizeInBits,SECKEYPublicKey **pubk, void *cx)
+SECKEY_CreateRSAPrivateKey(int keySizeInBits, SECKEYPublicKey **pubk, void *cx)
{
SECKEYPrivateKey *privk;
PK11RSAGenParams param;
- PK11SlotInfo *slot = PK11_GetBestSlot(CKM_RSA_PKCS_KEY_PAIR_GEN,cx);
+ PK11SlotInfo *slot = PK11_GetBestSlot(CKM_RSA_PKCS_KEY_PAIR_GEN, cx);
if (!slot) {
- return NULL;
+ return NULL;
}
param.keySizeInBits = keySizeInBits;
param.pe = 65537L;
-
- privk = PK11_GenerateKeyPair(slot,CKM_RSA_PKCS_KEY_PAIR_GEN,&param,pubk,
- PR_FALSE, PR_TRUE, cx);
+
+ privk = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, &param, pubk,
+ PR_FALSE, PR_TRUE, cx);
PK11_FreeSlot(slot);
- return(privk);
+ return (privk);
}
-/* Create a DH key pair in any slot able to do so,
-** This is a "session" (temporary), not "token" (permanent) key.
+/* Create a DH key pair in any slot able to do so,
+** This is a "session" (temporary), not "token" (permanent) key.
** Because of the high probability that this key will need to be moved to
** another token, and the high cost of moving "sensitive" keys, we attempt
-** to create this key pair without the "sensitive" attribute, but revert to
+** to create this key pair without the "sensitive" attribute, but revert to
** creating a "sensitive" key if necessary.
*/
SECKEYPrivateKey *
@@ -180,72 +180,77 @@ SECKEY_CreateDHPrivateKey(SECKEYDHParams *param, SECKEYPublicKey **pubk, void *c
if (!param || !param->base.data || !param->prime.data ||
SECKEY_BigIntegerBitLength(&param->prime) < DH_MIN_P_BITS ||
param->base.len == 0 || param->base.len > param->prime.len + 1 ||
- (param->base.len == 1 && param->base.data[0] == 0)) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return NULL;
+ (param->base.len == 1 && param->base.data[0] == 0)) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return NULL;
}
- slot = PK11_GetBestSlot(CKM_DH_PKCS_KEY_PAIR_GEN,cx);
+ slot = PK11_GetBestSlot(CKM_DH_PKCS_KEY_PAIR_GEN, cx);
if (!slot) {
- return NULL;
+ return NULL;
}
- privk = PK11_GenerateKeyPair(slot, CKM_DH_PKCS_KEY_PAIR_GEN, param,
+ privk = PK11_GenerateKeyPair(slot, CKM_DH_PKCS_KEY_PAIR_GEN, param,
pubk, PR_FALSE, PR_FALSE, cx);
- if (!privk)
- privk = PK11_GenerateKeyPair(slot, CKM_DH_PKCS_KEY_PAIR_GEN, param,
- pubk, PR_FALSE, PR_TRUE, cx);
+ if (!privk)
+ privk = PK11_GenerateKeyPair(slot, CKM_DH_PKCS_KEY_PAIR_GEN, param,
+ pubk, PR_FALSE, PR_TRUE, cx);
PK11_FreeSlot(slot);
- return(privk);
+ return (privk);
}
-/* Create an EC key pair in any slot able to do so,
-** This is a "session" (temporary), not "token" (permanent) key.
+/* Create an EC key pair in any slot able to do so,
+** This is a "session" (temporary), not "token" (permanent) key.
** Because of the high probability that this key will need to be moved to
** another token, and the high cost of moving "sensitive" keys, we attempt
-** to create this key pair without the "sensitive" attribute, but revert to
+** to create this key pair without the "sensitive" attribute, but revert to
** creating a "sensitive" key if necessary.
*/
SECKEYPrivateKey *
SECKEY_CreateECPrivateKey(SECKEYECParams *param, SECKEYPublicKey **pubk, void *cx)
{
SECKEYPrivateKey *privk;
- PK11SlotInfo *slot = PK11_GetBestSlot(CKM_EC_KEY_PAIR_GEN,cx);
+ PK11SlotInfo *slot = PK11_GetBestSlot(CKM_EC_KEY_PAIR_GEN, cx);
if (!slot) {
- return NULL;
+ return NULL;
}
- privk = PK11_GenerateKeyPairWithOpFlags(slot, CKM_EC_KEY_PAIR_GEN,
- param, pubk,
- PK11_ATTR_SESSION | PK11_ATTR_INSENSITIVE |
- PK11_ATTR_PUBLIC,
- CKF_DERIVE, CKF_DERIVE|CKF_SIGN,cx);
- if (!privk)
- privk = PK11_GenerateKeyPairWithOpFlags(slot, CKM_EC_KEY_PAIR_GEN,
- param, pubk,
- PK11_ATTR_SESSION | PK11_ATTR_SENSITIVE |
- PK11_ATTR_PRIVATE,
- CKF_DERIVE, CKF_DERIVE|CKF_SIGN,cx);
+ privk = PK11_GenerateKeyPairWithOpFlags(slot, CKM_EC_KEY_PAIR_GEN,
+ param, pubk,
+ PK11_ATTR_SESSION |
+ PK11_ATTR_INSENSITIVE |
+ PK11_ATTR_PUBLIC,
+ CKF_DERIVE, CKF_DERIVE |
+ CKF_SIGN,
+ cx);
+ if (!privk)
+ privk = PK11_GenerateKeyPairWithOpFlags(slot, CKM_EC_KEY_PAIR_GEN,
+ param, pubk,
+ PK11_ATTR_SESSION |
+ PK11_ATTR_SENSITIVE |
+ PK11_ATTR_PRIVATE,
+ CKF_DERIVE, CKF_DERIVE |
+ CKF_SIGN,
+ cx);
PK11_FreeSlot(slot);
- return(privk);
+ return (privk);
}
void
SECKEY_DestroyPrivateKey(SECKEYPrivateKey *privk)
{
if (privk) {
- if (privk->pkcs11Slot) {
- if (privk->pkcs11IsTemp) {
- PK11_DestroyObject(privk->pkcs11Slot,privk->pkcs11ID);
- }
- PK11_FreeSlot(privk->pkcs11Slot);
-
- }
- if (privk->arena) {
- PORT_FreeArena(privk->arena, PR_TRUE);
- }
+ if (privk->pkcs11Slot) {
+ if (privk->pkcs11IsTemp) {
+ PK11_DestroyObject(privk->pkcs11Slot, privk->pkcs11ID);
+ }
+ PK11_FreeSlot(privk->pkcs11Slot);
+ }
+ if (privk->arena) {
+ PORT_FreeArena(privk->arena, PR_TRUE);
+ }
}
}
@@ -253,39 +258,39 @@ void
SECKEY_DestroyPublicKey(SECKEYPublicKey *pubk)
{
if (pubk) {
- if (pubk->pkcs11Slot) {
- if (!PK11_IsPermObject(pubk->pkcs11Slot,pubk->pkcs11ID)) {
- PK11_DestroyObject(pubk->pkcs11Slot,pubk->pkcs11ID);
- }
- PK11_FreeSlot(pubk->pkcs11Slot);
- }
- if (pubk->arena) {
- PORT_FreeArena(pubk->arena, PR_FALSE);
- }
+ if (pubk->pkcs11Slot) {
+ if (!PK11_IsPermObject(pubk->pkcs11Slot, pubk->pkcs11ID)) {
+ PK11_DestroyObject(pubk->pkcs11Slot, pubk->pkcs11ID);
+ }
+ PK11_FreeSlot(pubk->pkcs11Slot);
+ }
+ if (pubk->arena) {
+ PORT_FreeArena(pubk->arena, PR_FALSE);
+ }
}
}
SECStatus
SECKEY_CopySubjectPublicKeyInfo(PLArenaPool *arena,
- CERTSubjectPublicKeyInfo *to,
- CERTSubjectPublicKeyInfo *from)
+ CERTSubjectPublicKeyInfo *to,
+ CERTSubjectPublicKeyInfo *from)
{
SECStatus rv;
SECItem spk;
rv = SECOID_CopyAlgorithmID(arena, &to->algorithm, &from->algorithm);
if (rv == SECSuccess) {
- /*
- * subjectPublicKey is a bit string, whose length is in bits.
- * Convert the length from bits to bytes for SECITEM_CopyItem.
- */
- spk = from->subjectPublicKey;
- DER_ConvertBitString(&spk);
- rv = SECITEM_CopyItem(arena, &to->subjectPublicKey, &spk);
- /* Set the length back to bits. */
- if (rv == SECSuccess) {
- to->subjectPublicKey.len = from->subjectPublicKey.len;
- }
+ /*
+ * subjectPublicKey is a bit string, whose length is in bits.
+ * Convert the length from bits to bytes for SECITEM_CopyItem.
+ */
+ spk = from->subjectPublicKey;
+ DER_ConvertBitString(&spk);
+ rv = SECITEM_CopyItem(arena, &to->subjectPublicKey, &spk);
+ /* Set the length back to bits. */
+ if (rv == SECSuccess) {
+ to->subjectPublicKey.len = from->subjectPublicKey.len;
+ }
}
return rv;
@@ -301,13 +306,13 @@ SECKEY_CopySubjectPublicKeyInfo(PLArenaPool *arena,
* pqg parameters that has a parent that is not a DSA cert. */
static SECStatus
-seckey_UpdateCertPQGChain(CERTCertificate * subjectCert, int count)
+seckey_UpdateCertPQGChain(CERTCertificate *subjectCert, int count)
{
SECStatus rv;
- SECOidData *oid=NULL;
+ SECOidData *oid = NULL;
int tag;
- CERTSubjectPublicKeyInfo * subjectSpki=NULL;
- CERTSubjectPublicKeyInfo * issuerSpki=NULL;
+ CERTSubjectPublicKeyInfo *subjectSpki = NULL;
+ CERTSubjectPublicKeyInfo *issuerSpki = NULL;
CERTCertificate *issuerCert = NULL;
rv = SECSuccess;
@@ -317,39 +322,40 @@ seckey_UpdateCertPQGChain(CERTCertificate * subjectCert, int count)
/* check if cert chain length exceeds the maximum length*/
if (count > CERT_MAX_CERT_CHAIN) {
- return SECFailure;
+ return SECFailure;
}
- oid = SECOID_FindOID(&subjectCert->subjectPublicKeyInfo.algorithm.algorithm);
- if (oid != NULL) {
+ oid = SECOID_FindOID(&subjectCert->subjectPublicKeyInfo.algorithm.algorithm);
+ if (oid != NULL) {
tag = oid->offset;
-
+
/* Check if cert has a DSA or EC public key. If not, return
* success since no PQG params need to be updated.
- *
- * Question: do we really need to do this for EC keys. They don't have
- * PQG parameters, but they do have parameters. The question is does
- * the child cert inherit thost parameters for EC from the parent, or
- * do we always include those parameters in each cert.
- */
-
- if ( (tag != SEC_OID_ANSIX9_DSA_SIGNATURE) &&
- (tag != SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST) &&
- (tag != SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA224_DIGEST) &&
- (tag != SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST) &&
- (tag != SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST) &&
- (tag != SEC_OID_SDN702_DSA_SIGNATURE) &&
- (tag != SEC_OID_ANSIX962_EC_PUBLIC_KEY) ) {
-
+ *
+ * Question: do we really need to do this for EC keys. They don't have
+ * PQG parameters, but they do have parameters. The question is does
+ * the child cert inherit thost parameters for EC from the parent, or
+ * do we always include those parameters in each cert.
+ */
+
+ if ((tag != SEC_OID_ANSIX9_DSA_SIGNATURE) &&
+ (tag != SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST) &&
+ (tag != SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA224_DIGEST) &&
+ (tag != SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST) &&
+ (tag != SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST) &&
+ (tag != SEC_OID_SDN702_DSA_SIGNATURE) &&
+ (tag != SEC_OID_ANSIX962_EC_PUBLIC_KEY)) {
+
return SECSuccess;
}
- } else {
- return SECFailure; /* return failure if oid is NULL */
+ }
+ else {
+ return SECFailure; /* return failure if oid is NULL */
}
/* if cert has PQG parameters, return success */
- subjectSpki=&subjectCert->subjectPublicKeyInfo;
+ subjectSpki = &subjectCert->subjectPublicKeyInfo;
if (subjectSpki->algorithm.parameters.len != 0) {
return SECSuccess;
@@ -357,42 +363,42 @@ seckey_UpdateCertPQGChain(CERTCertificate * subjectCert, int count)
/* check if the cert is self-signed */
if (subjectCert->isRoot) {
- /* fail since cert is self-signed and has no pqg params. */
- return SECFailure;
+ /* fail since cert is self-signed and has no pqg params. */
+ return SECFailure;
}
-
+
/* get issuer cert */
issuerCert = CERT_FindCertIssuer(subjectCert, PR_Now(), certUsageAnyCA);
- if ( ! issuerCert ) {
- return SECFailure;
+ if (!issuerCert) {
+ return SECFailure;
}
/* if parent is not DSA, return failure since
we don't allow this case. */
oid = SECOID_FindOID(&issuerCert->subjectPublicKeyInfo.algorithm.algorithm);
- if (oid != NULL) {
+ if (oid != NULL) {
tag = oid->offset;
-
+
/* Check if issuer cert has a DSA public key. If not,
* return failure. */
- if ( (tag != SEC_OID_ANSIX9_DSA_SIGNATURE) &&
- (tag != SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST) &&
- (tag != SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA224_DIGEST) &&
- (tag != SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST) &&
- (tag != SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST) &&
- (tag != SEC_OID_SDN702_DSA_SIGNATURE) &&
- (tag != SEC_OID_ANSIX962_EC_PUBLIC_KEY) ) {
+ if ((tag != SEC_OID_ANSIX9_DSA_SIGNATURE) &&
+ (tag != SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST) &&
+ (tag != SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA224_DIGEST) &&
+ (tag != SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST) &&
+ (tag != SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST) &&
+ (tag != SEC_OID_SDN702_DSA_SIGNATURE) &&
+ (tag != SEC_OID_ANSIX962_EC_PUBLIC_KEY)) {
rv = SECFailure;
goto loser;
}
- } else {
- rv = SECFailure; /* return failure if oid is NULL */
+ }
+ else {
+ rv = SECFailure; /* return failure if oid is NULL */
goto loser;
}
-
/* at this point the subject cert has no pqg parameters and the
* issuer cert has a DSA public key. Update the issuer's
* pqg parameters with a recursive call to this same function. */
@@ -405,9 +411,9 @@ seckey_UpdateCertPQGChain(CERTCertificate * subjectCert, int count)
/* ensure issuer has pqg parameters */
- issuerSpki=&issuerCert->subjectPublicKeyInfo;
+ issuerSpki = &issuerCert->subjectPublicKeyInfo;
if (issuerSpki->algorithm.parameters.len == 0) {
- rv = SECFailure;
+ rv = SECFailure;
}
/* if update was successful and pqg params present, then copy the
@@ -415,8 +421,8 @@ seckey_UpdateCertPQGChain(CERTCertificate * subjectCert, int count)
if (rv == SECSuccess) {
rv = SECITEM_CopyItem(subjectCert->arena,
- &subjectSpki->algorithm.parameters,
- &issuerSpki->algorithm.parameters);
+ &subjectSpki->algorithm.parameters,
+ &issuerSpki->algorithm.parameters);
}
loser:
@@ -424,35 +430,35 @@ loser:
CERT_DestroyCertificate(issuerCert);
}
return rv;
-
}
-
SECStatus
-SECKEY_UpdateCertPQG(CERTCertificate * subjectCert)
+SECKEY_UpdateCertPQG(CERTCertificate *subjectCert)
{
if (!subjectCert) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ return SECFailure;
}
- return seckey_UpdateCertPQGChain(subjectCert,0);
+ return seckey_UpdateCertPQGChain(subjectCert, 0);
}
-
/* Decode the DSA PQG parameters. The params could be stored in two
* possible formats, the old fortezza-only wrapped format or
* the normal standard format. Store the decoded parameters in
- * a V3 certificate data structure. */
+ * a V3 certificate data structure. */
static SECStatus
seckey_DSADecodePQG(PLArenaPool *arena, SECKEYPublicKey *pubk,
- const SECItem *params) {
+ const SECItem *params)
+{
SECStatus rv;
SECItem newparams;
- if (params == NULL) return SECFailure;
-
- if (params->data == NULL) return SECFailure;
+ if (params == NULL)
+ return SECFailure;
+
+ if (params->data == NULL)
+ return SECFailure;
PORT_Assert(arena);
@@ -467,15 +473,16 @@ seckey_DSADecodePQG(PLArenaPool *arena, SECKEYPublicKey *pubk,
if ((newparams.data[0] != 0xa1) &&
(newparams.data[0] != 0xa0)) {
-
+
if (SECSuccess == rv) {
- /* PQG params are in the standard format */
- prepare_pqg_params_for_asn1(&pubk->u.dsa.params);
- rv = SEC_QuickDERDecodeItem(arena, &pubk->u.dsa.params,
- SECKEY_PQGParamsTemplate,
- &newparams);
+ /* PQG params are in the standard format */
+ prepare_pqg_params_for_asn1(&pubk->u.dsa.params);
+ rv = SEC_QuickDERDecodeItem(arena, &pubk->u.dsa.params,
+ SECKEY_PQGParamsTemplate,
+ &newparams);
}
- } else {
+ }
+ else {
if (SECSuccess == rv) {
/* else the old fortezza-only wrapped format is used. */
@@ -486,61 +493,61 @@ seckey_DSADecodePQG(PLArenaPool *arena, SECKEYPublicKey *pubk,
return rv;
}
-
/* Function used to make an oid tag to a key type */
-KeyType
-seckey_GetKeyType (SECOidTag tag) {
+KeyType
+seckey_GetKeyType(SECOidTag tag)
+{
KeyType keyType;
switch (tag) {
- case SEC_OID_X500_RSA_ENCRYPTION:
- case SEC_OID_PKCS1_RSA_ENCRYPTION:
- keyType = rsaKey;
- break;
- case SEC_OID_PKCS1_RSA_PSS_SIGNATURE:
- keyType = rsaPssKey;
- break;
- case SEC_OID_PKCS1_RSA_OAEP_ENCRYPTION:
- keyType = rsaOaepKey;
- break;
- case SEC_OID_ANSIX9_DSA_SIGNATURE:
- keyType = dsaKey;
- break;
- case SEC_OID_MISSI_KEA_DSS_OLD:
- case SEC_OID_MISSI_KEA_DSS:
- case SEC_OID_MISSI_DSS_OLD:
- case SEC_OID_MISSI_DSS:
- keyType = fortezzaKey;
- break;
- case SEC_OID_MISSI_KEA:
- case SEC_OID_MISSI_ALT_KEA:
- keyType = keaKey;
- break;
- case SEC_OID_X942_DIFFIE_HELMAN_KEY:
- keyType = dhKey;
- break;
- case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
- keyType = ecKey;
- break;
- /* accommodate applications that hand us a signature type when they
- * should be handing us a cipher type */
- case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:
- case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
- case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION:
- case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
- case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION:
- case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION:
- keyType = rsaKey;
- break;
- default:
- keyType = nullKey;
+ case SEC_OID_X500_RSA_ENCRYPTION:
+ case SEC_OID_PKCS1_RSA_ENCRYPTION:
+ keyType = rsaKey;
+ break;
+ case SEC_OID_PKCS1_RSA_PSS_SIGNATURE:
+ keyType = rsaPssKey;
+ break;
+ case SEC_OID_PKCS1_RSA_OAEP_ENCRYPTION:
+ keyType = rsaOaepKey;
+ break;
+ case SEC_OID_ANSIX9_DSA_SIGNATURE:
+ keyType = dsaKey;
+ break;
+ case SEC_OID_MISSI_KEA_DSS_OLD:
+ case SEC_OID_MISSI_KEA_DSS:
+ case SEC_OID_MISSI_DSS_OLD:
+ case SEC_OID_MISSI_DSS:
+ keyType = fortezzaKey;
+ break;
+ case SEC_OID_MISSI_KEA:
+ case SEC_OID_MISSI_ALT_KEA:
+ keyType = keaKey;
+ break;
+ case SEC_OID_X942_DIFFIE_HELMAN_KEY:
+ keyType = dhKey;
+ break;
+ case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
+ keyType = ecKey;
+ break;
+ /* accommodate applications that hand us a signature type when they
+ * should be handing us a cipher type */
+ case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:
+ case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
+ case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION:
+ case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
+ case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION:
+ case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION:
+ keyType = rsaKey;
+ break;
+ default:
+ keyType = nullKey;
}
return keyType;
}
/* Function used to determine what kind of cert we are dealing with. */
-KeyType
-CERT_GetCertKeyType (const CERTSubjectPublicKeyInfo *spki)
+KeyType
+CERT_GetCertKeyType(const CERTSubjectPublicKeyInfo *spki)
{
return seckey_GetKeyType(SECOID_GetAlgorithmTag(&spki->algorithm));
}
@@ -554,95 +561,98 @@ seckey_ExtractPublicKey(const CERTSubjectPublicKeyInfo *spki)
PLArenaPool *arena;
SECOidTag tag;
- arena = PORT_NewArena (DER_DEFAULT_CHUNKSIZE);
+ arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (arena == NULL)
- return NULL;
+ return NULL;
- pubk = (SECKEYPublicKey *) PORT_ArenaZAlloc(arena, sizeof(SECKEYPublicKey));
+ pubk = (SECKEYPublicKey *)PORT_ArenaZAlloc(arena, sizeof(SECKEYPublicKey));
if (pubk == NULL) {
- PORT_FreeArena (arena, PR_FALSE);
- return NULL;
+ PORT_FreeArena(arena, PR_FALSE);
+ return NULL;
}
pubk->arena = arena;
pubk->pkcs11Slot = 0;
pubk->pkcs11ID = CK_INVALID_HANDLE;
-
/* Convert bit string length from bits to bytes */
os = spki->subjectPublicKey;
- DER_ConvertBitString (&os);
+ DER_ConvertBitString(&os);
tag = SECOID_GetAlgorithmTag(&spki->algorithm);
/* copy the DER into the arena, since Quick DER returns data that points
into the DER input, which may get freed by the caller */
rv = SECITEM_CopyItem(arena, &newOs, &os);
- if ( rv == SECSuccess )
- switch ( tag ) {
- case SEC_OID_X500_RSA_ENCRYPTION:
- case SEC_OID_PKCS1_RSA_ENCRYPTION:
- pubk->keyType = rsaKey;
- prepare_rsa_pub_key_for_asn1(pubk);
- rv = SEC_QuickDERDecodeItem(arena, pubk, SECKEY_RSAPublicKeyTemplate, &newOs);
- if (rv == SECSuccess)
- return pubk;
- break;
- case SEC_OID_ANSIX9_DSA_SIGNATURE:
- case SEC_OID_SDN702_DSA_SIGNATURE:
- pubk->keyType = dsaKey;
- prepare_dsa_pub_key_for_asn1(pubk);
- rv = SEC_QuickDERDecodeItem(arena, pubk, SECKEY_DSAPublicKeyTemplate, &newOs);
- if (rv != SECSuccess) break;
-
- rv = seckey_DSADecodePQG(arena, pubk,
- &spki->algorithm.parameters);
-
- if (rv == SECSuccess) return pubk;
- break;
- case SEC_OID_X942_DIFFIE_HELMAN_KEY:
- pubk->keyType = dhKey;
- prepare_dh_pub_key_for_asn1(pubk);
- rv = SEC_QuickDERDecodeItem(arena, pubk, SECKEY_DHPublicKeyTemplate, &newOs);
- if (rv != SECSuccess) break;
-
- /* copy the DER into the arena, since Quick DER returns data that points
- into the DER input, which may get freed by the caller */
- rv = SECITEM_CopyItem(arena, &newParms, &spki->algorithm.parameters);
- if ( rv != SECSuccess )
- break;
-
- rv = SEC_QuickDERDecodeItem(arena, pubk, SECKEY_DHParamKeyTemplate,
- &newParms);
-
- if (rv == SECSuccess) return pubk;
- break;
- case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
- pubk->keyType = ecKey;
- pubk->u.ec.size = 0;
-
- /* Since PKCS#11 directly takes the DER encoding of EC params
- * and public value, we don't need any decoding here.
- */
- rv = SECITEM_CopyItem(arena, &pubk->u.ec.DEREncodedParams,
- &spki->algorithm.parameters);
- if ( rv != SECSuccess )
- break;
- rv = SECITEM_CopyItem(arena, &pubk->u.ec.publicValue, &newOs);
- if (rv == SECSuccess) return pubk;
- break;
-
- default:
- PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
- rv = SECFailure;
- break;
- }
+ if (rv == SECSuccess)
+ switch (tag) {
+ case SEC_OID_X500_RSA_ENCRYPTION:
+ case SEC_OID_PKCS1_RSA_ENCRYPTION:
+ pubk->keyType = rsaKey;
+ prepare_rsa_pub_key_for_asn1(pubk);
+ rv = SEC_QuickDERDecodeItem(arena, pubk, SECKEY_RSAPublicKeyTemplate, &newOs);
+ if (rv == SECSuccess)
+ return pubk;
+ break;
+ case SEC_OID_ANSIX9_DSA_SIGNATURE:
+ case SEC_OID_SDN702_DSA_SIGNATURE:
+ pubk->keyType = dsaKey;
+ prepare_dsa_pub_key_for_asn1(pubk);
+ rv = SEC_QuickDERDecodeItem(arena, pubk, SECKEY_DSAPublicKeyTemplate, &newOs);
+ if (rv != SECSuccess)
+ break;
+
+ rv = seckey_DSADecodePQG(arena, pubk,
+ &spki->algorithm.parameters);
+
+ if (rv == SECSuccess)
+ return pubk;
+ break;
+ case SEC_OID_X942_DIFFIE_HELMAN_KEY:
+ pubk->keyType = dhKey;
+ prepare_dh_pub_key_for_asn1(pubk);
+ rv = SEC_QuickDERDecodeItem(arena, pubk, SECKEY_DHPublicKeyTemplate, &newOs);
+ if (rv != SECSuccess)
+ break;
+
+ /* copy the DER into the arena, since Quick DER returns data that points
+ into the DER input, which may get freed by the caller */
+ rv = SECITEM_CopyItem(arena, &newParms, &spki->algorithm.parameters);
+ if (rv != SECSuccess)
+ break;
+
+ rv = SEC_QuickDERDecodeItem(arena, pubk, SECKEY_DHParamKeyTemplate,
+ &newParms);
+
+ if (rv == SECSuccess)
+ return pubk;
+ break;
+ case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
+ pubk->keyType = ecKey;
+ pubk->u.ec.size = 0;
+
+ /* Since PKCS#11 directly takes the DER encoding of EC params
+ * and public value, we don't need any decoding here.
+ */
+ rv = SECITEM_CopyItem(arena, &pubk->u.ec.DEREncodedParams,
+ &spki->algorithm.parameters);
+ if (rv != SECSuccess)
+ break;
+ rv = SECITEM_CopyItem(arena, &pubk->u.ec.publicValue, &newOs);
+ if (rv == SECSuccess)
+ return pubk;
+ break;
+
+ default:
+ PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
+ rv = SECFailure;
+ break;
+ }
- SECKEY_DestroyPublicKey (pubk);
+ SECKEY_DestroyPublicKey(pubk);
return NULL;
}
-
/* required for JSS */
SECKEYPublicKey *
SECKEY_ExtractPublicKey(const CERTSubjectPublicKeyInfo *spki)
@@ -657,10 +667,11 @@ CERT_ExtractPublicKey(CERTCertificate *cert)
if (!cert) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return NULL;
+ return NULL;
}
rv = SECKEY_UpdateCertPQG(cert);
- if (rv != SECSuccess) return NULL;
+ if (rv != SECSuccess)
+ return NULL;
return seckey_ExtractPublicKey(&cert->subjectPublicKeyInfo);
}
@@ -669,128 +680,128 @@ int
SECKEY_ECParamsToKeySize(const SECItem *encodedParams)
{
SECOidTag tag;
- SECItem oid = { siBuffer, NULL, 0};
-
+ SECItem oid = { siBuffer, NULL, 0 };
+
/* The encodedParams data contains 0x06 (SEC_ASN1_OBJECT_ID),
* followed by the length of the curve oid and the curve oid.
*/
oid.len = encodedParams->data[1];
oid.data = encodedParams->data + 2;
if ((tag = SECOID_FindOIDTag(&oid)) == SEC_OID_UNKNOWN)
- return 0;
+ return 0;
switch (tag) {
- case SEC_OID_SECG_EC_SECP112R1:
- case SEC_OID_SECG_EC_SECP112R2:
- return 112;
-
- case SEC_OID_SECG_EC_SECT113R1:
- case SEC_OID_SECG_EC_SECT113R2:
- return 113;
-
- case SEC_OID_SECG_EC_SECP128R1:
- case SEC_OID_SECG_EC_SECP128R2:
- return 128;
-
- case SEC_OID_SECG_EC_SECT131R1:
- case SEC_OID_SECG_EC_SECT131R2:
- return 131;
-
- case SEC_OID_SECG_EC_SECP160K1:
- case SEC_OID_SECG_EC_SECP160R1:
- case SEC_OID_SECG_EC_SECP160R2:
- return 160;
-
- case SEC_OID_SECG_EC_SECT163K1:
- case SEC_OID_SECG_EC_SECT163R1:
- case SEC_OID_SECG_EC_SECT163R2:
- case SEC_OID_ANSIX962_EC_C2PNB163V1:
- case SEC_OID_ANSIX962_EC_C2PNB163V2:
- case SEC_OID_ANSIX962_EC_C2PNB163V3:
- return 163;
-
- case SEC_OID_ANSIX962_EC_C2PNB176V1:
- return 176;
-
- case SEC_OID_ANSIX962_EC_C2TNB191V1:
- case SEC_OID_ANSIX962_EC_C2TNB191V2:
- case SEC_OID_ANSIX962_EC_C2TNB191V3:
- case SEC_OID_ANSIX962_EC_C2ONB191V4:
- case SEC_OID_ANSIX962_EC_C2ONB191V5:
- return 191;
-
- case SEC_OID_SECG_EC_SECP192K1:
- case SEC_OID_ANSIX962_EC_PRIME192V1:
- case SEC_OID_ANSIX962_EC_PRIME192V2:
- case SEC_OID_ANSIX962_EC_PRIME192V3:
- return 192;
-
- case SEC_OID_SECG_EC_SECT193R1:
- case SEC_OID_SECG_EC_SECT193R2:
- return 193;
-
- case SEC_OID_ANSIX962_EC_C2PNB208W1:
- return 208;
-
- case SEC_OID_SECG_EC_SECP224K1:
- case SEC_OID_SECG_EC_SECP224R1:
- return 224;
-
- case SEC_OID_SECG_EC_SECT233K1:
- case SEC_OID_SECG_EC_SECT233R1:
- return 233;
-
- case SEC_OID_SECG_EC_SECT239K1:
- case SEC_OID_ANSIX962_EC_C2TNB239V1:
- case SEC_OID_ANSIX962_EC_C2TNB239V2:
- case SEC_OID_ANSIX962_EC_C2TNB239V3:
- case SEC_OID_ANSIX962_EC_C2ONB239V4:
- case SEC_OID_ANSIX962_EC_C2ONB239V5:
- case SEC_OID_ANSIX962_EC_PRIME239V1:
- case SEC_OID_ANSIX962_EC_PRIME239V2:
- case SEC_OID_ANSIX962_EC_PRIME239V3:
- return 239;
-
- case SEC_OID_SECG_EC_SECP256K1:
- case SEC_OID_ANSIX962_EC_PRIME256V1:
- return 256;
-
- case SEC_OID_ANSIX962_EC_C2PNB272W1:
- return 272;
-
- case SEC_OID_SECG_EC_SECT283K1:
- case SEC_OID_SECG_EC_SECT283R1:
- return 283;
-
- case SEC_OID_ANSIX962_EC_C2PNB304W1:
- return 304;
-
- case SEC_OID_ANSIX962_EC_C2TNB359V1:
- return 359;
-
- case SEC_OID_ANSIX962_EC_C2PNB368W1:
- return 368;
-
- case SEC_OID_SECG_EC_SECP384R1:
- return 384;
-
- case SEC_OID_SECG_EC_SECT409K1:
- case SEC_OID_SECG_EC_SECT409R1:
- return 409;
-
- case SEC_OID_ANSIX962_EC_C2TNB431R1:
- return 431;
-
- case SEC_OID_SECG_EC_SECP521R1:
- return 521;
-
- case SEC_OID_SECG_EC_SECT571K1:
- case SEC_OID_SECG_EC_SECT571R1:
- return 571;
-
- default:
- PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
- return 0;
+ case SEC_OID_SECG_EC_SECP112R1:
+ case SEC_OID_SECG_EC_SECP112R2:
+ return 112;
+
+ case SEC_OID_SECG_EC_SECT113R1:
+ case SEC_OID_SECG_EC_SECT113R2:
+ return 113;
+
+ case SEC_OID_SECG_EC_SECP128R1:
+ case SEC_OID_SECG_EC_SECP128R2:
+ return 128;
+
+ case SEC_OID_SECG_EC_SECT131R1:
+ case SEC_OID_SECG_EC_SECT131R2:
+ return 131;
+
+ case SEC_OID_SECG_EC_SECP160K1:
+ case SEC_OID_SECG_EC_SECP160R1:
+ case SEC_OID_SECG_EC_SECP160R2:
+ return 160;
+
+ case SEC_OID_SECG_EC_SECT163K1:
+ case SEC_OID_SECG_EC_SECT163R1:
+ case SEC_OID_SECG_EC_SECT163R2:
+ case SEC_OID_ANSIX962_EC_C2PNB163V1:
+ case SEC_OID_ANSIX962_EC_C2PNB163V2:
+ case SEC_OID_ANSIX962_EC_C2PNB163V3:
+ return 163;
+
+ case SEC_OID_ANSIX962_EC_C2PNB176V1:
+ return 176;
+
+ case SEC_OID_ANSIX962_EC_C2TNB191V1:
+ case SEC_OID_ANSIX962_EC_C2TNB191V2:
+ case SEC_OID_ANSIX962_EC_C2TNB191V3:
+ case SEC_OID_ANSIX962_EC_C2ONB191V4:
+ case SEC_OID_ANSIX962_EC_C2ONB191V5:
+ return 191;
+
+ case SEC_OID_SECG_EC_SECP192K1:
+ case SEC_OID_ANSIX962_EC_PRIME192V1:
+ case SEC_OID_ANSIX962_EC_PRIME192V2:
+ case SEC_OID_ANSIX962_EC_PRIME192V3:
+ return 192;
+
+ case SEC_OID_SECG_EC_SECT193R1:
+ case SEC_OID_SECG_EC_SECT193R2:
+ return 193;
+
+ case SEC_OID_ANSIX962_EC_C2PNB208W1:
+ return 208;
+
+ case SEC_OID_SECG_EC_SECP224K1:
+ case SEC_OID_SECG_EC_SECP224R1:
+ return 224;
+
+ case SEC_OID_SECG_EC_SECT233K1:
+ case SEC_OID_SECG_EC_SECT233R1:
+ return 233;
+
+ case SEC_OID_SECG_EC_SECT239K1:
+ case SEC_OID_ANSIX962_EC_C2TNB239V1:
+ case SEC_OID_ANSIX962_EC_C2TNB239V2:
+ case SEC_OID_ANSIX962_EC_C2TNB239V3:
+ case SEC_OID_ANSIX962_EC_C2ONB239V4:
+ case SEC_OID_ANSIX962_EC_C2ONB239V5:
+ case SEC_OID_ANSIX962_EC_PRIME239V1:
+ case SEC_OID_ANSIX962_EC_PRIME239V2:
+ case SEC_OID_ANSIX962_EC_PRIME239V3:
+ return 239;
+
+ case SEC_OID_SECG_EC_SECP256K1:
+ case SEC_OID_ANSIX962_EC_PRIME256V1:
+ return 256;
+
+ case SEC_OID_ANSIX962_EC_C2PNB272W1:
+ return 272;
+
+ case SEC_OID_SECG_EC_SECT283K1:
+ case SEC_OID_SECG_EC_SECT283R1:
+ return 283;
+
+ case SEC_OID_ANSIX962_EC_C2PNB304W1:
+ return 304;
+
+ case SEC_OID_ANSIX962_EC_C2TNB359V1:
+ return 359;
+
+ case SEC_OID_ANSIX962_EC_C2PNB368W1:
+ return 368;
+
+ case SEC_OID_SECG_EC_SECP384R1:
+ return 384;
+
+ case SEC_OID_SECG_EC_SECT409K1:
+ case SEC_OID_SECG_EC_SECT409R1:
+ return 409;
+
+ case SEC_OID_ANSIX962_EC_C2TNB431R1:
+ return 431;
+
+ case SEC_OID_SECG_EC_SECP521R1:
+ return 521;
+
+ case SEC_OID_SECG_EC_SECT571K1:
+ case SEC_OID_SECG_EC_SECT571R1:
+ return 571;
+
+ default:
+ PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
+ return 0;
}
}
@@ -798,146 +809,146 @@ int
SECKEY_ECParamsToBasePointOrderLen(const SECItem *encodedParams)
{
SECOidTag tag;
- SECItem oid = { siBuffer, NULL, 0};
-
+ SECItem oid = { siBuffer, NULL, 0 };
+
/* The encodedParams data contains 0x06 (SEC_ASN1_OBJECT_ID),
* followed by the length of the curve oid and the curve oid.
*/
oid.len = encodedParams->data[1];
oid.data = encodedParams->data + 2;
if ((tag = SECOID_FindOIDTag(&oid)) == SEC_OID_UNKNOWN)
- return 0;
+ return 0;
switch (tag) {
- case SEC_OID_SECG_EC_SECP112R1:
- return 112;
- case SEC_OID_SECG_EC_SECP112R2:
- return 110;
-
- case SEC_OID_SECG_EC_SECT113R1:
- case SEC_OID_SECG_EC_SECT113R2:
- return 113;
-
- case SEC_OID_SECG_EC_SECP128R1:
- return 128;
- case SEC_OID_SECG_EC_SECP128R2:
- return 126;
-
- case SEC_OID_SECG_EC_SECT131R1:
- case SEC_OID_SECG_EC_SECT131R2:
- return 131;
-
- case SEC_OID_SECG_EC_SECP160K1:
- case SEC_OID_SECG_EC_SECP160R1:
- case SEC_OID_SECG_EC_SECP160R2:
- return 161;
-
- case SEC_OID_SECG_EC_SECT163K1:
- return 163;
- case SEC_OID_SECG_EC_SECT163R1:
- return 162;
- case SEC_OID_SECG_EC_SECT163R2:
- case SEC_OID_ANSIX962_EC_C2PNB163V1:
- return 163;
- case SEC_OID_ANSIX962_EC_C2PNB163V2:
- case SEC_OID_ANSIX962_EC_C2PNB163V3:
- return 162;
-
- case SEC_OID_ANSIX962_EC_C2PNB176V1:
- return 161;
-
- case SEC_OID_ANSIX962_EC_C2TNB191V1:
- return 191;
- case SEC_OID_ANSIX962_EC_C2TNB191V2:
- return 190;
- case SEC_OID_ANSIX962_EC_C2TNB191V3:
- return 189;
- case SEC_OID_ANSIX962_EC_C2ONB191V4:
- return 191;
- case SEC_OID_ANSIX962_EC_C2ONB191V5:
- return 188;
-
- case SEC_OID_SECG_EC_SECP192K1:
- case SEC_OID_ANSIX962_EC_PRIME192V1:
- case SEC_OID_ANSIX962_EC_PRIME192V2:
- case SEC_OID_ANSIX962_EC_PRIME192V3:
- return 192;
-
- case SEC_OID_SECG_EC_SECT193R1:
- case SEC_OID_SECG_EC_SECT193R2:
- return 193;
-
- case SEC_OID_ANSIX962_EC_C2PNB208W1:
- return 193;
-
- case SEC_OID_SECG_EC_SECP224K1:
- return 225;
- case SEC_OID_SECG_EC_SECP224R1:
- return 224;
-
- case SEC_OID_SECG_EC_SECT233K1:
- return 232;
- case SEC_OID_SECG_EC_SECT233R1:
- return 233;
-
- case SEC_OID_SECG_EC_SECT239K1:
- case SEC_OID_ANSIX962_EC_C2TNB239V1:
- return 238;
- case SEC_OID_ANSIX962_EC_C2TNB239V2:
- return 237;
- case SEC_OID_ANSIX962_EC_C2TNB239V3:
- return 236;
- case SEC_OID_ANSIX962_EC_C2ONB239V4:
- return 238;
- case SEC_OID_ANSIX962_EC_C2ONB239V5:
- return 237;
- case SEC_OID_ANSIX962_EC_PRIME239V1:
- case SEC_OID_ANSIX962_EC_PRIME239V2:
- case SEC_OID_ANSIX962_EC_PRIME239V3:
- return 239;
-
- case SEC_OID_SECG_EC_SECP256K1:
- case SEC_OID_ANSIX962_EC_PRIME256V1:
- return 256;
-
- case SEC_OID_ANSIX962_EC_C2PNB272W1:
- return 257;
-
- case SEC_OID_SECG_EC_SECT283K1:
- return 281;
- case SEC_OID_SECG_EC_SECT283R1:
- return 282;
-
- case SEC_OID_ANSIX962_EC_C2PNB304W1:
- return 289;
-
- case SEC_OID_ANSIX962_EC_C2TNB359V1:
- return 353;
-
- case SEC_OID_ANSIX962_EC_C2PNB368W1:
- return 353;
-
- case SEC_OID_SECG_EC_SECP384R1:
- return 384;
-
- case SEC_OID_SECG_EC_SECT409K1:
- return 407;
- case SEC_OID_SECG_EC_SECT409R1:
- return 409;
-
- case SEC_OID_ANSIX962_EC_C2TNB431R1:
- return 418;
-
- case SEC_OID_SECG_EC_SECP521R1:
- return 521;
-
- case SEC_OID_SECG_EC_SECT571K1:
- case SEC_OID_SECG_EC_SECT571R1:
- return 570;
-
- default:
- PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
- return 0;
+ case SEC_OID_SECG_EC_SECP112R1:
+ return 112;
+ case SEC_OID_SECG_EC_SECP112R2:
+ return 110;
+
+ case SEC_OID_SECG_EC_SECT113R1:
+ case SEC_OID_SECG_EC_SECT113R2:
+ return 113;
+
+ case SEC_OID_SECG_EC_SECP128R1:
+ return 128;
+ case SEC_OID_SECG_EC_SECP128R2:
+ return 126;
+
+ case SEC_OID_SECG_EC_SECT131R1:
+ case SEC_OID_SECG_EC_SECT131R2:
+ return 131;
+
+ case SEC_OID_SECG_EC_SECP160K1:
+ case SEC_OID_SECG_EC_SECP160R1:
+ case SEC_OID_SECG_EC_SECP160R2:
+ return 161;
+
+ case SEC_OID_SECG_EC_SECT163K1:
+ return 163;
+ case SEC_OID_SECG_EC_SECT163R1:
+ return 162;
+ case SEC_OID_SECG_EC_SECT163R2:
+ case SEC_OID_ANSIX962_EC_C2PNB163V1:
+ return 163;
+ case SEC_OID_ANSIX962_EC_C2PNB163V2:
+ case SEC_OID_ANSIX962_EC_C2PNB163V3:
+ return 162;
+
+ case SEC_OID_ANSIX962_EC_C2PNB176V1:
+ return 161;
+
+ case SEC_OID_ANSIX962_EC_C2TNB191V1:
+ return 191;
+ case SEC_OID_ANSIX962_EC_C2TNB191V2:
+ return 190;
+ case SEC_OID_ANSIX962_EC_C2TNB191V3:
+ return 189;
+ case SEC_OID_ANSIX962_EC_C2ONB191V4:
+ return 191;
+ case SEC_OID_ANSIX962_EC_C2ONB191V5:
+ return 188;
+
+ case SEC_OID_SECG_EC_SECP192K1:
+ case SEC_OID_ANSIX962_EC_PRIME192V1:
+ case SEC_OID_ANSIX962_EC_PRIME192V2:
+ case SEC_OID_ANSIX962_EC_PRIME192V3:
+ return 192;
+
+ case SEC_OID_SECG_EC_SECT193R1:
+ case SEC_OID_SECG_EC_SECT193R2:
+ return 193;
+
+ case SEC_OID_ANSIX962_EC_C2PNB208W1:
+ return 193;
+
+ case SEC_OID_SECG_EC_SECP224K1:
+ return 225;
+ case SEC_OID_SECG_EC_SECP224R1:
+ return 224;
+
+ case SEC_OID_SECG_EC_SECT233K1:
+ return 232;
+ case SEC_OID_SECG_EC_SECT233R1:
+ return 233;
+
+ case SEC_OID_SECG_EC_SECT239K1:
+ case SEC_OID_ANSIX962_EC_C2TNB239V1:
+ return 238;
+ case SEC_OID_ANSIX962_EC_C2TNB239V2:
+ return 237;
+ case SEC_OID_ANSIX962_EC_C2TNB239V3:
+ return 236;
+ case SEC_OID_ANSIX962_EC_C2ONB239V4:
+ return 238;
+ case SEC_OID_ANSIX962_EC_C2ONB239V5:
+ return 237;
+ case SEC_OID_ANSIX962_EC_PRIME239V1:
+ case SEC_OID_ANSIX962_EC_PRIME239V2:
+ case SEC_OID_ANSIX962_EC_PRIME239V3:
+ return 239;
+
+ case SEC_OID_SECG_EC_SECP256K1:
+ case SEC_OID_ANSIX962_EC_PRIME256V1:
+ return 256;
+
+ case SEC_OID_ANSIX962_EC_C2PNB272W1:
+ return 257;
+
+ case SEC_OID_SECG_EC_SECT283K1:
+ return 281;
+ case SEC_OID_SECG_EC_SECT283R1:
+ return 282;
+
+ case SEC_OID_ANSIX962_EC_C2PNB304W1:
+ return 289;
+
+ case SEC_OID_ANSIX962_EC_C2TNB359V1:
+ return 353;
+
+ case SEC_OID_ANSIX962_EC_C2PNB368W1:
+ return 353;
+
+ case SEC_OID_SECG_EC_SECP384R1:
+ return 384;
+
+ case SEC_OID_SECG_EC_SECT409K1:
+ return 407;
+ case SEC_OID_SECG_EC_SECT409R1:
+ return 409;
+
+ case SEC_OID_ANSIX962_EC_C2TNB431R1:
+ return 418;
+
+ case SEC_OID_SECG_EC_SECP521R1:
+ return 521;
+
+ case SEC_OID_SECG_EC_SECT571K1:
+ case SEC_OID_SECG_EC_SECT571R1:
+ return 570;
+
+ default:
+ PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
+ return 0;
}
}
@@ -994,21 +1005,21 @@ SECKEY_PublicKeyStrengthInBits(const SECKEYPublicKey *pubk)
/* interpret modulus length as key strength */
switch (pubk->keyType) {
- case rsaKey:
- bitSize = SECKEY_BigIntegerBitLength(&pubk->u.rsa.modulus);
- break;
- case dsaKey:
- bitSize = SECKEY_BigIntegerBitLength(&pubk->u.dsa.params.prime);
- break;
- case dhKey:
- bitSize = SECKEY_BigIntegerBitLength(&pubk->u.dh.prime);
- break;
- case ecKey:
- bitSize = SECKEY_ECParamsToKeySize(&pubk->u.ec.DEREncodedParams);
- break;
- default:
- PORT_SetError(SEC_ERROR_INVALID_KEY);
- break;
+ case rsaKey:
+ bitSize = SECKEY_BigIntegerBitLength(&pubk->u.rsa.modulus);
+ break;
+ case dsaKey:
+ bitSize = SECKEY_BigIntegerBitLength(&pubk->u.dsa.params.prime);
+ break;
+ case dhKey:
+ bitSize = SECKEY_BigIntegerBitLength(&pubk->u.dh.prime);
+ break;
+ case ecKey:
+ bitSize = SECKEY_ECParamsToKeySize(&pubk->u.ec.DEREncodedParams);
+ break;
+ default:
+ PORT_SetError(SEC_ERROR_INVALID_KEY);
+ break;
}
return bitSize;
}
@@ -1021,18 +1032,18 @@ SECKEY_SignatureLen(const SECKEYPublicKey *pubk)
unsigned size;
switch (pubk->keyType) {
- case rsaKey:
- b0 = pubk->u.rsa.modulus.data[0];
- return b0 ? pubk->u.rsa.modulus.len : pubk->u.rsa.modulus.len - 1;
- case dsaKey:
- return pubk->u.dsa.params.subPrime.len * 2;
- case ecKey:
- /* Get the base point order length in bits and adjust */
- size = SECKEY_ECParamsToBasePointOrderLen(
- &pubk->u.ec.DEREncodedParams);
- return ((size + 7)/8) * 2;
- default:
- break;
+ case rsaKey:
+ b0 = pubk->u.rsa.modulus.data[0];
+ return b0 ? pubk->u.rsa.modulus.len : pubk->u.rsa.modulus.len - 1;
+ case dsaKey:
+ return pubk->u.dsa.params.subPrime.len * 2;
+ case ecKey:
+ /* Get the base point order length in bits and adjust */
+ size = SECKEY_ECParamsToBasePointOrderLen(
+ &pubk->u.ec.DEREncodedParams);
+ return ((size + 7) / 8) * 2;
+ default:
+ break;
}
PORT_SetError(SEC_ERROR_INVALID_KEY);
return 0;
@@ -1043,44 +1054,47 @@ SECKEY_CopyPrivateKey(const SECKEYPrivateKey *privk)
{
SECKEYPrivateKey *copyk;
PLArenaPool *arena;
-
+
if (!privk || !privk->pkcs11Slot) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return NULL;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return NULL;
}
-
+
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (arena == NULL) {
- return NULL;
+ return NULL;
}
- copyk = (SECKEYPrivateKey *) PORT_ArenaZAlloc (arena, sizeof (SECKEYPrivateKey));
+ copyk = (SECKEYPrivateKey *)PORT_ArenaZAlloc(arena, sizeof(SECKEYPrivateKey));
if (copyk) {
- copyk->arena = arena;
- copyk->keyType = privk->keyType;
-
- /* copy the PKCS #11 parameters */
- copyk->pkcs11Slot = PK11_ReferenceSlot(privk->pkcs11Slot);
- /* if the key we're referencing was a temparary key we have just
- * created, that we want to go away when we're through, we need
- * to make a copy of it */
- if (privk->pkcs11IsTemp) {
- copyk->pkcs11ID =
- PK11_CopyKey(privk->pkcs11Slot,privk->pkcs11ID);
- if (copyk->pkcs11ID == CK_INVALID_HANDLE) goto fail;
- } else {
- copyk->pkcs11ID = privk->pkcs11ID;
- }
- copyk->pkcs11IsTemp = privk->pkcs11IsTemp;
- copyk->wincx = privk->wincx;
- copyk->staticflags = privk->staticflags;
- return copyk;
- } else {
- PORT_SetError (SEC_ERROR_NO_MEMORY);
+ copyk->arena = arena;
+ copyk->keyType = privk->keyType;
+
+ /* copy the PKCS #11 parameters */
+ copyk->pkcs11Slot = PK11_ReferenceSlot(privk->pkcs11Slot);
+ /* if the key we're referencing was a temparary key we have just
+ * created, that we want to go away when we're through, we need
+ * to make a copy of it */
+ if (privk->pkcs11IsTemp) {
+ copyk->pkcs11ID =
+ PK11_CopyKey(privk->pkcs11Slot, privk->pkcs11ID);
+ if (copyk->pkcs11ID == CK_INVALID_HANDLE)
+ goto fail;
+ }
+ else {
+ copyk->pkcs11ID = privk->pkcs11ID;
+ }
+ copyk->pkcs11IsTemp = privk->pkcs11IsTemp;
+ copyk->wincx = privk->wincx;
+ copyk->staticflags = privk->staticflags;
+ return copyk;
+ }
+ else {
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
}
fail:
- PORT_FreeArena (arena, PR_FALSE);
+ PORT_FreeArena(arena, PR_FALSE);
return NULL;
}
@@ -1093,82 +1107,88 @@ SECKEY_CopyPublicKey(const SECKEYPublicKey *pubk)
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (arena == NULL) {
- PORT_SetError (SEC_ERROR_NO_MEMORY);
- return NULL;
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
+ return NULL;
}
- copyk = (SECKEYPublicKey *) PORT_ArenaZAlloc (arena, sizeof (SECKEYPublicKey));
+ copyk = (SECKEYPublicKey *)PORT_ArenaZAlloc(arena, sizeof(SECKEYPublicKey));
if (!copyk) {
- PORT_FreeArena (arena, PR_FALSE);
- PORT_SetError (SEC_ERROR_NO_MEMORY);
+ PORT_FreeArena(arena, PR_FALSE);
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
return NULL;
}
copyk->arena = arena;
copyk->keyType = pubk->keyType;
- if (pubk->pkcs11Slot &&
- PK11_IsPermObject(pubk->pkcs11Slot,pubk->pkcs11ID)) {
+ if (pubk->pkcs11Slot &&
+ PK11_IsPermObject(pubk->pkcs11Slot, pubk->pkcs11ID)) {
copyk->pkcs11Slot = PK11_ReferenceSlot(pubk->pkcs11Slot);
copyk->pkcs11ID = pubk->pkcs11ID;
- } else {
- copyk->pkcs11Slot = NULL; /* go get own reference */
+ }
+ else {
+ copyk->pkcs11Slot = NULL; /* go get own reference */
copyk->pkcs11ID = CK_INVALID_HANDLE;
}
switch (pubk->keyType) {
- case rsaKey:
- rv = SECITEM_CopyItem(arena, &copyk->u.rsa.modulus,
- &pubk->u.rsa.modulus);
- if (rv == SECSuccess) {
- rv = SECITEM_CopyItem (arena, &copyk->u.rsa.publicExponent,
- &pubk->u.rsa.publicExponent);
- if (rv == SECSuccess)
- return copyk;
- }
- break;
- case dsaKey:
- rv = SECITEM_CopyItem(arena, &copyk->u.dsa.publicValue,
- &pubk->u.dsa.publicValue);
- if (rv != SECSuccess) break;
- rv = SECITEM_CopyItem(arena, &copyk->u.dsa.params.prime,
- &pubk->u.dsa.params.prime);
- if (rv != SECSuccess) break;
- rv = SECITEM_CopyItem(arena, &copyk->u.dsa.params.subPrime,
- &pubk->u.dsa.params.subPrime);
- if (rv != SECSuccess) break;
- rv = SECITEM_CopyItem(arena, &copyk->u.dsa.params.base,
- &pubk->u.dsa.params.base);
- break;
- case dhKey:
- rv = SECITEM_CopyItem(arena,&copyk->u.dh.prime,&pubk->u.dh.prime);
- if (rv != SECSuccess) break;
- rv = SECITEM_CopyItem(arena,&copyk->u.dh.base,&pubk->u.dh.base);
- if (rv != SECSuccess) break;
- rv = SECITEM_CopyItem(arena, &copyk->u.dh.publicValue,
- &pubk->u.dh.publicValue);
- break;
- case ecKey:
- copyk->u.ec.size = pubk->u.ec.size;
- rv = SECITEM_CopyItem(arena,&copyk->u.ec.DEREncodedParams,
- &pubk->u.ec.DEREncodedParams);
- if (rv != SECSuccess) break;
- rv = SECITEM_CopyItem(arena,&copyk->u.ec.publicValue,
- &pubk->u.ec.publicValue);
- break;
- case nullKey:
- return copyk;
- default:
- PORT_SetError(SEC_ERROR_INVALID_KEY);
- rv = SECFailure;
- break;
+ case rsaKey:
+ rv = SECITEM_CopyItem(arena, &copyk->u.rsa.modulus,
+ &pubk->u.rsa.modulus);
+ if (rv == SECSuccess) {
+ rv = SECITEM_CopyItem(arena, &copyk->u.rsa.publicExponent,
+ &pubk->u.rsa.publicExponent);
+ if (rv == SECSuccess)
+ return copyk;
+ }
+ break;
+ case dsaKey:
+ rv = SECITEM_CopyItem(arena, &copyk->u.dsa.publicValue,
+ &pubk->u.dsa.publicValue);
+ if (rv != SECSuccess)
+ break;
+ rv = SECITEM_CopyItem(arena, &copyk->u.dsa.params.prime,
+ &pubk->u.dsa.params.prime);
+ if (rv != SECSuccess)
+ break;
+ rv = SECITEM_CopyItem(arena, &copyk->u.dsa.params.subPrime,
+ &pubk->u.dsa.params.subPrime);
+ if (rv != SECSuccess)
+ break;
+ rv = SECITEM_CopyItem(arena, &copyk->u.dsa.params.base,
+ &pubk->u.dsa.params.base);
+ break;
+ case dhKey:
+ rv = SECITEM_CopyItem(arena, &copyk->u.dh.prime, &pubk->u.dh.prime);
+ if (rv != SECSuccess)
+ break;
+ rv = SECITEM_CopyItem(arena, &copyk->u.dh.base, &pubk->u.dh.base);
+ if (rv != SECSuccess)
+ break;
+ rv = SECITEM_CopyItem(arena, &copyk->u.dh.publicValue,
+ &pubk->u.dh.publicValue);
+ break;
+ case ecKey:
+ copyk->u.ec.size = pubk->u.ec.size;
+ rv = SECITEM_CopyItem(arena, &copyk->u.ec.DEREncodedParams,
+ &pubk->u.ec.DEREncodedParams);
+ if (rv != SECSuccess)
+ break;
+ rv = SECITEM_CopyItem(arena, &copyk->u.ec.publicValue,
+ &pubk->u.ec.publicValue);
+ break;
+ case nullKey:
+ return copyk;
+ default:
+ PORT_SetError(SEC_ERROR_INVALID_KEY);
+ rv = SECFailure;
+ break;
}
if (rv == SECSuccess)
return copyk;
- SECKEY_DestroyPublicKey (copyk);
+ SECKEY_DestroyPublicKey(copyk);
return NULL;
}
-
SECKEYPublicKey *
SECKEY_ConvertToPublicKey(SECKEYPrivateKey *privk)
{
@@ -1182,49 +1202,51 @@ SECKEY_ConvertToPublicKey(SECKEYPrivateKey *privk)
*/
cert = PK11_GetCertFromPrivateKey(privk);
if (cert) {
- pubk = CERT_ExtractPublicKey(cert);
- CERT_DestroyCertificate(cert);
- return pubk;
+ pubk = CERT_ExtractPublicKey(cert);
+ CERT_DestroyCertificate(cert);
+ return pubk;
}
/* couldn't find the cert, build pub key by hand */
- arena = PORT_NewArena (DER_DEFAULT_CHUNKSIZE);
+ arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (arena == NULL) {
- PORT_SetError (SEC_ERROR_NO_MEMORY);
- return NULL;
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
+ return NULL;
}
pubk = (SECKEYPublicKey *)PORT_ArenaZAlloc(arena,
- sizeof (SECKEYPublicKey));
+ sizeof(SECKEYPublicKey));
if (pubk == NULL) {
- PORT_FreeArena(arena,PR_FALSE);
- return NULL;
+ PORT_FreeArena(arena, PR_FALSE);
+ return NULL;
}
pubk->keyType = privk->keyType;
pubk->pkcs11Slot = NULL;
pubk->pkcs11ID = CK_INVALID_HANDLE;
pubk->arena = arena;
- switch(privk->keyType) {
- case nullKey:
- case dhKey:
- case dsaKey:
- /* Nothing to query, if the cert isn't there, we're done -- no way
- * to get the public key */
- break;
- case rsaKey:
- rv = PK11_ReadAttribute(privk->pkcs11Slot,privk->pkcs11ID,
- CKA_MODULUS,arena,&pubk->u.rsa.modulus);
- if (rv != SECSuccess) break;
- rv = PK11_ReadAttribute(privk->pkcs11Slot,privk->pkcs11ID,
- CKA_PUBLIC_EXPONENT,arena,&pubk->u.rsa.publicExponent);
- if (rv != SECSuccess) break;
- return pubk;
- break;
- default:
- break;
- }
-
- PORT_FreeArena (arena, PR_FALSE);
+ switch (privk->keyType) {
+ case nullKey:
+ case dhKey:
+ case dsaKey:
+ /* Nothing to query, if the cert isn't there, we're done -- no way
+ * to get the public key */
+ break;
+ case rsaKey:
+ rv = PK11_ReadAttribute(privk->pkcs11Slot, privk->pkcs11ID,
+ CKA_MODULUS, arena, &pubk->u.rsa.modulus);
+ if (rv != SECSuccess)
+ break;
+ rv = PK11_ReadAttribute(privk->pkcs11Slot, privk->pkcs11ID,
+ CKA_PUBLIC_EXPONENT, arena, &pubk->u.rsa.publicExponent);
+ if (rv != SECSuccess)
+ break;
+ return pubk;
+ break;
+ default:
+ break;
+ }
+
+ PORT_FreeArena(arena, PR_FALSE);
return NULL;
}
@@ -1237,105 +1259,108 @@ seckey_CreateSubjectPublicKeyInfo_helper(SECKEYPublicKey *pubk)
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (arena == NULL) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return NULL;
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
+ return NULL;
}
- spki = (CERTSubjectPublicKeyInfo *) PORT_ArenaZAlloc(arena, sizeof (*spki));
+ spki = (CERTSubjectPublicKeyInfo *)PORT_ArenaZAlloc(arena, sizeof(*spki));
if (spki != NULL) {
- SECStatus rv;
- SECItem *rv_item;
-
- spki->arena = arena;
- switch(pubk->keyType) {
- case rsaKey:
- rv = SECOID_SetAlgorithmID(arena, &spki->algorithm,
- SEC_OID_PKCS1_RSA_ENCRYPTION, 0);
- if (rv == SECSuccess) {
- /*
- * DER encode the public key into the subjectPublicKeyInfo.
- */
- prepare_rsa_pub_key_for_asn1(pubk);
- rv_item = SEC_ASN1EncodeItem(arena, &spki->subjectPublicKey,
- pubk, SECKEY_RSAPublicKeyTemplate);
- if (rv_item != NULL) {
- /*
- * The stored value is supposed to be a BIT_STRING,
- * so convert the length.
- */
- spki->subjectPublicKey.len <<= 3;
- /*
- * We got a good one; return it.
- */
- return spki;
- }
- }
- break;
- case dsaKey:
- /* DER encode the params. */
- prepare_pqg_params_for_asn1(&pubk->u.dsa.params);
- rv_item = SEC_ASN1EncodeItem(arena, &params, &pubk->u.dsa.params,
- SECKEY_PQGParamsTemplate);
- if (rv_item != NULL) {
- rv = SECOID_SetAlgorithmID(arena, &spki->algorithm,
- SEC_OID_ANSIX9_DSA_SIGNATURE,
- &params);
- if (rv == SECSuccess) {
- /*
- * DER encode the public key into the subjectPublicKeyInfo.
- */
- prepare_dsa_pub_key_for_asn1(pubk);
- rv_item = SEC_ASN1EncodeItem(arena, &spki->subjectPublicKey,
- pubk,
- SECKEY_DSAPublicKeyTemplate);
- if (rv_item != NULL) {
- /*
- * The stored value is supposed to be a BIT_STRING,
- * so convert the length.
- */
- spki->subjectPublicKey.len <<= 3;
- /*
- * We got a good one; return it.
- */
- return spki;
- }
- }
- }
- SECITEM_FreeItem(&params, PR_FALSE);
- break;
- case ecKey:
- rv = SECITEM_CopyItem(arena, &params,
- &pubk->u.ec.DEREncodedParams);
- if (rv != SECSuccess) break;
-
- rv = SECOID_SetAlgorithmID(arena, &spki->algorithm,
- SEC_OID_ANSIX962_EC_PUBLIC_KEY,
- &params);
- if (rv != SECSuccess) break;
-
- rv = SECITEM_CopyItem(arena, &spki->subjectPublicKey,
- &pubk->u.ec.publicValue);
-
- if (rv == SECSuccess) {
- /*
- * The stored value is supposed to be a BIT_STRING,
- * so convert the length.
- */
- spki->subjectPublicKey.len <<= 3;
- /*
- * We got a good one; return it.
- */
- return spki;
- }
- break;
- case dhKey: /* later... */
-
- break;
- default:
- break;
- }
- } else {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
+ SECStatus rv;
+ SECItem *rv_item;
+
+ spki->arena = arena;
+ switch (pubk->keyType) {
+ case rsaKey:
+ rv = SECOID_SetAlgorithmID(arena, &spki->algorithm,
+ SEC_OID_PKCS1_RSA_ENCRYPTION, 0);
+ if (rv == SECSuccess) {
+ /*
+ * DER encode the public key into the subjectPublicKeyInfo.
+ */
+ prepare_rsa_pub_key_for_asn1(pubk);
+ rv_item = SEC_ASN1EncodeItem(arena, &spki->subjectPublicKey,
+ pubk, SECKEY_RSAPublicKeyTemplate);
+ if (rv_item != NULL) {
+ /*
+ * The stored value is supposed to be a BIT_STRING,
+ * so convert the length.
+ */
+ spki->subjectPublicKey.len <<= 3;
+ /*
+ * We got a good one; return it.
+ */
+ return spki;
+ }
+ }
+ break;
+ case dsaKey:
+ /* DER encode the params. */
+ prepare_pqg_params_for_asn1(&pubk->u.dsa.params);
+ rv_item = SEC_ASN1EncodeItem(arena, &params, &pubk->u.dsa.params,
+ SECKEY_PQGParamsTemplate);
+ if (rv_item != NULL) {
+ rv = SECOID_SetAlgorithmID(arena, &spki->algorithm,
+ SEC_OID_ANSIX9_DSA_SIGNATURE,
+ &params);
+ if (rv == SECSuccess) {
+ /*
+ * DER encode the public key into the subjectPublicKeyInfo.
+ */
+ prepare_dsa_pub_key_for_asn1(pubk);
+ rv_item = SEC_ASN1EncodeItem(arena, &spki->subjectPublicKey,
+ pubk,
+ SECKEY_DSAPublicKeyTemplate);
+ if (rv_item != NULL) {
+ /*
+ * The stored value is supposed to be a BIT_STRING,
+ * so convert the length.
+ */
+ spki->subjectPublicKey.len <<= 3;
+ /*
+ * We got a good one; return it.
+ */
+ return spki;
+ }
+ }
+ }
+ SECITEM_FreeItem(&params, PR_FALSE);
+ break;
+ case ecKey:
+ rv = SECITEM_CopyItem(arena, &params,
+ &pubk->u.ec.DEREncodedParams);
+ if (rv != SECSuccess)
+ break;
+
+ rv = SECOID_SetAlgorithmID(arena, &spki->algorithm,
+ SEC_OID_ANSIX962_EC_PUBLIC_KEY,
+ &params);
+ if (rv != SECSuccess)
+ break;
+
+ rv = SECITEM_CopyItem(arena, &spki->subjectPublicKey,
+ &pubk->u.ec.publicValue);
+
+ if (rv == SECSuccess) {
+ /*
+ * The stored value is supposed to be a BIT_STRING,
+ * so convert the length.
+ */
+ spki->subjectPublicKey.len <<= 3;
+ /*
+ * We got a good one; return it.
+ */
+ return spki;
+ }
+ break;
+ case dhKey: /* later... */
+
+ break;
+ default:
+ break;
+ }
+ }
+ else {
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
}
PORT_FreeArena(arena, PR_FALSE);
@@ -1366,25 +1391,25 @@ void
SECKEY_DestroySubjectPublicKeyInfo(CERTSubjectPublicKeyInfo *spki)
{
if (spki && spki->arena) {
- PORT_FreeArena(spki->arena, PR_FALSE);
+ PORT_FreeArena(spki->arena, PR_FALSE);
}
}
SECItem *
SECKEY_EncodeDERSubjectPublicKeyInfo(const SECKEYPublicKey *pubk)
{
- CERTSubjectPublicKeyInfo *spki=NULL;
- SECItem *spkiDER=NULL;
+ CERTSubjectPublicKeyInfo *spki = NULL;
+ SECItem *spkiDER = NULL;
/* get the subjectpublickeyinfo */
spki = SECKEY_CreateSubjectPublicKeyInfo(pubk);
- if( spki == NULL ) {
- goto finish;
+ if (spki == NULL) {
+ goto finish;
}
/* DER-encode the subjectpublickeyinfo */
- spkiDER = SEC_ASN1EncodeItem(NULL /*arena*/, NULL/*dest*/, spki,
- CERT_SubjectPublicKeyInfoTemplate);
+ spkiDER = SEC_ASN1EncodeItem(NULL /*arena*/, NULL /*dest*/, spki,
+ CERT_SubjectPublicKeyInfoTemplate);
SECKEY_DestroySubjectPublicKeyInfo(spki);
@@ -1392,7 +1417,6 @@ finish:
return spkiDER;
}
-
CERTSubjectPublicKeyInfo *
SECKEY_DecodeDERSubjectPublicKeyInfo(const SECItem *spkider)
{
@@ -1403,26 +1427,27 @@ SECKEY_DecodeDERSubjectPublicKeyInfo(const SECItem *spkider)
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (arena == NULL) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return NULL;
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
+ return NULL;
}
spki = (CERTSubjectPublicKeyInfo *)
- PORT_ArenaZAlloc(arena, sizeof (CERTSubjectPublicKeyInfo));
+ PORT_ArenaZAlloc(arena, sizeof(CERTSubjectPublicKeyInfo));
if (spki != NULL) {
- spki->arena = arena;
+ spki->arena = arena;
/* copy the DER into the arena, since Quick DER returns data that points
into the DER input, which may get freed by the caller */
rv = SECITEM_CopyItem(arena, &newSpkider, spkider);
- if ( rv == SECSuccess ) {
- rv = SEC_QuickDERDecodeItem(arena,spki,
- CERT_SubjectPublicKeyInfoTemplate, &newSpkider);
+ if (rv == SECSuccess) {
+ rv = SEC_QuickDERDecodeItem(arena, spki,
+ CERT_SubjectPublicKeyInfoTemplate, &newSpkider);
}
- if (rv == SECSuccess)
- return spki;
- } else {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
+ if (rv == SECSuccess)
+ return spki;
+ }
+ else {
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
}
PORT_FreeArena(arena, PR_FALSE);
@@ -1441,7 +1466,7 @@ SECKEY_ConvertAndDecodeSubjectPublicKeyInfo(const char *spkistr)
rv = ATOB_ConvertAsciiToItem(&der, spkistr);
if (rv != SECSuccess)
- return NULL;
+ return NULL;
spki = SECKEY_DecodeDERSubjectPublicKeyInfo(&der);
@@ -1455,7 +1480,7 @@ SECKEY_ConvertAndDecodeSubjectPublicKeyInfo(const char *spkistr)
*/
CERTSubjectPublicKeyInfo *
SECKEY_ConvertAndDecodePublicKeyAndChallenge(char *pkacstr, char *challenge,
- void *wincx)
+ void *wincx)
{
CERTSubjectPublicKeyInfo *spki = NULL;
CERTPublicKeyAndChallenge pkac;
@@ -1466,171 +1491,175 @@ SECKEY_ConvertAndDecodePublicKeyAndChallenge(char *pkacstr, char *challenge,
SECItem sig;
SECKEYPublicKey *pubKey = NULL;
unsigned int len;
-
+
signedItem.data = NULL;
-
+
/* convert the base64 encoded data to binary */
rv = ATOB_ConvertAsciiToItem(&signedItem, pkacstr);
if (rv != SECSuccess) {
- goto loser;
+ goto loser;
}
/* create an arena */
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (arena == NULL) {
- goto loser;
+ goto loser;
}
/* decode the outer wrapping of signed data */
PORT_Memset(&sd, 0, sizeof(CERTSignedData));
- rv = SEC_QuickDERDecodeItem(arena, &sd, CERT_SignedDataTemplate, &signedItem );
- if ( rv ) {
- goto loser;
+ rv = SEC_QuickDERDecodeItem(arena, &sd, CERT_SignedDataTemplate, &signedItem);
+ if (rv) {
+ goto loser;
}
/* decode the public key and challenge wrapper */
PORT_Memset(&pkac, 0, sizeof(CERTPublicKeyAndChallenge));
- rv = SEC_QuickDERDecodeItem(arena, &pkac, CERT_PublicKeyAndChallengeTemplate,
- &sd.data);
- if ( rv ) {
- goto loser;
+ rv = SEC_QuickDERDecodeItem(arena, &pkac, CERT_PublicKeyAndChallengeTemplate,
+ &sd.data);
+ if (rv) {
+ goto loser;
}
/* decode the subject public key info */
spki = SECKEY_DecodeDERSubjectPublicKeyInfo(&pkac.spki);
- if ( spki == NULL ) {
- goto loser;
+ if (spki == NULL) {
+ goto loser;
}
-
+
/* get the public key */
pubKey = seckey_ExtractPublicKey(spki);
- if ( pubKey == NULL ) {
- goto loser;
+ if (pubKey == NULL) {
+ goto loser;
}
/* check the signature */
sig = sd.signature;
DER_ConvertBitString(&sig);
rv = VFY_VerifyDataWithAlgorithmID(sd.data.data, sd.data.len, pubKey, &sig,
- &(sd.signatureAlgorithm), NULL, wincx);
- if ( rv != SECSuccess ) {
- goto loser;
+ &(sd.signatureAlgorithm), NULL, wincx);
+ if (rv != SECSuccess) {
+ goto loser;
}
-
+
/* check the challenge */
- if ( challenge ) {
- len = PORT_Strlen(challenge);
- /* length is right */
- if ( len != pkac.challenge.len ) {
- goto loser;
- }
- /* actual data is right */
- if ( PORT_Memcmp(challenge, pkac.challenge.data, len) != 0 ) {
- goto loser;
- }
+ if (challenge) {
+ len = PORT_Strlen(challenge);
+ /* length is right */
+ if (len != pkac.challenge.len) {
+ goto loser;
+ }
+ /* actual data is right */
+ if (PORT_Memcmp(challenge, pkac.challenge.data, len) != 0) {
+ goto loser;
+ }
}
goto done;
loser:
/* make sure that we return null if we got an error */
- if ( spki ) {
- SECKEY_DestroySubjectPublicKeyInfo(spki);
+ if (spki) {
+ SECKEY_DestroySubjectPublicKeyInfo(spki);
}
spki = NULL;
-
+
done:
- if ( signedItem.data ) {
- PORT_Free(signedItem.data);
+ if (signedItem.data) {
+ PORT_Free(signedItem.data);
}
- if ( arena ) {
- PORT_FreeArena(arena, PR_FALSE);
+ if (arena) {
+ PORT_FreeArena(arena, PR_FALSE);
}
- if ( pubKey ) {
- SECKEY_DestroyPublicKey(pubKey);
+ if (pubKey) {
+ SECKEY_DestroyPublicKey(pubKey);
}
-
+
return spki;
}
void
SECKEY_DestroyPrivateKeyInfo(SECKEYPrivateKeyInfo *pvk,
- PRBool freeit)
+ PRBool freeit)
{
PLArenaPool *poolp;
- if(pvk != NULL) {
- if(pvk->arena) {
- poolp = pvk->arena;
- /* zero structure since PORT_FreeArena does not support
- * this yet.
- */
- PORT_Memset(pvk->privateKey.data, 0, pvk->privateKey.len);
- PORT_Memset(pvk, 0, sizeof(*pvk));
- if(freeit == PR_TRUE) {
- PORT_FreeArena(poolp, PR_TRUE);
- } else {
- pvk->arena = poolp;
- }
- } else {
- SECITEM_ZfreeItem(&pvk->version, PR_FALSE);
- SECITEM_ZfreeItem(&pvk->privateKey, PR_FALSE);
- SECOID_DestroyAlgorithmID(&pvk->algorithm, PR_FALSE);
- PORT_Memset(pvk, 0, sizeof(*pvk));
- if(freeit == PR_TRUE) {
- PORT_Free(pvk);
- }
- }
+ if (pvk != NULL) {
+ if (pvk->arena) {
+ poolp = pvk->arena;
+ /* zero structure since PORT_FreeArena does not support
+ * this yet.
+ */
+ PORT_Memset(pvk->privateKey.data, 0, pvk->privateKey.len);
+ PORT_Memset(pvk, 0, sizeof(*pvk));
+ if (freeit == PR_TRUE) {
+ PORT_FreeArena(poolp, PR_TRUE);
+ }
+ else {
+ pvk->arena = poolp;
+ }
+ }
+ else {
+ SECITEM_ZfreeItem(&pvk->version, PR_FALSE);
+ SECITEM_ZfreeItem(&pvk->privateKey, PR_FALSE);
+ SECOID_DestroyAlgorithmID(&pvk->algorithm, PR_FALSE);
+ PORT_Memset(pvk, 0, sizeof(*pvk));
+ if (freeit == PR_TRUE) {
+ PORT_Free(pvk);
+ }
+ }
}
}
void
SECKEY_DestroyEncryptedPrivateKeyInfo(SECKEYEncryptedPrivateKeyInfo *epki,
- PRBool freeit)
+ PRBool freeit)
{
PLArenaPool *poolp;
- if(epki != NULL) {
- if(epki->arena) {
- poolp = epki->arena;
- /* zero structure since PORT_FreeArena does not support
- * this yet.
- */
- PORT_Memset(epki->encryptedData.data, 0, epki->encryptedData.len);
- PORT_Memset(epki, 0, sizeof(*epki));
- if(freeit == PR_TRUE) {
- PORT_FreeArena(poolp, PR_TRUE);
- } else {
- epki->arena = poolp;
- }
- } else {
- SECITEM_ZfreeItem(&epki->encryptedData, PR_FALSE);
- SECOID_DestroyAlgorithmID(&epki->algorithm, PR_FALSE);
- PORT_Memset(epki, 0, sizeof(*epki));
- if(freeit == PR_TRUE) {
- PORT_Free(epki);
- }
- }
+ if (epki != NULL) {
+ if (epki->arena) {
+ poolp = epki->arena;
+ /* zero structure since PORT_FreeArena does not support
+ * this yet.
+ */
+ PORT_Memset(epki->encryptedData.data, 0, epki->encryptedData.len);
+ PORT_Memset(epki, 0, sizeof(*epki));
+ if (freeit == PR_TRUE) {
+ PORT_FreeArena(poolp, PR_TRUE);
+ }
+ else {
+ epki->arena = poolp;
+ }
+ }
+ else {
+ SECITEM_ZfreeItem(&epki->encryptedData, PR_FALSE);
+ SECOID_DestroyAlgorithmID(&epki->algorithm, PR_FALSE);
+ PORT_Memset(epki, 0, sizeof(*epki));
+ if (freeit == PR_TRUE) {
+ PORT_Free(epki);
+ }
+ }
}
}
SECStatus
SECKEY_CopyPrivateKeyInfo(PLArenaPool *poolp,
- SECKEYPrivateKeyInfo *to,
- const SECKEYPrivateKeyInfo *from)
+ SECKEYPrivateKeyInfo *to,
+ const SECKEYPrivateKeyInfo *from)
{
SECStatus rv = SECFailure;
- if((to == NULL) || (from == NULL)) {
- return SECFailure;
+ if ((to == NULL) || (from == NULL)) {
+ return SECFailure;
}
rv = SECOID_CopyAlgorithmID(poolp, &to->algorithm, &from->algorithm);
- if(rv != SECSuccess) {
- return SECFailure;
+ if (rv != SECSuccess) {
+ return SECFailure;
}
rv = SECITEM_CopyItem(poolp, &to->privateKey, &from->privateKey);
- if(rv != SECSuccess) {
- return SECFailure;
+ if (rv != SECSuccess) {
+ return SECFailure;
}
rv = SECITEM_CopyItem(poolp, &to->version, &from->version);
@@ -1639,18 +1668,18 @@ SECKEY_CopyPrivateKeyInfo(PLArenaPool *poolp,
SECStatus
SECKEY_CopyEncryptedPrivateKeyInfo(PLArenaPool *poolp,
- SECKEYEncryptedPrivateKeyInfo *to,
- const SECKEYEncryptedPrivateKeyInfo *from)
+ SECKEYEncryptedPrivateKeyInfo *to,
+ const SECKEYEncryptedPrivateKeyInfo *from)
{
SECStatus rv = SECFailure;
- if((to == NULL) || (from == NULL)) {
- return SECFailure;
+ if ((to == NULL) || (from == NULL)) {
+ return SECFailure;
}
rv = SECOID_CopyAlgorithmID(poolp, &to->algorithm, &from->algorithm);
- if(rv != SECSuccess) {
- return SECFailure;
+ if (rv != SECSuccess) {
+ return SECFailure;
}
rv = SECITEM_CopyItem(poolp, &to->encryptedData, &from->encryptedData);
@@ -1660,16 +1689,16 @@ SECKEY_CopyEncryptedPrivateKeyInfo(PLArenaPool *poolp,
KeyType
SECKEY_GetPrivateKeyType(const SECKEYPrivateKey *privKey)
{
- return privKey->keyType;
+ return privKey->keyType;
}
KeyType
SECKEY_GetPublicKeyType(const SECKEYPublicKey *pubKey)
{
- return pubKey->keyType;
+ return pubKey->keyType;
}
-SECKEYPublicKey*
+SECKEYPublicKey *
SECKEY_ImportDERPublicKey(const SECItem *derKey, CK_KEY_TYPE type)
{
SECKEYPublicKey *pubk = NULL;
@@ -1679,11 +1708,11 @@ SECKEY_ImportDERPublicKey(const SECItem *derKey, CK_KEY_TYPE type)
if (!derKey) {
return NULL;
- }
+ }
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (arena == NULL) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
goto finish;
}
@@ -1701,25 +1730,25 @@ SECKEY_ImportDERPublicKey(const SECItem *derKey, CK_KEY_TYPE type)
pubk->pkcs11Slot = NULL;
pubk->pkcs11ID = CK_INVALID_HANDLE;
- switch( type ) {
- case CKK_RSA:
- prepare_rsa_pub_key_for_asn1(pubk);
- rv = SEC_QuickDERDecodeItem(pubk->arena, pubk, SECKEY_RSAPublicKeyTemplate, &newDerKey);
- pubk->keyType = rsaKey;
- break;
- case CKK_DSA:
- prepare_dsa_pub_key_for_asn1(pubk);
- rv = SEC_QuickDERDecodeItem(pubk->arena, pubk, SECKEY_DSAPublicKeyTemplate, &newDerKey);
- pubk->keyType = dsaKey;
- break;
- case CKK_DH:
- prepare_dh_pub_key_for_asn1(pubk);
- rv = SEC_QuickDERDecodeItem(pubk->arena, pubk, SECKEY_DHPublicKeyTemplate, &newDerKey);
- pubk->keyType = dhKey;
- break;
- default:
- rv = SECFailure;
- break;
+ switch (type) {
+ case CKK_RSA:
+ prepare_rsa_pub_key_for_asn1(pubk);
+ rv = SEC_QuickDERDecodeItem(pubk->arena, pubk, SECKEY_RSAPublicKeyTemplate, &newDerKey);
+ pubk->keyType = rsaKey;
+ break;
+ case CKK_DSA:
+ prepare_dsa_pub_key_for_asn1(pubk);
+ rv = SEC_QuickDERDecodeItem(pubk->arena, pubk, SECKEY_DSAPublicKeyTemplate, &newDerKey);
+ pubk->keyType = dsaKey;
+ break;
+ case CKK_DH:
+ prepare_dh_pub_key_for_asn1(pubk);
+ rv = SEC_QuickDERDecodeItem(pubk->arena, pubk, SECKEY_DHPublicKeyTemplate, &newDerKey);
+ pubk->keyType = dhKey;
+ break;
+ default:
+ rv = SECFailure;
+ break;
}
finish:
@@ -1732,20 +1761,20 @@ finish:
return pubk;
}
-SECKEYPrivateKeyList*
+SECKEYPrivateKeyList *
SECKEY_NewPrivateKeyList(void)
{
PLArenaPool *arena = NULL;
SECKEYPrivateKeyList *ret = NULL;
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( arena == NULL ) {
+ if (arena == NULL) {
goto loser;
}
ret = (SECKEYPrivateKeyList *)PORT_ArenaZAlloc(arena,
- sizeof(SECKEYPrivateKeyList));
- if ( ret == NULL ) {
+ sizeof(SECKEYPrivateKeyList));
+ if (ret == NULL) {
goto loser;
}
@@ -1753,22 +1782,22 @@ SECKEY_NewPrivateKeyList(void)
PR_INIT_CLIST(&ret->list);
- return(ret);
+ return (ret);
loser:
- if ( arena != NULL ) {
+ if (arena != NULL) {
PORT_FreeArena(arena, PR_FALSE);
}
- return(NULL);
+ return (NULL);
}
void
SECKEY_DestroyPrivateKeyList(SECKEYPrivateKeyList *keys)
{
- while( !PR_CLIST_IS_EMPTY(&keys->list) ) {
+ while (!PR_CLIST_IS_EMPTY(&keys->list)) {
SECKEY_RemovePrivateKeyListNode(
- (SECKEYPrivateKeyListNode*)(PR_LIST_HEAD(&keys->list)) );
+ (SECKEYPrivateKeyListNode *)(PR_LIST_HEAD(&keys->list)));
}
PORT_FreeArena(keys->arena, PR_FALSE);
@@ -1776,7 +1805,6 @@ SECKEY_DestroyPrivateKeyList(SECKEYPrivateKeyList *keys)
return;
}
-
void
SECKEY_RemovePrivateKeyListNode(SECKEYPrivateKeyListNode *node)
{
@@ -1785,44 +1813,42 @@ SECKEY_RemovePrivateKeyListNode(SECKEYPrivateKeyListNode *node)
node->key = NULL;
PR_REMOVE_LINK(&node->links);
return;
-
}
SECStatus
-SECKEY_AddPrivateKeyToListTail( SECKEYPrivateKeyList *list,
- SECKEYPrivateKey *key)
+SECKEY_AddPrivateKeyToListTail(SECKEYPrivateKeyList *list,
+ SECKEYPrivateKey *key)
{
SECKEYPrivateKeyListNode *node;
node = (SECKEYPrivateKeyListNode *)PORT_ArenaZAlloc(list->arena,
- sizeof(SECKEYPrivateKeyListNode));
- if ( node == NULL ) {
+ sizeof(SECKEYPrivateKeyListNode));
+ if (node == NULL) {
goto loser;
}
PR_INSERT_BEFORE(&node->links, &list->list);
node->key = key;
- return(SECSuccess);
+ return (SECSuccess);
loser:
- return(SECFailure);
+ return (SECFailure);
}
-
-SECKEYPublicKeyList*
+SECKEYPublicKeyList *
SECKEY_NewPublicKeyList(void)
{
PLArenaPool *arena = NULL;
SECKEYPublicKeyList *ret = NULL;
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( arena == NULL ) {
+ if (arena == NULL) {
goto loser;
}
ret = (SECKEYPublicKeyList *)PORT_ArenaZAlloc(arena,
- sizeof(SECKEYPublicKeyList));
- if ( ret == NULL ) {
+ sizeof(SECKEYPublicKeyList));
+ if (ret == NULL) {
goto loser;
}
@@ -1830,22 +1856,22 @@ SECKEY_NewPublicKeyList(void)
PR_INIT_CLIST(&ret->list);
- return(ret);
+ return (ret);
loser:
- if ( arena != NULL ) {
+ if (arena != NULL) {
PORT_FreeArena(arena, PR_FALSE);
}
- return(NULL);
+ return (NULL);
}
void
SECKEY_DestroyPublicKeyList(SECKEYPublicKeyList *keys)
{
- while( !PR_CLIST_IS_EMPTY(&keys->list) ) {
+ while (!PR_CLIST_IS_EMPTY(&keys->list)) {
SECKEY_RemovePublicKeyListNode(
- (SECKEYPublicKeyListNode*)(PR_LIST_HEAD(&keys->list)) );
+ (SECKEYPublicKeyListNode *)(PR_LIST_HEAD(&keys->list)));
}
PORT_FreeArena(keys->arena, PR_FALSE);
@@ -1853,7 +1879,6 @@ SECKEY_DestroyPublicKeyList(SECKEYPublicKeyList *keys)
return;
}
-
void
SECKEY_RemovePublicKeyListNode(SECKEYPublicKeyListNode *node)
{
@@ -1862,38 +1887,38 @@ SECKEY_RemovePublicKeyListNode(SECKEYPublicKeyListNode *node)
node->key = NULL;
PR_REMOVE_LINK(&node->links);
return;
-
}
SECStatus
-SECKEY_AddPublicKeyToListTail( SECKEYPublicKeyList *list,
- SECKEYPublicKey *key)
+SECKEY_AddPublicKeyToListTail(SECKEYPublicKeyList *list,
+ SECKEYPublicKey *key)
{
SECKEYPublicKeyListNode *node;
node = (SECKEYPublicKeyListNode *)PORT_ArenaZAlloc(list->arena,
- sizeof(SECKEYPublicKeyListNode));
- if ( node == NULL ) {
+ sizeof(SECKEYPublicKeyListNode));
+ if (node == NULL) {
goto loser;
}
PR_INSERT_BEFORE(&node->links, &list->list);
node->key = key;
- return(SECSuccess);
+ return (SECSuccess);
loser:
- return(SECFailure);
+ return (SECFailure);
}
-#define SECKEY_CacheAttribute(key, attribute) \
+#define SECKEY_CacheAttribute(key, attribute) \
if (CK_TRUE == PK11_HasAttributeSet(key->pkcs11Slot, key->pkcs11ID, attribute, PR_FALSE)) { \
- key->staticflags |= SECKEY_##attribute; \
- } else { \
- key->staticflags &= (~SECKEY_##attribute); \
+ key->staticflags |= SECKEY_##attribute; \
+ } \
+ else { \
+ key->staticflags &= (~SECKEY_##attribute); \
}
SECStatus
-SECKEY_CacheStaticFlags(SECKEYPrivateKey* key)
+SECKEY_CacheStaticFlags(SECKEYPrivateKey *key)
{
SECStatus rv = SECFailure;
if (key && key->pkcs11Slot && key->pkcs11ID) {
@@ -1906,20 +1931,22 @@ SECKEY_CacheStaticFlags(SECKEYPrivateKey* key)
}
SECOidTag
-SECKEY_GetECCOid(const SECKEYECParams * params)
+SECKEY_GetECCOid(const SECKEYECParams *params)
{
- SECItem oid = { siBuffer, NULL, 0};
+ SECItem oid = { siBuffer, NULL, 0 };
SECOidData *oidData = NULL;
- /*
+ /*
* params->data needs to contain the ASN encoding of an object ID (OID)
* representing a named curve. Here, we strip away everything
* before the actual OID and use the OID to look up a named curve.
*/
- if (params->data[0] != SEC_ASN1_OBJECT_ID) return 0;
+ if (params->data[0] != SEC_ASN1_OBJECT_ID)
+ return 0;
oid.len = params->len - 2;
oid.data = params->data + 2;
- if ((oidData = SECOID_FindOID(&oid)) == NULL) return 0;
+ if ((oidData = SECOID_FindOID(&oid)) == NULL)
+ return 0;
return oidData->offset;
}
diff --git a/lib/cryptohi/secsign.c b/lib/cryptohi/secsign.c
index 40c44391b..c59114c36 100644
--- a/lib/cryptohi/secsign.c
+++ b/lib/cryptohi/secsign.c
@@ -40,25 +40,25 @@ SGN_NewContext(SECOidTag alg, SECKEYPrivateKey *key)
* it may just support CKM_SHA1_RSA_PKCS and/or CKM_MD5_RSA_PKCS.
*/
/* we have a private key, not a public key, so don't pass it in */
- rv = sec_DecodeSigAlg(NULL, alg, NULL, &signalg, &hashalg);
+ rv = sec_DecodeSigAlg(NULL, alg, NULL, &signalg, &hashalg);
if (rv != SECSuccess) {
- PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
- return 0;
+ PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+ return 0;
}
keyType = seckey_GetKeyType(signalg);
/* verify our key type */
if (key->keyType != keyType &&
- !((key->keyType == dsaKey) && (keyType == fortezzaKey)) ) {
- PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
- return 0;
+ !((key->keyType == dsaKey) && (keyType == fortezzaKey))) {
+ PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+ return 0;
}
- cx = (SGNContext*) PORT_ZAlloc(sizeof(SGNContext));
+ cx = (SGNContext *)PORT_ZAlloc(sizeof(SGNContext));
if (cx) {
- cx->hashalg = hashalg;
- cx->signalg = signalg;
- cx->key = key;
+ cx->hashalg = hashalg;
+ cx->signalg = signalg;
+ cx->key = key;
}
return cx;
}
@@ -67,13 +67,13 @@ void
SGN_DestroyContext(SGNContext *cx, PRBool freeit)
{
if (cx) {
- if (cx->hashcx != NULL) {
- (*cx->hashobj->destroy)(cx->hashcx, PR_TRUE);
- cx->hashcx = NULL;
- }
- if (freeit) {
- PORT_ZFree(cx, sizeof(SGNContext));
- }
+ if (cx->hashcx != NULL) {
+ (*cx->hashobj->destroy)(cx->hashcx, PR_TRUE);
+ cx->hashcx = NULL;
+ }
+ if (freeit) {
+ PORT_ZFree(cx, sizeof(SGNContext));
+ }
}
}
@@ -81,17 +81,17 @@ SECStatus
SGN_Begin(SGNContext *cx)
{
if (cx->hashcx != NULL) {
- (*cx->hashobj->destroy)(cx->hashcx, PR_TRUE);
- cx->hashcx = NULL;
+ (*cx->hashobj->destroy)(cx->hashcx, PR_TRUE);
+ cx->hashcx = NULL;
}
cx->hashobj = HASH_GetHashObjectByOidTag(cx->hashalg);
if (!cx->hashobj)
- return SECFailure; /* error code is already set */
+ return SECFailure; /* error code is already set */
cx->hashcx = (*cx->hashobj->create)();
if (cx->hashcx == NULL)
- return SECFailure;
+ return SECFailure;
(*cx->hashobj->begin)(cx->hashcx);
return SECSuccess;
@@ -101,8 +101,8 @@ SECStatus
SGN_Update(SGNContext *cx, const unsigned char *input, unsigned int inputLen)
{
if (cx->hashcx == NULL) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
(*cx->hashobj->update)(cx->hashcx, input, inputLen);
return SECSuccess;
@@ -111,11 +111,11 @@ SGN_Update(SGNContext *cx, const unsigned char *input, unsigned int inputLen)
/* XXX Old template; want to expunge it eventually. */
static DERTemplate SECAlgorithmIDTemplate[] = {
{ DER_SEQUENCE,
- 0, NULL, sizeof(SECAlgorithmID) },
+ 0, NULL, sizeof(SECAlgorithmID) },
{ DER_OBJECT_ID,
- offsetof(SECAlgorithmID,algorithm) },
+ offsetof(SECAlgorithmID, algorithm) },
{ DER_OPTIONAL | DER_ANY,
- offsetof(SECAlgorithmID,parameters) },
+ offsetof(SECAlgorithmID, parameters) },
{ 0 }
};
@@ -125,12 +125,12 @@ static DERTemplate SECAlgorithmIDTemplate[] = {
*/
static DERTemplate SGNDigestInfoTemplate[] = {
{ DER_SEQUENCE,
- 0, NULL, sizeof(SGNDigestInfo) },
+ 0, NULL, sizeof(SGNDigestInfo) },
{ DER_INLINE,
- offsetof(SGNDigestInfo,digestAlgorithm),
- SECAlgorithmIDTemplate },
+ offsetof(SGNDigestInfo, digestAlgorithm),
+ SECAlgorithmIDTemplate },
{ DER_OCTET_STRING,
- offsetof(SGNDigestInfo,digest) },
+ offsetof(SGNDigestInfo, digest) },
{ 0 }
};
@@ -151,36 +151,36 @@ SGN_End(SGNContext *cx, SECItem *result)
/* Finish up digest function */
if (cx->hashcx == NULL) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
(*cx->hashobj->end)(cx->hashcx, digest, &part1, sizeof(digest));
-
if (privKey->keyType == rsaKey) {
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( !arena ) {
- rv = SECFailure;
- goto loser;
- }
-
- /* Construct digest info */
- di = SGN_CreateDigestInfo(cx->hashalg, digest, part1);
- if (!di) {
- rv = SECFailure;
- goto loser;
- }
-
- /* Der encode the digest as a DigestInfo */
+ arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+ if (!arena) {
+ rv = SECFailure;
+ goto loser;
+ }
+
+ /* Construct digest info */
+ di = SGN_CreateDigestInfo(cx->hashalg, digest, part1);
+ if (!di) {
+ rv = SECFailure;
+ goto loser;
+ }
+
+ /* Der encode the digest as a DigestInfo */
rv = DER_Encode(arena, &digder, SGNDigestInfoTemplate,
di);
- if (rv != SECSuccess) {
- goto loser;
- }
- } else {
- digder.data = digest;
- digder.len = part1;
+ if (rv != SECSuccess) {
+ goto loser;
+ }
+ }
+ else {
+ digder.data = digest;
+ digder.len = part1;
}
/*
@@ -189,41 +189,42 @@ SGN_End(SGNContext *cx, SECItem *result)
*/
signatureLen = PK11_SignatureLen(privKey);
if (signatureLen <= 0) {
- PORT_SetError(SEC_ERROR_INVALID_KEY);
- rv = SECFailure;
- goto loser;
+ PORT_SetError(SEC_ERROR_INVALID_KEY);
+ rv = SECFailure;
+ goto loser;
}
sigitem.len = signatureLen;
- sigitem.data = (unsigned char*) PORT_Alloc(signatureLen);
+ sigitem.data = (unsigned char *)PORT_Alloc(signatureLen);
if (sigitem.data == NULL) {
- rv = SECFailure;
- goto loser;
+ rv = SECFailure;
+ goto loser;
}
rv = PK11_Sign(privKey, &sigitem, &digder);
if (rv != SECSuccess) {
- PORT_Free(sigitem.data);
- sigitem.data = NULL;
- goto loser;
+ PORT_Free(sigitem.data);
+ sigitem.data = NULL;
+ goto loser;
}
if ((cx->signalg == SEC_OID_ANSIX9_DSA_SIGNATURE) ||
(cx->signalg == SEC_OID_ANSIX962_EC_PUBLIC_KEY)) {
/* DSAU_EncodeDerSigWithLen works for DSA and ECDSA */
- rv = DSAU_EncodeDerSigWithLen(result, &sigitem, sigitem.len);
- PORT_Free(sigitem.data);
- if (rv != SECSuccess)
- goto loser;
- } else {
- result->len = sigitem.len;
- result->data = sigitem.data;
+ rv = DSAU_EncodeDerSigWithLen(result, &sigitem, sigitem.len);
+ PORT_Free(sigitem.data);
+ if (rv != SECSuccess)
+ goto loser;
+ }
+ else {
+ result->len = sigitem.len;
+ result->data = sigitem.data;
}
- loser:
+loser:
SGN_DestroyDigestInfo(di);
if (arena != NULL) {
- PORT_FreeArena(arena, PR_FALSE);
+ PORT_FreeArena(arena, PR_FALSE);
}
return rv;
}
@@ -236,71 +237,69 @@ SGN_End(SGNContext *cx, SECItem *result)
*/
SECStatus
SEC_SignData(SECItem *res, const unsigned char *buf, int len,
- SECKEYPrivateKey *pk, SECOidTag algid)
+ SECKEYPrivateKey *pk, SECOidTag algid)
{
SECStatus rv;
SGNContext *sgn;
-
sgn = SGN_NewContext(algid, pk);
if (sgn == NULL)
- return SECFailure;
+ return SECFailure;
rv = SGN_Begin(sgn);
if (rv != SECSuccess)
- goto loser;
+ goto loser;
rv = SGN_Update(sgn, buf, len);
if (rv != SECSuccess)
- goto loser;
+ goto loser;
rv = SGN_End(sgn, res);
- loser:
+loser:
SGN_DestroyContext(sgn, PR_TRUE);
return rv;
}
/************************************************************************/
-
+
DERTemplate CERTSignedDataTemplate[] =
-{
- { DER_SEQUENCE,
- 0, NULL, sizeof(CERTSignedData) },
- { DER_ANY,
- offsetof(CERTSignedData,data) },
- { DER_INLINE,
- offsetof(CERTSignedData,signatureAlgorithm),
- SECAlgorithmIDTemplate },
- { DER_BIT_STRING,
- offsetof(CERTSignedData,signature) },
- { 0 }
-};
+ {
+ { DER_SEQUENCE,
+ 0, NULL, sizeof(CERTSignedData) },
+ { DER_ANY,
+ offsetof(CERTSignedData, data) },
+ { DER_INLINE,
+ offsetof(CERTSignedData, signatureAlgorithm),
+ SECAlgorithmIDTemplate },
+ { DER_BIT_STRING,
+ offsetof(CERTSignedData, signature) },
+ { 0 }
+ };
SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
const SEC_ASN1Template CERT_SignedDataTemplate[] =
-{
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTSignedData) },
- { SEC_ASN1_ANY,
- offsetof(CERTSignedData,data) },
- { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
- offsetof(CERTSignedData,signatureAlgorithm),
- SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
- { SEC_ASN1_BIT_STRING,
- offsetof(CERTSignedData,signature) },
- { 0 }
-};
+ {
+ { SEC_ASN1_SEQUENCE,
+ 0, NULL, sizeof(CERTSignedData) },
+ { SEC_ASN1_ANY,
+ offsetof(CERTSignedData, data) },
+ { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
+ offsetof(CERTSignedData, signatureAlgorithm),
+ SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+ { SEC_ASN1_BIT_STRING,
+ offsetof(CERTSignedData, signature) },
+ { 0 }
+ };
SEC_ASN1_CHOOSER_IMPLEMENT(CERT_SignedDataTemplate)
-
SECStatus
SEC_DerSignData(PLArenaPool *arena, SECItem *result,
- const unsigned char *buf, int len, SECKEYPrivateKey *pk,
- SECOidTag algID)
+ const unsigned char *buf, int len, SECKEYPrivateKey *pk,
+ SECOidTag algID)
{
SECItem it;
CERTSignedData sd;
@@ -313,58 +312,60 @@ SEC_DerSignData(PLArenaPool *arena, SECItem *result,
*/
if (algID == SEC_OID_UNKNOWN) {
- switch(pk->keyType) {
- case rsaKey:
- algID = SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION;
- break;
- case dsaKey:
- /* get Signature length (= q_len*2) and work from there */
- switch (PK11_SignatureLen(pk)) {
- case 448:
- algID = SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA224_DIGEST;
- break;
- case 512:
- algID = SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST;
- break;
- default:
- algID = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST;
- break;
- }
- break;
- case ecKey:
- algID = SEC_OID_ANSIX962_ECDSA_SIGNATURE_WITH_SHA1_DIGEST;
- break;
- default:
- PORT_SetError(SEC_ERROR_INVALID_KEY);
- return SECFailure;
- }
+ switch (pk->keyType) {
+ case rsaKey:
+ algID = SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION;
+ break;
+ case dsaKey:
+ /* get Signature length (= q_len*2) and work from there */
+ switch (PK11_SignatureLen(pk)) {
+ case 448:
+ algID = SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA224_DIGEST;
+ break;
+ case 512:
+ algID = SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST;
+ break;
+ default:
+ algID = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST;
+ break;
+ }
+ break;
+ case ecKey:
+ algID = SEC_OID_ANSIX962_ECDSA_SIGNATURE_WITH_SHA1_DIGEST;
+ break;
+ default:
+ PORT_SetError(SEC_ERROR_INVALID_KEY);
+ return SECFailure;
+ }
}
/* Sign input buffer */
rv = SEC_SignData(&it, buf, len, pk, algID);
- if (rv) goto loser;
+ if (rv)
+ goto loser;
/* Fill out SignedData object */
PORT_Memset(&sd, 0, sizeof(sd));
- sd.data.data = (unsigned char*) buf;
+ sd.data.data = (unsigned char *)buf;
sd.data.len = len;
sd.signature.data = it.data;
- sd.signature.len = it.len << 3; /* convert to bit string */
+ sd.signature.len = it.len << 3; /* convert to bit string */
rv = SECOID_SetAlgorithmID(arena, &sd.signatureAlgorithm, algID, 0);
- if (rv) goto loser;
+ if (rv)
+ goto loser;
/* DER encode the signed data object */
rv = DER_Encode(arena, result, CERTSignedDataTemplate, &sd);
/* FALL THROUGH */
- loser:
+loser:
PORT_Free(it.data);
return rv;
}
SECStatus
SGN_Digest(SECKEYPrivateKey *privKey,
- SECOidTag algtag, SECItem *result, SECItem *digest)
+ SECOidTag algtag, SECItem *result, SECItem *digest)
{
int modulusLen;
SECStatus rv;
@@ -372,33 +373,33 @@ SGN_Digest(SECKEYPrivateKey *privKey,
PLArenaPool *arena = 0;
SGNDigestInfo *di = 0;
-
result->data = 0;
if (privKey->keyType == rsaKey) {
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( !arena ) {
- rv = SECFailure;
- goto loser;
- }
-
- /* Construct digest info */
- di = SGN_CreateDigestInfo(algtag, digest->data, digest->len);
- if (!di) {
- rv = SECFailure;
- goto loser;
- }
-
- /* Der encode the digest as a DigestInfo */
+ arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+ if (!arena) {
+ rv = SECFailure;
+ goto loser;
+ }
+
+ /* Construct digest info */
+ di = SGN_CreateDigestInfo(algtag, digest->data, digest->len);
+ if (!di) {
+ rv = SECFailure;
+ goto loser;
+ }
+
+ /* Der encode the digest as a DigestInfo */
rv = DER_Encode(arena, &digder, SGNDigestInfoTemplate,
di);
- if (rv != SECSuccess) {
- goto loser;
- }
- } else {
- digder.data = digest->data;
- digder.len = digest->len;
+ if (rv != SECSuccess) {
+ goto loser;
+ }
+ }
+ else {
+ digder.data = digest->data;
+ digder.len = digest->len;
}
/*
@@ -407,29 +408,29 @@ SGN_Digest(SECKEYPrivateKey *privKey,
*/
modulusLen = PK11_SignatureLen(privKey);
if (modulusLen <= 0) {
- PORT_SetError(SEC_ERROR_INVALID_KEY);
- rv = SECFailure;
- goto loser;
+ PORT_SetError(SEC_ERROR_INVALID_KEY);
+ rv = SECFailure;
+ goto loser;
}
result->len = modulusLen;
- result->data = (unsigned char*) PORT_Alloc(modulusLen);
+ result->data = (unsigned char *)PORT_Alloc(modulusLen);
result->type = siBuffer;
if (result->data == NULL) {
- rv = SECFailure;
- goto loser;
+ rv = SECFailure;
+ goto loser;
}
rv = PK11_Sign(privKey, result, &digder);
if (rv != SECSuccess) {
- PORT_Free(result->data);
- result->data = NULL;
+ PORT_Free(result->data);
+ result->data = NULL;
}
- loser:
+loser:
SGN_DestroyDigestInfo(di);
if (arena != NULL) {
- PORT_FreeArena(arena, PR_FALSE);
+ PORT_FreeArena(arena, PR_FALSE);
}
return rv;
}
@@ -440,58 +441,73 @@ SEC_GetSignatureAlgorithmOidTag(KeyType keyType, SECOidTag hashAlgTag)
SECOidTag sigTag = SEC_OID_UNKNOWN;
switch (keyType) {
- case rsaKey:
- switch (hashAlgTag) {
- case SEC_OID_MD2:
- sigTag = SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION; break;
- case SEC_OID_MD5:
- sigTag = SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION; break;
- case SEC_OID_SHA1:
- sigTag = SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION; break;
- case SEC_OID_SHA224:
- sigTag = SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION; break;
- case SEC_OID_UNKNOWN: /* default for RSA if not specified */
- case SEC_OID_SHA256:
- sigTag = SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION; break;
- case SEC_OID_SHA384:
- sigTag = SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION; break;
- case SEC_OID_SHA512:
- sigTag = SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION; break;
- default:
- break;
- }
- break;
- case dsaKey:
- switch (hashAlgTag) {
- case SEC_OID_UNKNOWN: /* default for DSA if not specified */
- case SEC_OID_SHA1:
- sigTag = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST; break;
- case SEC_OID_SHA224:
- sigTag = SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA224_DIGEST; break;
- case SEC_OID_SHA256:
- sigTag = SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST; break;
- default:
- break;
- }
- break;
- case ecKey:
- switch (hashAlgTag) {
- case SEC_OID_UNKNOWN: /* default for ECDSA if not specified */
- case SEC_OID_SHA1:
- sigTag = SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE; break;
- case SEC_OID_SHA224:
- sigTag = SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE; break;
- case SEC_OID_SHA256:
- sigTag = SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE; break;
- case SEC_OID_SHA384:
- sigTag = SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE; break;
- case SEC_OID_SHA512:
- sigTag = SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE; break;
- default:
- break;
- }
- default:
- break;
+ case rsaKey:
+ switch (hashAlgTag) {
+ case SEC_OID_MD2:
+ sigTag = SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION;
+ break;
+ case SEC_OID_MD5:
+ sigTag = SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION;
+ break;
+ case SEC_OID_SHA1:
+ sigTag = SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION;
+ break;
+ case SEC_OID_SHA224:
+ sigTag = SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION;
+ break;
+ case SEC_OID_UNKNOWN: /* default for RSA if not specified */
+ case SEC_OID_SHA256:
+ sigTag = SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION;
+ break;
+ case SEC_OID_SHA384:
+ sigTag = SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION;
+ break;
+ case SEC_OID_SHA512:
+ sigTag = SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION;
+ break;
+ default:
+ break;
+ }
+ break;
+ case dsaKey:
+ switch (hashAlgTag) {
+ case SEC_OID_UNKNOWN: /* default for DSA if not specified */
+ case SEC_OID_SHA1:
+ sigTag = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST;
+ break;
+ case SEC_OID_SHA224:
+ sigTag = SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA224_DIGEST;
+ break;
+ case SEC_OID_SHA256:
+ sigTag = SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST;
+ break;
+ default:
+ break;
+ }
+ break;
+ case ecKey:
+ switch (hashAlgTag) {
+ case SEC_OID_UNKNOWN: /* default for ECDSA if not specified */
+ case SEC_OID_SHA1:
+ sigTag = SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE;
+ break;
+ case SEC_OID_SHA224:
+ sigTag = SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE;
+ break;
+ case SEC_OID_SHA256:
+ sigTag = SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE;
+ break;
+ case SEC_OID_SHA384:
+ sigTag = SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE;
+ break;
+ case SEC_OID_SHA512:
+ sigTag = SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE;
+ break;
+ default:
+ break;
+ }
+ default:
+ break;
}
return sigTag;
}
diff --git a/lib/cryptohi/secvfy.c b/lib/cryptohi/secvfy.c
index aebd93853..5090f1aeb 100644
--- a/lib/cryptohi/secvfy.c
+++ b/lib/cryptohi/secvfy.c
@@ -35,13 +35,13 @@
*/
static SECStatus
recoverPKCS1DigestInfo(SECOidTag givenDigestAlg,
- /*out*/ SECOidTag* digestAlgOut,
- /*out*/ unsigned char** digestInfo,
- /*out*/ unsigned int* digestInfoLen,
- SECKEYPublicKey* key,
- const SECItem* sig, void* wincx)
+ /*out*/ SECOidTag *digestAlgOut,
+ /*out*/ unsigned char **digestInfo,
+ /*out*/ unsigned int *digestInfoLen,
+ SECKEYPublicKey *key,
+ const SECItem *sig, void *wincx)
{
- SGNDigestInfo* di = NULL;
+ SGNDigestInfo *di = NULL;
SECItem it;
PRBool rv = SECSuccess;
@@ -53,11 +53,11 @@ recoverPKCS1DigestInfo(SECOidTag givenDigestAlg,
PORT_Assert(sig);
it.data = NULL;
- it.len = SECKEY_PublicKeyStrength(key);
+ it.len = SECKEY_PublicKeyStrength(key);
if (it.len != 0) {
it.data = (unsigned char *)PORT_Alloc(it.len);
}
- if (it.len == 0 || it.data == NULL ) {
+ if (it.len == 0 || it.data == NULL) {
rv = SECFailure;
}
@@ -65,7 +65,7 @@ recoverPKCS1DigestInfo(SECOidTag givenDigestAlg,
/* decrypt the block */
rv = PK11_VerifyRecover(key, sig, &it, wincx);
}
-
+
if (rv == SECSuccess) {
if (givenDigestAlg != SEC_OID_UNKNOWN) {
/* We don't need to parse the DigestInfo if the caller gave us the
@@ -74,7 +74,7 @@ recoverPKCS1DigestInfo(SECOidTag givenDigestAlg,
* that the DigestInfo is encoded absolutely correctly.
*/
*digestInfoLen = it.len;
- *digestInfo = (unsigned char*)it.data;
+ *digestInfo = (unsigned char *)it.data;
*digestAlgOut = givenDigestAlg;
return SECSuccess;
}
@@ -104,8 +104,9 @@ recoverPKCS1DigestInfo(SECOidTag givenDigestAlg,
if (rv == SECSuccess) {
*digestInfoLen = it.len;
- *digestInfo = (unsigned char*)it.data;
- } else {
+ *digestInfo = (unsigned char *)it.data;
+ }
+ else {
if (it.data) {
PORT_Free(it.data);
}
@@ -118,7 +119,7 @@ recoverPKCS1DigestInfo(SECOidTag givenDigestAlg,
}
struct VFYContextStr {
- SECOidTag hashAlg; /* the hash algorithm */
+ SECOidTag hashAlg; /* the hash algorithm */
SECKEYPublicKey *key;
/*
* This buffer holds either the digest or the full signature
@@ -130,35 +131,35 @@ struct VFYContextStr {
* the size of the union or some other union member instead.
*/
union {
- unsigned char buffer[1];
+ unsigned char buffer[1];
- /* the full DSA signature... 40 bytes */
- unsigned char dsasig[DSA_MAX_SIGNATURE_LEN];
- /* the full ECDSA signature */
- unsigned char ecdsasig[2 * MAX_ECKEY_LEN];
+ /* the full DSA signature... 40 bytes */
+ unsigned char dsasig[DSA_MAX_SIGNATURE_LEN];
+ /* the full ECDSA signature */
+ unsigned char ecdsasig[2 * MAX_ECKEY_LEN];
} u;
unsigned int pkcs1RSADigestInfoLen;
/* the encoded DigestInfo from a RSA PKCS#1 signature */
unsigned char *pkcs1RSADigestInfo;
- void * wincx;
+ void *wincx;
void *hashcx;
const SECHashObject *hashobj;
- SECOidTag encAlg; /* enc alg */
- PRBool hasSignature; /* true if the signature was provided in the
- * VFY_CreateContext call. If false, the
- * signature must be provided with a
- * VFY_EndWithSignature call. */
+ SECOidTag encAlg; /* enc alg */
+ PRBool hasSignature; /* true if the signature was provided in the
+ * VFY_CreateContext call. If false, the
+ * signature must be provided with a
+ * VFY_EndWithSignature call. */
};
static SECStatus
-verifyPKCS1DigestInfo(const VFYContext* cx, const SECItem* digest)
+verifyPKCS1DigestInfo(const VFYContext *cx, const SECItem *digest)
{
- SECItem pkcs1DigestInfo;
- pkcs1DigestInfo.data = cx->pkcs1RSADigestInfo;
- pkcs1DigestInfo.len = cx->pkcs1RSADigestInfoLen;
- return _SGN_VerifyPKCS1DigestInfo(
- cx->hashAlg, digest, &pkcs1DigestInfo,
- PR_TRUE /*XXX: unsafeAllowMissingParameters*/);
+ SECItem pkcs1DigestInfo;
+ pkcs1DigestInfo.data = cx->pkcs1RSADigestInfo;
+ pkcs1DigestInfo.len = cx->pkcs1RSADigestInfoLen;
+ return _SGN_VerifyPKCS1DigestInfo(
+ cx->hashAlg, digest, &pkcs1DigestInfo,
+ PR_TRUE /*XXX: unsafeAllowMissingParameters*/);
}
/*
@@ -168,47 +169,51 @@ verifyPKCS1DigestInfo(const VFYContext* cx, const SECItem* digest)
*/
static SECStatus
decodeECorDSASignature(SECOidTag algid, const SECItem *sig, unsigned char *dsig,
- unsigned int len) {
+ unsigned int len)
+{
SECItem *dsasig = NULL; /* also used for ECDSA */
- SECStatus rv=SECSuccess;
+ SECStatus rv = SECSuccess;
if ((algid != SEC_OID_ANSIX9_DSA_SIGNATURE) &&
- (algid != SEC_OID_ANSIX962_EC_PUBLIC_KEY) ) {
+ (algid != SEC_OID_ANSIX962_EC_PUBLIC_KEY)) {
if (sig->len != len) {
- PORT_SetError(SEC_ERROR_BAD_DER);
- return SECFailure;
- }
+ PORT_SetError(SEC_ERROR_BAD_DER);
+ return SECFailure;
+ }
- PORT_Memcpy(dsig, sig->data, sig->len);
- return SECSuccess;
+ PORT_Memcpy(dsig, sig->data, sig->len);
+ return SECSuccess;
}
- if (algid == SEC_OID_ANSIX962_EC_PUBLIC_KEY) {
- if (len > MAX_ECKEY_LEN * 2) {
- PORT_SetError(SEC_ERROR_BAD_DER);
- return SECFailure;
- }
+ if (algid == SEC_OID_ANSIX962_EC_PUBLIC_KEY) {
+ if (len > MAX_ECKEY_LEN * 2) {
+ PORT_SetError(SEC_ERROR_BAD_DER);
+ return SECFailure;
+ }
}
dsasig = DSAU_DecodeDerSigToLen((SECItem *)sig, len);
if ((dsasig == NULL) || (dsasig->len != len)) {
- rv = SECFailure;
- } else {
- PORT_Memcpy(dsig, dsasig->data, dsasig->len);
+ rv = SECFailure;
+ }
+ else {
+ PORT_Memcpy(dsig, dsasig->data, dsasig->len);
}
- if (dsasig != NULL) SECITEM_FreeItem(dsasig, PR_TRUE);
- if (rv == SECFailure) PORT_SetError(SEC_ERROR_BAD_DER);
+ if (dsasig != NULL)
+ SECITEM_FreeItem(dsasig, PR_TRUE);
+ if (rv == SECFailure)
+ PORT_SetError(SEC_ERROR_BAD_DER);
return rv;
}
const SEC_ASN1Template hashParameterTemplate[] =
-{
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECItem) },
- { SEC_ASN1_OBJECT_ID, 0 },
- { SEC_ASN1_SKIP_REST },
- { 0 }
-};
+ {
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECItem) },
+ { SEC_ASN1_OBJECT_ID, 0 },
+ { SEC_ASN1_SKIP_REST },
+ { 0 }
+ };
/*
* Pulls the hash algorithm, signing algorithm, and key type out of a
@@ -222,160 +227,164 @@ const SEC_ASN1Template hashParameterTemplate[] =
* algorithm was not found or was not a signing algorithm.
*/
SECStatus
-sec_DecodeSigAlg(const SECKEYPublicKey *key, SECOidTag sigAlg,
- const SECItem *param, SECOidTag *encalg, SECOidTag *hashalg)
+sec_DecodeSigAlg(const SECKEYPublicKey *key, SECOidTag sigAlg,
+ const SECItem *param, SECOidTag *encalg, SECOidTag *hashalg)
{
int len;
PLArenaPool *arena;
SECStatus rv;
SECItem oid;
- PR_ASSERT(hashalg!=NULL);
- PR_ASSERT(encalg!=NULL);
+ PR_ASSERT(hashalg != NULL);
+ PR_ASSERT(encalg != NULL);
switch (sigAlg) {
- /* We probably shouldn't be generating MD2 signatures either */
- case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION:
- *hashalg = SEC_OID_MD2;
- break;
- case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:
- *hashalg = SEC_OID_MD5;
- break;
- case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
- case SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE:
- case SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE:
- *hashalg = SEC_OID_SHA1;
- break;
- case SEC_OID_PKCS1_RSA_ENCRYPTION:
- case SEC_OID_PKCS1_RSA_PSS_SIGNATURE:
- *hashalg = SEC_OID_UNKNOWN; /* get it from the RSA signature */
- break;
-
- case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE:
- case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION:
- case SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA224_DIGEST:
- *hashalg = SEC_OID_SHA224;
- break;
- case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE:
- case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
- case SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST:
- *hashalg = SEC_OID_SHA256;
- break;
- case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE:
- case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION:
- *hashalg = SEC_OID_SHA384;
- break;
- case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE:
- case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION:
- *hashalg = SEC_OID_SHA512;
- break;
-
- /* what about normal DSA? */
- case SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST:
- case SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST:
- case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE:
- *hashalg = SEC_OID_SHA1;
- break;
- case SEC_OID_MISSI_DSS:
- case SEC_OID_MISSI_KEA_DSS:
- case SEC_OID_MISSI_KEA_DSS_OLD:
- case SEC_OID_MISSI_DSS_OLD:
- *hashalg = SEC_OID_SHA1;
- break;
- case SEC_OID_ANSIX962_ECDSA_SIGNATURE_RECOMMENDED_DIGEST:
- /* This is an EC algorithm. Recommended means the largest
- * hash algorithm that is not reduced by the keysize of
- * the EC algorithm. Note that key strength is in bytes and
- * algorithms are specified in bits. Never use an algorithm
- * weaker than sha1. */
- len = SECKEY_PublicKeyStrength(key);
- if (len < 28) { /* 28 bytes == 224 bits */
- *hashalg = SEC_OID_SHA1;
- } else if (len < 32) { /* 32 bytes == 256 bits */
- *hashalg = SEC_OID_SHA224;
- } else if (len < 48) { /* 48 bytes == 384 bits */
- *hashalg = SEC_OID_SHA256;
- } else if (len < 64) { /* 48 bytes == 512 bits */
- *hashalg = SEC_OID_SHA384;
- } else {
- /* use the largest in this case */
- *hashalg = SEC_OID_SHA512;
- }
- break;
- case SEC_OID_ANSIX962_ECDSA_SIGNATURE_SPECIFIED_DIGEST:
- if (param == NULL) {
- PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
- return SECFailure;
- }
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL) {
- return SECFailure;
- }
- rv = SEC_QuickDERDecodeItem(arena, &oid, hashParameterTemplate, param);
- if (rv == SECSuccess) {
- *hashalg = SECOID_FindOIDTag(&oid);
- }
- PORT_FreeArena(arena, PR_FALSE);
- if (rv != SECSuccess) {
- return rv;
- }
- /* only accept hash algorithms */
- if (HASH_GetHashTypeByOidTag(*hashalg) == HASH_AlgNULL) {
- /* error set by HASH_GetHashTypeByOidTag */
- return SECFailure;
- }
- break;
- /* we don't implement MD4 hashes */
- case SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION:
- default:
- PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
- return SECFailure;
- }
- /* get the "encryption" algorithm */
+ /* We probably shouldn't be generating MD2 signatures either */
+ case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION:
+ *hashalg = SEC_OID_MD2;
+ break;
+ case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:
+ *hashalg = SEC_OID_MD5;
+ break;
+ case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
+ case SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE:
+ case SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE:
+ *hashalg = SEC_OID_SHA1;
+ break;
+ case SEC_OID_PKCS1_RSA_ENCRYPTION:
+ case SEC_OID_PKCS1_RSA_PSS_SIGNATURE:
+ *hashalg = SEC_OID_UNKNOWN; /* get it from the RSA signature */
+ break;
+
+ case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE:
+ case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION:
+ case SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA224_DIGEST:
+ *hashalg = SEC_OID_SHA224;
+ break;
+ case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE:
+ case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
+ case SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST:
+ *hashalg = SEC_OID_SHA256;
+ break;
+ case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE:
+ case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION:
+ *hashalg = SEC_OID_SHA384;
+ break;
+ case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE:
+ case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION:
+ *hashalg = SEC_OID_SHA512;
+ break;
+
+ /* what about normal DSA? */
+ case SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST:
+ case SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST:
+ case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE:
+ *hashalg = SEC_OID_SHA1;
+ break;
+ case SEC_OID_MISSI_DSS:
+ case SEC_OID_MISSI_KEA_DSS:
+ case SEC_OID_MISSI_KEA_DSS_OLD:
+ case SEC_OID_MISSI_DSS_OLD:
+ *hashalg = SEC_OID_SHA1;
+ break;
+ case SEC_OID_ANSIX962_ECDSA_SIGNATURE_RECOMMENDED_DIGEST:
+ /* This is an EC algorithm. Recommended means the largest
+ * hash algorithm that is not reduced by the keysize of
+ * the EC algorithm. Note that key strength is in bytes and
+ * algorithms are specified in bits. Never use an algorithm
+ * weaker than sha1. */
+ len = SECKEY_PublicKeyStrength(key);
+ if (len < 28) { /* 28 bytes == 224 bits */
+ *hashalg = SEC_OID_SHA1;
+ }
+ else if (len < 32) { /* 32 bytes == 256 bits */
+ *hashalg = SEC_OID_SHA224;
+ }
+ else if (len < 48) { /* 48 bytes == 384 bits */
+ *hashalg = SEC_OID_SHA256;
+ }
+ else if (len < 64) { /* 48 bytes == 512 bits */
+ *hashalg = SEC_OID_SHA384;
+ }
+ else {
+ /* use the largest in this case */
+ *hashalg = SEC_OID_SHA512;
+ }
+ break;
+ case SEC_OID_ANSIX962_ECDSA_SIGNATURE_SPECIFIED_DIGEST:
+ if (param == NULL) {
+ PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+ return SECFailure;
+ }
+ arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+ if (arena == NULL) {
+ return SECFailure;
+ }
+ rv = SEC_QuickDERDecodeItem(arena, &oid, hashParameterTemplate, param);
+ if (rv == SECSuccess) {
+ *hashalg = SECOID_FindOIDTag(&oid);
+ }
+ PORT_FreeArena(arena, PR_FALSE);
+ if (rv != SECSuccess) {
+ return rv;
+ }
+ /* only accept hash algorithms */
+ if (HASH_GetHashTypeByOidTag(*hashalg) == HASH_AlgNULL) {
+ /* error set by HASH_GetHashTypeByOidTag */
+ return SECFailure;
+ }
+ break;
+ /* we don't implement MD4 hashes */
+ case SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION:
+ default:
+ PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+ return SECFailure;
+ }
+ /* get the "encryption" algorithm */
switch (sigAlg) {
- case SEC_OID_PKCS1_RSA_ENCRYPTION:
- case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION:
- case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:
- case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
- case SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE:
- case SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE:
- case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION:
- case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
- case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION:
- case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION:
- *encalg = SEC_OID_PKCS1_RSA_ENCRYPTION;
- break;
- case SEC_OID_PKCS1_RSA_PSS_SIGNATURE:
- *encalg = SEC_OID_PKCS1_RSA_PSS_SIGNATURE;
- break;
-
- /* what about normal DSA? */
- case SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST:
- case SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST:
- case SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA224_DIGEST:
- case SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST:
- *encalg = SEC_OID_ANSIX9_DSA_SIGNATURE;
- break;
- case SEC_OID_MISSI_DSS:
- case SEC_OID_MISSI_KEA_DSS:
- case SEC_OID_MISSI_KEA_DSS_OLD:
- case SEC_OID_MISSI_DSS_OLD:
- *encalg = SEC_OID_MISSI_DSS;
- break;
- case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE:
- case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE:
- case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE:
- case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE:
- case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE:
- case SEC_OID_ANSIX962_ECDSA_SIGNATURE_RECOMMENDED_DIGEST:
- case SEC_OID_ANSIX962_ECDSA_SIGNATURE_SPECIFIED_DIGEST:
- *encalg = SEC_OID_ANSIX962_EC_PUBLIC_KEY;
- break;
- /* we don't implement MD4 hashes */
- case SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION:
- default:
- PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
- return SECFailure;
+ case SEC_OID_PKCS1_RSA_ENCRYPTION:
+ case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION:
+ case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:
+ case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
+ case SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE:
+ case SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE:
+ case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION:
+ case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
+ case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION:
+ case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION:
+ *encalg = SEC_OID_PKCS1_RSA_ENCRYPTION;
+ break;
+ case SEC_OID_PKCS1_RSA_PSS_SIGNATURE:
+ *encalg = SEC_OID_PKCS1_RSA_PSS_SIGNATURE;
+ break;
+
+ /* what about normal DSA? */
+ case SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST:
+ case SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST:
+ case SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA224_DIGEST:
+ case SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST:
+ *encalg = SEC_OID_ANSIX9_DSA_SIGNATURE;
+ break;
+ case SEC_OID_MISSI_DSS:
+ case SEC_OID_MISSI_KEA_DSS:
+ case SEC_OID_MISSI_KEA_DSS_OLD:
+ case SEC_OID_MISSI_DSS_OLD:
+ *encalg = SEC_OID_MISSI_DSS;
+ break;
+ case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE:
+ case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE:
+ case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE:
+ case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE:
+ case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE:
+ case SEC_OID_ANSIX962_ECDSA_SIGNATURE_RECOMMENDED_DIGEST:
+ case SEC_OID_ANSIX962_ECDSA_SIGNATURE_SPECIFIED_DIGEST:
+ *encalg = SEC_OID_ANSIX962_EC_PUBLIC_KEY;
+ break;
+ /* we don't implement MD4 hashes */
+ case SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION:
+ default:
+ PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+ return SECFailure;
}
return SECSuccess;
}
@@ -388,13 +397,13 @@ sec_DecodeSigAlg(const SECKEYPublicKey *key, SECOidTag sigAlg,
* our base vfyCreate function takes.
*
* There is one noteworthy corner case, if we are using an RSA key, and the
- * signature block is provided, then the hashAlg can be specified as
+ * signature block is provided, then the hashAlg can be specified as
* SEC_OID_UNKNOWN. In this case, verify will use the hash oid supplied
* in the RSA signature block.
*/
static VFYContext *
-vfy_CreateContext(const SECKEYPublicKey *key, const SECItem *sig,
- SECOidTag encAlg, SECOidTag hashAlg, SECOidTag *hash, void *wincx)
+vfy_CreateContext(const SECKEYPublicKey *key, const SECItem *sig,
+ SECOidTag encAlg, SECOidTag hashAlg, SECOidTag *hash, void *wincx)
{
VFYContext *cx;
SECStatus rv;
@@ -405,14 +414,14 @@ vfy_CreateContext(const SECKEYPublicKey *key, const SECItem *sig,
/* RSA-PSS algorithm can be used with both rsaKey and rsaPssKey */
type = seckey_GetKeyType(encAlg);
if ((key->keyType != type) &&
- ((key->keyType != rsaKey) || (type != rsaPssKey))) {
- PORT_SetError(SEC_ERROR_PKCS7_KEYALG_MISMATCH);
- return NULL;
+ ((key->keyType != rsaKey) || (type != rsaPssKey))) {
+ PORT_SetError(SEC_ERROR_PKCS7_KEYALG_MISMATCH);
+ return NULL;
}
- cx = (VFYContext*) PORT_ZAlloc(sizeof(VFYContext));
+ cx = (VFYContext *)PORT_ZAlloc(sizeof(VFYContext));
if (cx == NULL) {
- goto loser;
+ goto loser;
}
cx->wincx = wincx;
@@ -423,81 +432,82 @@ vfy_CreateContext(const SECKEYPublicKey *key, const SECItem *sig,
cx->pkcs1RSADigestInfo = NULL;
rv = SECSuccess;
if (sig) {
- switch (type) {
- case rsaKey:
- rv = recoverPKCS1DigestInfo(hashAlg, &cx->hashAlg,
- &cx->pkcs1RSADigestInfo,
- &cx->pkcs1RSADigestInfoLen,
- cx->key,
- sig, wincx);
- break;
- case dsaKey:
- case ecKey:
- sigLen = SECKEY_SignatureLen(key);
- if (sigLen == 0) {
- /* error set by SECKEY_SignatureLen */
- rv = SECFailure;
- break;
- }
- rv = decodeECorDSASignature(encAlg, sig, cx->u.buffer, sigLen);
- break;
- default:
- rv = SECFailure;
- PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
- break;
- }
- }
-
- if (rv) goto loser;
+ switch (type) {
+ case rsaKey:
+ rv = recoverPKCS1DigestInfo(hashAlg, &cx->hashAlg,
+ &cx->pkcs1RSADigestInfo,
+ &cx->pkcs1RSADigestInfoLen,
+ cx->key,
+ sig, wincx);
+ break;
+ case dsaKey:
+ case ecKey:
+ sigLen = SECKEY_SignatureLen(key);
+ if (sigLen == 0) {
+ /* error set by SECKEY_SignatureLen */
+ rv = SECFailure;
+ break;
+ }
+ rv = decodeECorDSASignature(encAlg, sig, cx->u.buffer, sigLen);
+ break;
+ default:
+ rv = SECFailure;
+ PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
+ break;
+ }
+ }
+
+ if (rv)
+ goto loser;
/* check hash alg again, RSA may have changed it.*/
if (HASH_GetHashTypeByOidTag(cx->hashAlg) == HASH_AlgNULL) {
- /* error set by HASH_GetHashTypeByOidTag */
- goto loser;
+ /* error set by HASH_GetHashTypeByOidTag */
+ goto loser;
}
if (hash) {
- *hash = cx->hashAlg;
+ *hash = cx->hashAlg;
}
return cx;
- loser:
+loser:
if (cx) {
- VFY_DestroyContext(cx, PR_TRUE);
+ VFY_DestroyContext(cx, PR_TRUE);
}
return 0;
}
VFYContext *
VFY_CreateContext(SECKEYPublicKey *key, SECItem *sig, SECOidTag sigAlg,
- void *wincx)
+ void *wincx)
{
SECOidTag encAlg, hashAlg;
SECStatus rv = sec_DecodeSigAlg(key, sigAlg, NULL, &encAlg, &hashAlg);
if (rv != SECSuccess) {
- return NULL;
+ return NULL;
}
return vfy_CreateContext(key, sig, encAlg, hashAlg, NULL, wincx);
}
VFYContext *
-VFY_CreateContextDirect(const SECKEYPublicKey *key, const SECItem *sig,
- SECOidTag encAlg, SECOidTag hashAlg,
- SECOidTag *hash, void *wincx)
+VFY_CreateContextDirect(const SECKEYPublicKey *key, const SECItem *sig,
+ SECOidTag encAlg, SECOidTag hashAlg,
+ SECOidTag *hash, void *wincx)
{
- return vfy_CreateContext(key, sig, encAlg, hashAlg, hash, wincx);
+ return vfy_CreateContext(key, sig, encAlg, hashAlg, hash, wincx);
}
VFYContext *
VFY_CreateContextWithAlgorithmID(const SECKEYPublicKey *key, const SECItem *sig,
- const SECAlgorithmID *sigAlgorithm, SECOidTag *hash, void *wincx)
+ const SECAlgorithmID *sigAlgorithm, SECOidTag *hash, void *wincx)
{
SECOidTag encAlg, hashAlg;
- SECStatus rv = sec_DecodeSigAlg(key,
- SECOID_GetAlgorithmTag((SECAlgorithmID *)sigAlgorithm),
- &sigAlgorithm->parameters, &encAlg, &hashAlg);
+ SECStatus rv = sec_DecodeSigAlg(key,
+ SECOID_GetAlgorithmTag((SECAlgorithmID *)sigAlgorithm),
+ &sigAlgorithm->parameters, &encAlg, &hashAlg);
if (rv != SECSuccess) {
- return NULL;
+ return NULL;
}
return vfy_CreateContext(key, sig, encAlg, hashAlg, hash, wincx);
}
@@ -506,19 +516,19 @@ void
VFY_DestroyContext(VFYContext *cx, PRBool freeit)
{
if (cx) {
- if (cx->hashcx != NULL) {
- (*cx->hashobj->destroy)(cx->hashcx, PR_TRUE);
- cx->hashcx = NULL;
- }
- if (cx->key) {
- SECKEY_DestroyPublicKey(cx->key);
- }
- if (cx->pkcs1RSADigestInfo) {
- PORT_Free(cx->pkcs1RSADigestInfo);
- }
- if (freeit) {
- PORT_ZFree(cx, sizeof(VFYContext));
- }
+ if (cx->hashcx != NULL) {
+ (*cx->hashobj->destroy)(cx->hashcx, PR_TRUE);
+ cx->hashcx = NULL;
+ }
+ if (cx->key) {
+ SECKEY_DestroyPublicKey(cx->key);
+ }
+ if (cx->pkcs1RSADigestInfo) {
+ PORT_Free(cx->pkcs1RSADigestInfo);
+ }
+ if (freeit) {
+ PORT_ZFree(cx, sizeof(VFYContext));
+ }
}
}
@@ -526,17 +536,17 @@ SECStatus
VFY_Begin(VFYContext *cx)
{
if (cx->hashcx != NULL) {
- (*cx->hashobj->destroy)(cx->hashcx, PR_TRUE);
- cx->hashcx = NULL;
+ (*cx->hashobj->destroy)(cx->hashcx, PR_TRUE);
+ cx->hashcx = NULL;
}
cx->hashobj = HASH_GetHashObjectByOidTag(cx->hashAlg);
- if (!cx->hashobj)
- return SECFailure; /* error code is set */
+ if (!cx->hashobj)
+ return SECFailure; /* error code is set */
cx->hashcx = (*cx->hashobj->create)();
if (cx->hashcx == NULL)
- return SECFailure;
+ return SECFailure;
(*cx->hashobj->begin)(cx->hashcx);
return SECSuccess;
@@ -546,8 +556,8 @@ SECStatus
VFY_Update(VFYContext *cx, const unsigned char *input, unsigned inputLen)
{
if (cx->hashcx == NULL) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
(*cx->hashobj->update)(cx->hashcx, input, inputLen);
return SECSuccess;
@@ -558,65 +568,64 @@ VFY_EndWithSignature(VFYContext *cx, SECItem *sig)
{
unsigned char final[HASH_LENGTH_MAX];
unsigned part;
- SECItem hash,dsasig; /* dsasig is also used for ECDSA */
+ SECItem hash, dsasig; /* dsasig is also used for ECDSA */
SECStatus rv;
if ((cx->hasSignature == PR_FALSE) && (sig == NULL)) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
if (cx->hashcx == NULL) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
(*cx->hashobj->end)(cx->hashcx, final, &part, sizeof(final));
switch (cx->key->keyType) {
- case ecKey:
- case dsaKey:
- dsasig.data = cx->u.buffer;
- dsasig.len = SECKEY_SignatureLen(cx->key);
- if (dsasig.len == 0) {
- return SECFailure;
- }
- if (sig) {
- rv = decodeECorDSASignature(cx->encAlg, sig, dsasig.data,
- dsasig.len);
- if (rv != SECSuccess) {
- PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
- return SECFailure;
- }
- }
- hash.data = final;
- hash.len = part;
- if (PK11_Verify(cx->key,&dsasig,&hash,cx->wincx) != SECSuccess) {
- PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
- return SECFailure;
- }
- break;
- case rsaKey:
- {
- SECItem digest;
- digest.data = final;
- digest.len = part;
- if (sig) {
- SECOidTag hashid;
- PORT_Assert(cx->hashAlg != SEC_OID_UNKNOWN);
- rv = recoverPKCS1DigestInfo(cx->hashAlg, &hashid,
- &cx->pkcs1RSADigestInfo,
- &cx->pkcs1RSADigestInfoLen,
- cx->key,
- sig, cx->wincx);
- PORT_Assert(cx->hashAlg == hashid);
- if (rv != SECSuccess) {
- return SECFailure;
- }
- }
- return verifyPKCS1DigestInfo(cx, &digest);
- }
- default:
- PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
- return SECFailure; /* shouldn't happen */
+ case ecKey:
+ case dsaKey:
+ dsasig.data = cx->u.buffer;
+ dsasig.len = SECKEY_SignatureLen(cx->key);
+ if (dsasig.len == 0) {
+ return SECFailure;
+ }
+ if (sig) {
+ rv = decodeECorDSASignature(cx->encAlg, sig, dsasig.data,
+ dsasig.len);
+ if (rv != SECSuccess) {
+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+ return SECFailure;
+ }
+ }
+ hash.data = final;
+ hash.len = part;
+ if (PK11_Verify(cx->key, &dsasig, &hash, cx->wincx) != SECSuccess) {
+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+ return SECFailure;
+ }
+ break;
+ case rsaKey: {
+ SECItem digest;
+ digest.data = final;
+ digest.len = part;
+ if (sig) {
+ SECOidTag hashid;
+ PORT_Assert(cx->hashAlg != SEC_OID_UNKNOWN);
+ rv = recoverPKCS1DigestInfo(cx->hashAlg, &hashid,
+ &cx->pkcs1RSADigestInfo,
+ &cx->pkcs1RSADigestInfoLen,
+ cx->key,
+ sig, cx->wincx);
+ PORT_Assert(cx->hashAlg == hashid);
+ if (rv != SECSuccess) {
+ return SECFailure;
+ }
+ }
+ return verifyPKCS1DigestInfo(cx, &digest);
+ }
+ default:
+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+ return SECFailure; /* shouldn't happen */
}
return SECSuccess;
}
@@ -624,7 +633,7 @@ VFY_EndWithSignature(VFYContext *cx, SECItem *sig)
SECStatus
VFY_End(VFYContext *cx)
{
- return VFY_EndWithSignature(cx,NULL);
+ return VFY_EndWithSignature(cx, NULL);
}
/************************************************************************/
@@ -632,9 +641,9 @@ VFY_End(VFYContext *cx)
* Verify that a previously-computed digest matches a signature.
*/
static SECStatus
-vfy_VerifyDigest(const SECItem *digest, const SECKEYPublicKey *key,
- const SECItem *sig, SECOidTag encAlg, SECOidTag hashAlg,
- void *wincx)
+vfy_VerifyDigest(const SECItem *digest, const SECKEYPublicKey *key,
+ const SECItem *sig, SECOidTag encAlg, SECOidTag hashAlg,
+ void *wincx)
{
SECStatus rv;
VFYContext *cx;
@@ -644,48 +653,49 @@ vfy_VerifyDigest(const SECItem *digest, const SECKEYPublicKey *key,
cx = vfy_CreateContext(key, sig, encAlg, hashAlg, NULL, wincx);
if (cx != NULL) {
- switch (key->keyType) {
- case rsaKey:
- rv = verifyPKCS1DigestInfo(cx, digest);
- break;
- case dsaKey:
- case ecKey:
- dsasig.data = cx->u.buffer;
- dsasig.len = SECKEY_SignatureLen(cx->key);
- if (dsasig.len == 0) {
- break;
- }
- if (PK11_Verify(cx->key, &dsasig, (SECItem *)digest, cx->wincx)
- != SECSuccess) {
- PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
- } else {
- rv = SECSuccess;
- }
- break;
- default:
- break;
- }
- VFY_DestroyContext(cx, PR_TRUE);
+ switch (key->keyType) {
+ case rsaKey:
+ rv = verifyPKCS1DigestInfo(cx, digest);
+ break;
+ case dsaKey:
+ case ecKey:
+ dsasig.data = cx->u.buffer;
+ dsasig.len = SECKEY_SignatureLen(cx->key);
+ if (dsasig.len == 0) {
+ break;
+ }
+ if (PK11_Verify(cx->key, &dsasig, (SECItem *)digest, cx->wincx) !=
+ SECSuccess) {
+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+ }
+ else {
+ rv = SECSuccess;
+ }
+ break;
+ default:
+ break;
+ }
+ VFY_DestroyContext(cx, PR_TRUE);
}
return rv;
}
SECStatus
-VFY_VerifyDigestDirect(const SECItem *digest, const SECKEYPublicKey *key,
- const SECItem *sig, SECOidTag encAlg,
- SECOidTag hashAlg, void *wincx)
+VFY_VerifyDigestDirect(const SECItem *digest, const SECKEYPublicKey *key,
+ const SECItem *sig, SECOidTag encAlg,
+ SECOidTag hashAlg, void *wincx)
{
return vfy_VerifyDigest(digest, key, sig, encAlg, hashAlg, wincx);
}
SECStatus
VFY_VerifyDigest(SECItem *digest, SECKEYPublicKey *key, SECItem *sig,
- SECOidTag algid, void *wincx)
+ SECOidTag algid, void *wincx)
{
SECOidTag encAlg, hashAlg;
SECStatus rv = sec_DecodeSigAlg(key, algid, NULL, &encAlg, &hashAlg);
if (rv != SECSuccess) {
- return SECFailure;
+ return SECFailure;
}
return vfy_VerifyDigest(digest, key, sig, encAlg, hashAlg, wincx);
}
@@ -695,44 +705,44 @@ VFY_VerifyDigest(SECItem *digest, SECKEYPublicKey *key, SECItem *sig,
* will be compared with our target hash value.
*/
SECStatus
-VFY_VerifyDigestWithAlgorithmID(const SECItem *digest,
- const SECKEYPublicKey *key, const SECItem *sig,
- const SECAlgorithmID *sigAlgorithm,
- SECOidTag hashCmp, void *wincx)
+VFY_VerifyDigestWithAlgorithmID(const SECItem *digest,
+ const SECKEYPublicKey *key, const SECItem *sig,
+ const SECAlgorithmID *sigAlgorithm,
+ SECOidTag hashCmp, void *wincx)
{
SECOidTag encAlg, hashAlg;
- SECStatus rv = sec_DecodeSigAlg(key,
- SECOID_GetAlgorithmTag((SECAlgorithmID *)sigAlgorithm),
- &sigAlgorithm->parameters, &encAlg, &hashAlg);
+ SECStatus rv = sec_DecodeSigAlg(key,
+ SECOID_GetAlgorithmTag((SECAlgorithmID *)sigAlgorithm),
+ &sigAlgorithm->parameters, &encAlg, &hashAlg);
if (rv != SECSuccess) {
- return rv;
+ return rv;
}
- if ( hashCmp != SEC_OID_UNKNOWN &&
- hashAlg != SEC_OID_UNKNOWN &&
- hashCmp != hashAlg) {
- PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
- return SECFailure;
+ if (hashCmp != SEC_OID_UNKNOWN &&
+ hashAlg != SEC_OID_UNKNOWN &&
+ hashCmp != hashAlg) {
+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+ return SECFailure;
}
return vfy_VerifyDigest(digest, key, sig, encAlg, hashAlg, wincx);
}
static SECStatus
vfy_VerifyData(const unsigned char *buf, int len, const SECKEYPublicKey *key,
- const SECItem *sig, SECOidTag encAlg, SECOidTag hashAlg,
- SECOidTag *hash, void *wincx)
+ const SECItem *sig, SECOidTag encAlg, SECOidTag hashAlg,
+ SECOidTag *hash, void *wincx)
{
SECStatus rv;
VFYContext *cx;
cx = vfy_CreateContext(key, sig, encAlg, hashAlg, hash, wincx);
if (cx == NULL)
- return SECFailure;
+ return SECFailure;
rv = VFY_Begin(cx);
if (rv == SECSuccess) {
- rv = VFY_Update(cx, (unsigned char *)buf, len);
- if (rv == SECSuccess)
- rv = VFY_End(cx);
+ rv = VFY_Update(cx, (unsigned char *)buf, len);
+ if (rv == SECSuccess)
+ rv = VFY_End(cx);
}
VFY_DestroyContext(cx, PR_TRUE);
@@ -740,39 +750,39 @@ vfy_VerifyData(const unsigned char *buf, int len, const SECKEYPublicKey *key,
}
SECStatus
-VFY_VerifyDataDirect(const unsigned char *buf, int len,
- const SECKEYPublicKey *key, const SECItem *sig,
- SECOidTag encAlg, SECOidTag hashAlg,
- SECOidTag *hash, void *wincx)
+VFY_VerifyDataDirect(const unsigned char *buf, int len,
+ const SECKEYPublicKey *key, const SECItem *sig,
+ SECOidTag encAlg, SECOidTag hashAlg,
+ SECOidTag *hash, void *wincx)
{
return vfy_VerifyData(buf, len, key, sig, encAlg, hashAlg, hash, wincx);
}
SECStatus
VFY_VerifyData(const unsigned char *buf, int len, const SECKEYPublicKey *key,
- const SECItem *sig, SECOidTag algid, void *wincx)
+ const SECItem *sig, SECOidTag algid, void *wincx)
{
SECOidTag encAlg, hashAlg;
SECStatus rv = sec_DecodeSigAlg(key, algid, NULL, &encAlg, &hashAlg);
if (rv != SECSuccess) {
- return rv;
+ return rv;
}
return vfy_VerifyData(buf, len, key, sig, encAlg, hashAlg, NULL, wincx);
}
SECStatus
-VFY_VerifyDataWithAlgorithmID(const unsigned char *buf, int len,
- const SECKEYPublicKey *key,
- const SECItem *sig,
- const SECAlgorithmID *sigAlgorithm,
- SECOidTag *hash, void *wincx)
+VFY_VerifyDataWithAlgorithmID(const unsigned char *buf, int len,
+ const SECKEYPublicKey *key,
+ const SECItem *sig,
+ const SECAlgorithmID *sigAlgorithm,
+ SECOidTag *hash, void *wincx)
{
SECOidTag encAlg, hashAlg;
SECOidTag sigAlg = SECOID_GetAlgorithmTag((SECAlgorithmID *)sigAlgorithm);
- SECStatus rv = sec_DecodeSigAlg(key, sigAlg,
- &sigAlgorithm->parameters, &encAlg, &hashAlg);
+ SECStatus rv = sec_DecodeSigAlg(key, sigAlg,
+ &sigAlgorithm->parameters, &encAlg, &hashAlg);
if (rv != SECSuccess) {
- return rv;
+ return rv;
}
return vfy_VerifyData(buf, len, key, sig, encAlg, hashAlg, hash, wincx);
}
View Lorry Controller Status