net/third_party/nss/ssl/sslplatf.c - Issue 13843023: Use CERT_GetCertKeyType to get KeyType for ssl3_PlatformSignHashes.

Side by Side Diff: net/third_party/nss/ssl/sslplatf.c

Issue 13843023: Use CERT_GetCertKeyType to get KeyType for ssl3_PlatformSignHashes. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Updated ssl3_PlatformSignHashes and indenting on Mac Created 7 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 /*	1 /*

2 * Platform specific crypto wrappers	2 * Platform specific crypto wrappers

3 *	3 *

4 * *** BEGIN LICENSE BLOCK ***	4 * *** BEGIN LICENSE BLOCK ***

5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1	5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1

6 *	6 *

7 * The contents of this file are subject to the Mozilla Public License Version	7 * The contents of this file are subject to the Mozilla Public License Version

8 * 1.1 (the "License"); you may not use this file except in compliance with	8 * 1.1 (the "License"); you may not use this file except in compliance with

9 * the License. You may obtain a copy of the License at	9 * the License. You may obtain a copy of the License at

10 * http://www.mozilla.org/MPL/	10 * http://www.mozilla.org/MPL/

(...skipping 93 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
104 if (key) {	104 if (key) {

105 if (key->dwKeySpec != CERT_NCRYPT_KEY_SPEC)	105 if (key->dwKeySpec != CERT_NCRYPT_KEY_SPEC)

106 CryptReleaseContext(key->hCryptProv, 0);	106 CryptReleaseContext(key->hCryptProv, 0);

107 /* FIXME(rsleevi): Close CNG keys. */	107 /* FIXME(rsleevi): Close CNG keys. */

108 PORT_Free(key);	108 PORT_Free(key);

109 }	109 }

110 }	110 }

111	111

112 SECStatus	112 SECStatus

113 ssl3_PlatformSignHashes(SSL3Hashes hash, PlatformKey key, SECItem buf,	113 ssl3_PlatformSignHashes(SSL3Hashes hash, PlatformKey key, SECItem buf,

114 PRBool isTLS)	114 PRBool isTLS, KeyType keyType)

115 {	115 {

116 SECStatus rv = SECFailure;	116 SECStatus rv = SECFailure;

117 PRBool doDerEncode = PR_FALSE;	117 PRBool doDerEncode = PR_FALSE;

118 SECItem hashItem;	118 SECItem hashItem;

119 HCRYPTKEY hKey = 0;

120 DWORD argLen = 0;	119 DWORD argLen = 0;

121 ALG_ID keyAlg = 0;

122 DWORD signatureLen = 0;	120 DWORD signatureLen = 0;

123 ALG_ID hashAlg = 0;	121 ALG_ID hashAlg = 0;

124 HCRYPTHASH hHash = 0;	122 HCRYPTHASH hHash = 0;

125 DWORD hashLen = 0;	123 DWORD hashLen = 0;

126 unsigned int i = 0;	124 unsigned int i = 0;

127	125

128 buf->data = NULL;	126 buf->data = NULL;

129 if (!CryptGetUserKey(key->hCryptProv, key->dwKeySpec, &hKey)) {

130 if (GetLastError() == NTE_NO_KEY) {

131 PORT_SetError(SEC_ERROR_NO_KEY);

132 } else {

133 PORT_SetError(SEC_ERROR_INVALID_KEY);

134 }

135 goto done;

136 }

137	127

138 argLen = sizeof(keyAlg);	128 switch (keyType) {

139 if (!CryptGetKeyParam(hKey, KP_ALGID, (BYTE*)&keyAlg, &argLen, 0)) {	129 case rsaKey:

140 PORT_SetError(SEC_ERROR_INVALID_KEY);

141 goto done;

142 }

143

144 switch (keyAlg) {

145 case CALG_RSA_KEYX:

146 case CALG_RSA_SIGN:

147 hashAlg = CALG_SSL3_SHAMD5;	130 hashAlg = CALG_SSL3_SHAMD5;

148 hashItem.data = hash->md5;	131 hashItem.data = hash->md5;

149 hashItem.len = sizeof(SSL3Hashes);	132 hashItem.len = sizeof(SSL3Hashes);

150 break;	133 break;

151 case CALG_DSS_SIGN:	134 case dsaKey:

152 case CALG_ECDSA:	135 case ecKey:

153 if (keyAlg == CALG_ECDSA) {	136 if (keyType == ecKey) {

154 doDerEncode = PR_TRUE;	137 doDerEncode = PR_TRUE;

155 } else {	138 } else {

156 doDerEncode = isTLS;	139 doDerEncode = isTLS;

157 }	140 }

158 hashAlg = CALG_SHA1;	141 hashAlg = CALG_SHA1;

159 hashItem.data = hash->sha;	142 hashItem.data = hash->sha;

160 hashItem.len = sizeof(hash->sha);	143 hashItem.len = sizeof(hash->sha);

161 break;	144 break;

162 default:	145 default:

163 PORT_SetError(SEC_ERROR_INVALID_KEY);	146 PORT_SetError(SEC_ERROR_INVALID_KEY);

(...skipping 52 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
216 PORT_Free(derSig.data);	199 PORT_Free(derSig.data);

217 }	200 }

218 } else {	201 } else {

219 rv = SECSuccess;	202 rv = SECSuccess;

220 }	203 }

221	204

222 PRINT_BUF(60, (NULL, "signed hashes", buf->data, buf->len));	205 PRINT_BUF(60, (NULL, "signed hashes", buf->data, buf->len));

223 done:	206 done:

224 if (hHash)	207 if (hHash)

225 CryptDestroyHash(hHash);	208 CryptDestroyHash(hHash);

226 if (hKey)

227 CryptDestroyKey(hKey);

228 if (rv != SECSuccess && buf->data) {	209 if (rv != SECSuccess && buf->data) {

229 PORT_Free(buf->data);	210 PORT_Free(buf->data);

230 buf->data = NULL;	211 buf->data = NULL;

231 }	212 }

232 return rv;	213 return rv;

233 }	214 }

234	215

235 #elif defined(XP_MACOSX)	216 #elif defined(XP_MACOSX)

236 #include <Security/cssm.h>	217 #include <Security/cssm.h>

237	218

238 void	219 void

239 ssl_FreePlatformKey(PlatformKey key)	220 ssl_FreePlatformKey(PlatformKey key)

240 {	221 {

241 CFRelease(key);	222 CFRelease(key);

242 }	223 }

243	224

244 SECStatus	225 SECStatus

245 ssl3_PlatformSignHashes(SSL3Hashes hash, PlatformKey key, SECItem buf,	226 ssl3_PlatformSignHashes(SSL3Hashes hash, PlatformKey key, SECItem buf,

246 PRBool isTLS)	227 PRBool isTLS, KeyType keyType)

247 {	228 {

248 SECStatus rv = SECFailure;	229 SECStatus rv = SECFailure;

249 PRBool doDerEncode = PR_FALSE;	230 PRBool doDerEncode = PR_FALSE;

250 unsigned int signatureLen;	231 unsigned int signatureLen;

251 OSStatus status = noErr;	232 OSStatus status = noErr;

252 CSSM_CSP_HANDLE cspHandle = 0;	233 CSSM_CSP_HANDLE cspHandle = 0;

253 const CSSM_KEY *cssmKey = NULL;	234 const CSSM_KEY *cssmKey = NULL;

254 CSSM_ALGORITHMS sigAlg;	235 CSSM_ALGORITHMS sigAlg;

255 const CSSM_ACCESS_CREDENTIALS * cssmCreds = NULL;	236 const CSSM_ACCESS_CREDENTIALS * cssmCreds = NULL;

256 CSSM_RETURN cssmRv;	237 CSSM_RETURN cssmRv;

(...skipping 23 matching lines...) Expand all Loading...
280 if (signatureLen == 0) {	261 if (signatureLen == 0) {

281 PORT_SetError(SEC_ERROR_INVALID_KEY);	262 PORT_SetError(SEC_ERROR_INVALID_KEY);

282 goto done;	263 goto done;

283 }	264 }

284	265

285 buf->data = (unsigned char *)PORT_Alloc(signatureLen);	266 buf->data = (unsigned char *)PORT_Alloc(signatureLen);

286 if (!buf->data)	267 if (!buf->data)

287 goto done; /* error code was set. */	268 goto done; /* error code was set. */

288	269

289 sigAlg = cssmKey->KeyHeader.AlgorithmId;	270 sigAlg = cssmKey->KeyHeader.AlgorithmId;

290 switch (sigAlg) {	271 switch (keyType) {
	wtc 2013/04/26 17:38:03 Hmm... so we still need cssmKey and sigAlg in the Hmm... so we still need cssmKey and sigAlg in the OS_MACOSX code. This means the keyType argument isn't useful to OS_MACOSX. If you want to avoid the need to test, you can either leave the OS_MACOSX code unchanged, or simply assert that keyType and sigAlg are consistent: switch (sigAlg) { case CSSM_ALGID_RSA: PORT_Assert(keyType == rsaKey); ... case CSSM_ALGID_ECDSA: case CSSM_ALGID_DSA: if (sigAlg == CSSM_ALGID_ECDSA) { PORT_Assert(keyType == ecKey); doDerEncode = PR_TRUE; } else { PORT_Assert(keyType == dsaKey); doDerEncode = isTLS; } ...
291 case CSSM_ALGID_RSA:	272 case rsaKey:

292 hashData.Data = hash->md5;	273 hashData.Data = hash->md5;

293 hashData.Length = sizeof(SSL3Hashes);	274 hashData.Length = sizeof(SSL3Hashes);

294 break;	275 break;

295 case CSSM_ALGID_ECDSA:	276 case dsaKey:

296 case CSSM_ALGID_DSA:	277 case ecKey:

297 if (sigAlg == CSSM_ALGID_ECDSA) {	278 if (keyType == ecKey) {

298 doDerEncode = PR_TRUE;	279 doDerEncode = PR_TRUE;

299 } else {	280 } else {

300 doDerEncode = isTLS;	281 doDerEncode = isTLS;

301 }	282 }
	wtc 2013/04/26 17:38:03 Delete the spaces at the end of the line. Delete the spaces at the end of the line.
302 hashData.Data = hash->sha;	283 hashData.Data = hash->sha;

303 hashData.Length = sizeof(hash->sha);	284 hashData.Length = sizeof(hash->sha);

304 break;	285 break;

305 default:	286 default:

306 PORT_SetError(SEC_ERROR_INVALID_KEY);	287 PORT_SetError(SEC_ERROR_INVALID_KEY);

307 goto done;	288 goto done;

308 }	289 }

309 PRINT_BUF(60, (NULL, "hash(es) to be signed", hashData.Data, hashData.Length ));	290 PRINT_BUF(60, (NULL, "hash(es) to be signed", hashData.Data, hashData.Length ));

310	291

311 /* TODO(rsleevi): Should it be kSecCredentialTypeNoUI? In Win32, at least,	292 /* TODO(rsleevi): Should it be kSecCredentialTypeNoUI? In Win32, at least,

(...skipping 70 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
382 return rv;	363 return rv;

383 }	364 }

384 #else	365 #else

385 void	366 void

386 ssl_FreePlatformKey(PlatformKey key)	367 ssl_FreePlatformKey(PlatformKey key)

387 {	368 {

388 }	369 }

389	370

390 SECStatus	371 SECStatus

391 ssl3_PlatformSignHashes(SSL3Hashes hash, PlatformKey key, SECItem buf,	372 ssl3_PlatformSignHashes(SSL3Hashes hash, PlatformKey key, SECItem buf,

392 PRBool isTLS)	373 PRBool isTLS, KeyType keyType)

393 {	374 {

394 PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);	375 PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);

395 return SECFailure;	376 return SECFailure;

396 }	377 }

397 #endif	378 #endif

398	379

399 #endif /* NSS_PLATFORM_CLIENT_AUTH */	380 #endif /* NSS_PLATFORM_CLIENT_AUTH */

OLD	NEW

« net/third_party/nss/ssl/ssl3con.c ('K') | « net/third_party/nss/ssl/sslimpl.h ('k') | no next file » | no next file with comments »