crypto/third_party/nss/secsign.cc

   1 /*
   2  * Signature stuff.
   3  *
   4  * ***** BEGIN LICENSE BLOCK *****
   5  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
   6  *
   7  * The contents of this file are subject to the Mozilla Public License Version
   8  * 1.1 (the "License"); you may not use this file except in compliance with
   9  * the License. You may obtain a copy of the License at
  10  * http://www.mozilla.org/MPL/
  11  *
  12  * Software distributed under the License is distributed on an "AS IS" basis,
  13  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
  14  * for the specific language governing rights and limitations under the
  15  * License.
  16  *
  17  * The Original Code is the Netscape security libraries.
  18  *
  19  * The Initial Developer of the Original Code is
  20  * Netscape Communications Corporation.
  21  * Portions created by the Initial Developer are Copyright (C) 1994-2000
  22  * the Initial Developer. All Rights Reserved.
  23  *
  24  * Contributor(s):
  25  *   Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
  26  *
  27  * Alternatively, the contents of this file may be used under the terms of
  28  * either the GNU General Public License Version 2 or later (the "GPL"), or
  29  * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
  30  * in which case the provisions of the GPL or the LGPL are applicable instead
  31  * of those above. If you wish to allow use of your version of this file only
  32  * under the terms of either the GPL or the LGPL, and not to allow others to
  33  * use your version of this file under the terms of the MPL, indicate your
  34  * decision by deleting the provisions above and replace them with the notice
  35  * and other provisions required by the GPL or the LGPL. If you do not delete
  36  * the provisions above, a recipient may use your version of this file under
  37  * the terms of any one of the MPL, the GPL or the LGPL.
  38  *
  39  * ***** END LICENSE BLOCK ***** */
  40
  41 #include "crypto/third_party/nss/chromium-nss.h"
  42
  43 #include <vector>
  44
  45 #include <cryptohi.h>
  46 #include <pk11pub.h>
  47 #include <secerr.h>
  48 #include <sechash.h>
  49
  50 #include "base/basictypes.h"
  51 #include "base/logging.h"
  52 #include "build/build_config.h"
  53
  54 SECStatus DerSignData(PLArenaPool *arena,
  55                       SECItem *result,
  56                       SECItem *input,
  57                       SECKEYPrivateKey *key,
  58                       SECOidTag algo_id) {
  59   if (key->keyType != ecKey) {
  60     return SEC_DerSignData(arena, result, input->data, input->len, key,
  61                            algo_id);
  62   }
  63
  64   // NSS has a private function sec_DecodeSigAlg it uses to figure out the
  65   // correct hash from the algorithm id.
  66   HASH_HashType hash_type;
  67   switch (algo_id) {
  68     case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE:
  69       hash_type = HASH_AlgSHA1;
  70       break;
  71 #ifdef SHA224_LENGTH
  72     case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE:
  73       hash_type = HASH_AlgSHA224;
  74       break;
  75 #endif
  76     case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE:
  77       hash_type = HASH_AlgSHA256;
  78       break;
  79     case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE:
  80       hash_type = HASH_AlgSHA384;
  81       break;
  82     case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE:
  83       hash_type = HASH_AlgSHA512;
  84       break;
  85     default:
  86       PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
  87       return SECFailure;
  88   }
  89
  90   // Hash the input.
  91   std::vector<uint8> hash_data(HASH_ResultLen(hash_type));
  92   SECStatus rv = HASH_HashBuf(
  93       hash_type, &hash_data[0], input->data, input->len);
  94   if (rv != SECSuccess)
  95     return rv;
  96   SECItem hash = {siBuffer, &hash_data[0],
  97                   static_cast<unsigned int>(hash_data.size())};
  98
  99   // Compute signature of hash.
 100   int signature_len = PK11_SignatureLen(key);
 101   std::vector<uint8> signature_data(signature_len);
 102   SECItem sig = {siBuffer, &signature_data[0],
 103                  static_cast<unsigned int>(signature_len)};
 104   rv = PK11_Sign(key, &sig, &hash);
 105   if (rv != SECSuccess)
 106     return rv;
 107
 108   CERTSignedData sd;
 109   PORT_Memset(&sd, 0, sizeof(sd));
 110   // Fill in tbsCertificate.
 111   sd.data.data = (unsigned char*) input->data;
 112   sd.data.len = input->len;
 113
 114   // Fill in signatureAlgorithm.
 115   rv = SECOID_SetAlgorithmID(arena, &sd.signatureAlgorithm, algo_id, 0);
 116   if (rv != SECSuccess)
 117     return rv;
 118
 119   // Fill in signatureValue.
 120   rv = DSAU_EncodeDerSigWithLen(&sd.signature, &sig, sig.len);
 121   if (rv != SECSuccess)
 122     return rv;
 123   sd.signature.len <<=  3;  // Convert to bit string.
 124
 125   // DER encode the signed data object.
 126   void* encode_result = SEC_ASN1EncodeItem(
 127       arena, result, &sd, SEC_ASN1_GET(CERT_SignedDataTemplate));
 128
 129   PORT_Free(sd.signature.data);
 130
 131   return encode_result ? SECSuccess : SECFailure;
 132 }