/*
* Replacement for same function in openssl's sha.c, which we don't link against.
* The only place this is used is in DSA_generate_parameters().
*/
unsigned char *SHA1(const unsigned char *d, unsigned long n,unsigned char *md)
{
if(md == NULL) {
sslUtilsDebug("SHA1 with NULL md");
CssmError::throwMe(CSSMERR_CSP_INTERNAL_ERROR);
}
cspGenSha1Hash(d, n, md);
return md;
}
/*
* Generate DSA algorithm parameters from optional seed input, returning result
* into NSS_DSAAlgParamss.[pqg]. This is called from both GenerateParameters and from
* KeyPairGenerate (if no GenerateParameters has yet been called).
*/
void DSAKeyPairGenContext::dsaGenParams(
uint32 keySizeInBits,
const void *inSeed, // optional
unsigned inSeedLen,
NSS_DSAAlgParams &algParams,
SecNssCoder &coder) // contents of algParams mallocd from here
{
unsigned char seedBuf[SHA1_DIGEST_SIZE];
void *seedPtr;
/* validate key size */
if((keySizeInBits < DSA_MIN_KEY_SIZE) ||
(keySizeInBits > DSA_MAX_KEY_SIZE) ||
(keySizeInBits & DSA_KEY_BITS_MASK)) {
CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_KEY_LENGTH);
}
/* seed from one of three sources */
if(inSeed == NULL) {
/* 20 random seed bytes */
session().getRandomBytes(SHA1_DIGEST_SIZE, seedBuf);
seedPtr = seedBuf;
}
else if(inSeedLen == SHA1_DIGEST_SIZE) {
/* perfect */
seedPtr = (void *)inSeed;
}
else {
/* hash caller's seed */
cspGenSha1Hash(inSeed, inSeedLen, seedBuf);
seedPtr = seedBuf;
}
DSA *dsaKey = DSA_generate_parameters(keySizeInBits,
(unsigned char *)seedPtr,
SHA1_DIGEST_SIZE,
NULL, // counter_ret
NULL, // h_ret
NULL,
NULL);
if(dsaKey == NULL) {
throwRsaDsa("DSA_generate_parameters");
}
/* stuff dsaKey->[pqg] into a caller's NSS_DSAAlgParams */
bnToCssmData(dsaKey->p, algParams.p, coder);
bnToCssmData(dsaKey->q, algParams.q, coder);
bnToCssmData(dsaKey->g, algParams.g, coder);
DSA_free(dsaKey);
}
