int NSS_CMSRecipientInfo_GetVersion(NSSCMSRecipientInfo *ri) { unsigned long version; SECItem *versionitem = NULL; switch (ri->recipientInfoType) { case NSSCMSRecipientInfoID_KeyTrans: /* ignore subIndex */ versionitem = &(ri->ri.keyTransRecipientInfo.version); break; case NSSCMSRecipientInfoID_KEK: /* ignore subIndex */ versionitem = &(ri->ri.kekRecipientInfo.version); break; case NSSCMSRecipientInfoID_KeyAgree: versionitem = &(ri->ri.keyAgreeRecipientInfo.version); break; } PORT_Assert(versionitem); if (versionitem == NULL) return 0; /* always take apart the SECItem */ if (SEC_ASN1DecodeInteger(versionitem, &version) != SECSuccess) return 0; else return (int)version; }
int SecCmsRecipientInfoGetVersion(SecCmsRecipientInfoRef ri) { unsigned long version; CSSM_DATA_PTR versionitem = NULL; switch (ri->recipientInfoType) { case SecCmsRecipientInfoIDKeyTrans: /* ignore subIndex */ versionitem = &(ri->ri.keyTransRecipientInfo.version); break; case SecCmsRecipientInfoIDKEK: /* ignore subIndex */ versionitem = &(ri->ri.kekRecipientInfo.version); break; case SecCmsRecipientInfoIDKeyAgree: versionitem = &(ri->ri.keyAgreeRecipientInfo.version); break; } PORT_Assert(versionitem); if (versionitem == NULL) return 0; /* always take apart the CSSM_DATA */ if (SEC_ASN1DecodeInteger(versionitem, &version) != SECSuccess) return 0; else return (int)version; }
int NSS_CMSSignerInfo_GetVersion(NSSCMSSignerInfo *signerinfo) { unsigned long version; /* always take apart the SECItem */ if (SEC_ASN1DecodeInteger(&(signerinfo->version), &version) != SECSuccess) return 0; else return (int)version; }
int SecCmsSignerInfoGetVersion(SecCmsSignerInfoRef signerinfo) { unsigned long version; /* always take apart the CSSM_DATA */ if (SEC_ASN1DecodeInteger(&(signerinfo->version), &version) != SECSuccess) return 0; else return (int)version; }
static SECItem * sec_CreateRSAPSSParameters(PLArenaPool *arena, SECItem *result, SECOidTag hashAlgTag, const SECItem *params, const SECKEYPrivateKey *key) { SECKEYRSAPSSParams pssParams; int modBytes, hashLength; unsigned long saltLength; PRBool defaultSHA1 = PR_FALSE; SECStatus rv; if (key->keyType != rsaKey && key->keyType != rsaPssKey) { PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); return NULL; } PORT_Memset(&pssParams, 0, sizeof(pssParams)); if (params && params->data) { /* The parameters field should either be empty or contain * valid RSA-PSS parameters */ PORT_Assert(!(params->len == 2 && params->data[0] == SEC_ASN1_NULL && params->data[1] == 0)); rv = SEC_QuickDERDecodeItem(arena, &pssParams, SECKEY_RSAPSSParamsTemplate, params); if (rv != SECSuccess) { return NULL; } defaultSHA1 = PR_TRUE; } if (pssParams.trailerField.data) { unsigned long trailerField; rv = SEC_ASN1DecodeInteger((SECItem *)&pssParams.trailerField, &trailerField); if (rv != SECSuccess) { return NULL; } if (trailerField != 1) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return NULL; } } modBytes = PK11_GetPrivateModulusLen((SECKEYPrivateKey *)key); /* Determine the hash algorithm to use, based on hashAlgTag and * pssParams.hashAlg; there are four cases */ if (hashAlgTag != SEC_OID_UNKNOWN) { SECOidTag tag = SEC_OID_UNKNOWN; if (pssParams.hashAlg) { tag = SECOID_GetAlgorithmTag(pssParams.hashAlg); } else if (defaultSHA1) { tag = SEC_OID_SHA1; } if (tag != SEC_OID_UNKNOWN && tag != hashAlgTag) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return NULL; } } else if (hashAlgTag == SEC_OID_UNKNOWN) { if (pssParams.hashAlg) { hashAlgTag = SECOID_GetAlgorithmTag(pssParams.hashAlg); } else if (defaultSHA1) { hashAlgTag = SEC_OID_SHA1; } else { /* Find a suitable hash algorithm based on the NIST recommendation */ if (modBytes <= 384) { /* 128, in NIST 800-57, Part 1 */ hashAlgTag = SEC_OID_SHA256; } else if (modBytes <= 960) { /* 192, NIST 800-57, Part 1 */ hashAlgTag = SEC_OID_SHA384; } else { hashAlgTag = SEC_OID_SHA512; } } } if (hashAlgTag != SEC_OID_SHA1 && hashAlgTag != SEC_OID_SHA224 && hashAlgTag != SEC_OID_SHA256 && hashAlgTag != SEC_OID_SHA384 && hashAlgTag != SEC_OID_SHA512) { PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); return NULL; } /* Now that the hash algorithm is decided, check if it matches the * existing parameters if any */ if (pssParams.maskAlg) { SECAlgorithmID maskHashAlg; if (SECOID_GetAlgorithmTag(pssParams.maskAlg) != SEC_OID_PKCS1_MGF1) { PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); return NULL; } if (pssParams.maskAlg->parameters.data == NULL) { PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); return NULL; } PORT_Memset(&maskHashAlg, 0, sizeof(maskHashAlg)); rv = SEC_QuickDERDecodeItem(arena, &maskHashAlg, SEC_ASN1_GET(SECOID_AlgorithmIDTemplate), &pssParams.maskAlg->parameters); if (rv != SECSuccess) { return NULL; } /* Following the recommendation in RFC 4055, assume the hash * algorithm identical to pssParam.hashAlg */ if (SECOID_GetAlgorithmTag(&maskHashAlg) != hashAlgTag) { PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); return NULL; } } else if (defaultSHA1) { if (hashAlgTag != SEC_OID_SHA1) { PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); return NULL; } } hashLength = HASH_ResultLenByOidTag(hashAlgTag); if (pssParams.saltLength.data) { rv = SEC_ASN1DecodeInteger((SECItem *)&pssParams.saltLength, &saltLength); if (rv != SECSuccess) { return NULL; } /* The specified salt length is too long */ if (saltLength > modBytes - hashLength - 2) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return NULL; } } else if (defaultSHA1) { saltLength = 20; } /* Fill in the parameters */ if (pssParams.hashAlg) { if (hashAlgTag == SEC_OID_SHA1) { /* Omit hashAlg if the the algorithm is SHA-1 (default) */ pssParams.hashAlg = NULL; } } else { if (hashAlgTag != SEC_OID_SHA1) { pssParams.hashAlg = PORT_ArenaZAlloc(arena, sizeof(SECAlgorithmID)); if (!pssParams.hashAlg) { return NULL; } rv = SECOID_SetAlgorithmID(arena, pssParams.hashAlg, hashAlgTag, NULL); if (rv != SECSuccess) { return NULL; } } } if (pssParams.maskAlg) { if (hashAlgTag == SEC_OID_SHA1) { /* Omit maskAlg if the the algorithm is SHA-1 (default) */ pssParams.maskAlg = NULL; } } else { if (hashAlgTag != SEC_OID_SHA1) { SECItem *hashAlgItem; PORT_Assert(pssParams.hashAlg != NULL); hashAlgItem = SEC_ASN1EncodeItem(arena, NULL, pssParams.hashAlg, SEC_ASN1_GET(SECOID_AlgorithmIDTemplate)); if (!hashAlgItem) { return NULL; } pssParams.maskAlg = PORT_ArenaZAlloc(arena, sizeof(SECAlgorithmID)); if (!pssParams.maskAlg) { return NULL; } rv = SECOID_SetAlgorithmID(arena, pssParams.maskAlg, SEC_OID_PKCS1_MGF1, hashAlgItem); if (rv != SECSuccess) { return NULL; } } } if (pssParams.saltLength.data) { if (saltLength == 20) { /* Omit the salt length if it is the default */ pssParams.saltLength.data = NULL; } } else { /* Find a suitable length from the hash algorithm and modulus bits */ saltLength = PR_MIN(hashLength, modBytes - hashLength - 2); if (saltLength != 20 && !SEC_ASN1EncodeInteger(arena, &pssParams.saltLength, saltLength)) { return NULL; } } if (pssParams.trailerField.data) { /* Omit trailerField if the value is 1 (default) */ pssParams.trailerField.data = NULL; } return SEC_ASN1EncodeItem(arena, result, &pssParams, SECKEY_RSAPSSParamsTemplate); }