Back to index

lightning-sunbird  0.9+nobinonly
Functions
cryptohi.h File Reference
#include "blapit.h"
#include "seccomon.h"
#include "secoidt.h"
#include "secdert.h"
#include "cryptoht.h"
#include "keyt.h"
#include "certt.h"

Go to the source code of this file.

Functions

SEC_BEGIN_PROTOS SECStatus DSAU_EncodeDerSig (SECItem *dest, SECItem *src)
SECItem * DSAU_DecodeDerSig (SECItem *item)
SECStatus DSAU_EncodeDerSigWithLen (SECItem *dest, SECItem *src, unsigned int len)
SECItem * DSAU_DecodeDerSigToLen (SECItem *item, unsigned int len)
SGNContext * SGN_NewContext (SECOidTag alg, SECKEYPrivateKey *privKey)
void SGN_DestroyContext (SGNContext *cx, PRBool freeit)
SECStatus SGN_Begin (SGNContext *cx)
SECStatus SGN_Update (SGNContext *cx, unsigned char *input, unsigned int inputLen)
SECStatus SGN_End (SGNContext *cx, SECItem *result)
SECStatus SEC_SignData (SECItem *result, unsigned char *buf, int len, SECKEYPrivateKey *pk, SECOidTag algid)
SECStatus SGN_Digest (SECKEYPrivateKey *privKey, SECOidTag algtag, SECItem *result, SECItem *digest)
SECStatus SEC_DerSignData (PRArenaPool *arena, SECItem *result, unsigned char *buf, int len, SECKEYPrivateKey *pk, SECOidTag algid)
void SEC_DestroySignedData (CERTSignedData *sd, PRBool freeit)
SECOidTag SEC_GetSignatureAlgorithmOidTag (KeyType keyType, SECOidTag hashAlgTag)
VFYContext * VFY_CreateContext (SECKEYPublicKey *key, SECItem *sig, SECOidTag algid, void *wincx)
void VFY_DestroyContext (VFYContext *cx, PRBool freeit)
SECStatus VFY_Begin (VFYContext *cx)
SECStatus VFY_Update (VFYContext *cx, unsigned char *input, unsigned int inputLen)
SECStatus VFY_End (VFYContext *cx)
SECStatus VFY_EndWithSignature (VFYContext *cx, SECItem *sig)
SECStatus VFY_VerifyDigest (SECItem *dig, SECKEYPublicKey *key, SECItem *sig, SECOidTag algid, void *wincx)
SECStatus VFY_VerifyData (unsigned char *buf, int len, SECKEYPublicKey *key, SECItem *sig, SECOidTag algid, void *wincx)
SECStatus VFY_VerifyDataWithAlgorithmID (const unsigned char *buf, int len, const SECKEYPublicKey *key, const SECItem *sig, const SECAlgorithmID *algid, SECOidTag *reserved, void *wincx)

Function Documentation

SECItem* DSAU_DecodeDerSig ( SECItem *  item)

Definition at line 286 of file dsautil.c.

Here is the call graph for this function:

SECItem* DSAU_DecodeDerSigToLen ( SECItem *  item,
unsigned int  len 
)

Definition at line 297 of file dsautil.c.

{
    return common_DecodeDerSig(item, len/2);
}

Here is the call graph for this function:

SEC_BEGIN_PROTOS SECStatus DSAU_EncodeDerSig ( SECItem *  dest,
SECItem *  src 
)

Definition at line 253 of file dsautil.c.

Here is the call graph for this function:

SECStatus DSAU_EncodeDerSigWithLen ( SECItem *  dest,
SECItem *  src,
unsigned int  len 
)

Definition at line 268 of file dsautil.c.

{

    PORT_Assert((src->len == len) && (len % 2 == 0));
    if ((src->len != len) || (src->len % 2 != 0)) {
       PORT_SetError( PR_INVALID_ARGUMENT_ERROR );
       return SECFailure;
    }

    return common_EncodeDerSig(dest, src);
}

Here is the call graph for this function:

SECStatus SEC_DerSignData ( PRArenaPool arena,
SECItem *  result,
unsigned char *  buf,
int  len,
SECKEYPrivateKey *  pk,
SECOidTag  algid 
)

Definition at line 382 of file secsign.c.

{
    SECItem it;
    CERTSignedData sd;
    SECStatus rv;

    it.data = 0;

    /* XXX We should probably have some asserts here to make sure the key type
     * and algID match
     */

    if (algID == SEC_OID_UNKNOWN) {
       switch(pk->keyType) {
         case rsaKey:
           algID = SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION;
           break;
         case dsaKey:
           algID = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST;
           break;
         case ecKey:
           algID = SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE;
           break;
         default:
           PORT_SetError(SEC_ERROR_INVALID_KEY);
           return SECFailure;
       }
    }

    /* Sign input buffer */
    rv = SEC_SignData(&it, buf, len, pk, algID);
    if (rv) goto loser;

    /* Fill out SignedData object */
    PORT_Memset(&sd, 0, sizeof(sd));
    sd.data.data = buf;
    sd.data.len = len;
    sd.signature.data = it.data;
    sd.signature.len = it.len << 3;              /* convert to bit string */
    rv = SECOID_SetAlgorithmID(arena, &sd.signatureAlgorithm, algID, 0);
    if (rv) goto loser;

    /* DER encode the signed data object */
    rv = DER_Encode(arena, result, CERTSignedDataTemplate, &sd);
    /* FALL THROUGH */

  loser:
    PORT_Free(it.data);
    return rv;
}

Here is the call graph for this function:

void SEC_DestroySignedData ( CERTSignedData *  sd,
PRBool  freeit 
)

Definition at line 505 of file secsign.c.

{
    SECOidTag sigTag = SEC_OID_UNKNOWN;

    switch (keyType) {
    case rsaKey:
       switch (hashAlgTag) {
       case SEC_OID_MD2:
           sigTag = SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION;     break;
       case SEC_OID_UNKNOWN:       /* default for RSA if not specified */
       case SEC_OID_MD5:
           sigTag = SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION;     break;
       case SEC_OID_SHA1:
           sigTag = SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION;    break;
       case SEC_OID_SHA256:
           sigTag = SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION;  break;
       case SEC_OID_SHA384:
           sigTag = SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION;  break;
       case SEC_OID_SHA512:
           sigTag = SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION;  break;
       default:
           break;
       }
       break;
    case dsaKey:
       switch (hashAlgTag) {
       case SEC_OID_UNKNOWN:       /* default for DSA if not specified */
       case SEC_OID_SHA1:
           sigTag = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST; break;
       default:
           break;
       }
       break;
    case ecKey:
       switch (hashAlgTag) {
       case SEC_OID_UNKNOWN:       /* default for ECDSA if hash not specified */
       case SEC_OID_SHA1:      /*  is ECDSA_SHA1_SIGNTARURE */
           sigTag = SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE; break;
       case SEC_OID_SHA256:
           sigTag = SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE; break;
       case SEC_OID_SHA384:
           sigTag = SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE; break;
       case SEC_OID_SHA512:
           sigTag = SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE; break;
       default:
           break;
       }
       break;
    default:
       break;
    }
    return sigTag;
}
SECStatus SEC_SignData ( SECItem *  result,
unsigned char *  buf,
int  len,
SECKEYPrivateKey *  pk,
SECOidTag  algid 
)

Definition at line 321 of file secsign.c.

{
    SECStatus rv;
    SGNContext *sgn;


    sgn = SGN_NewContext(algid, pk);

    if (sgn == NULL)
       return SECFailure;

    rv = SGN_Begin(sgn);
    if (rv != SECSuccess)
       goto loser;

    rv = SGN_Update(sgn, buf, len);
    if (rv != SECSuccess)
       goto loser;

    rv = SGN_End(sgn, res);

  loser:
    SGN_DestroyContext(sgn, PR_TRUE);
    return rv;
}

Here is the call graph for this function:

SECStatus SGN_Begin ( SGNContext *  cx)

Definition at line 191 of file secsign.c.

{
    if (cx->hashcx != NULL) {
       (*cx->hashobj->destroy)(cx->hashcx, PR_TRUE);
       cx->hashcx = NULL;
    }

    cx->hashobj = HASH_GetHashObjectByOidTag(cx->hashalg);
    if (!cx->hashobj)
       return SECFailure;   /* error code is already set */

    cx->hashcx = (*cx->hashobj->create)();
    if (cx->hashcx == NULL)
       return SECFailure;

    (*cx->hashobj->begin)(cx->hashcx);
    return SECSuccess;
}

Here is the call graph for this function:

void SGN_DestroyContext ( SGNContext *  cx,
PRBool  freeit 
)

Definition at line 177 of file secsign.c.

{
    if (cx) {
       if (cx->hashcx != NULL) {
           (*cx->hashobj->destroy)(cx->hashcx, PR_TRUE);
           cx->hashcx = NULL;
       }
       if (freeit) {
           PORT_ZFree(cx, sizeof(SGNContext));
       }
    }
}

Here is the call graph for this function:

SECStatus SGN_Digest ( SECKEYPrivateKey *  privKey,
SECOidTag  algtag,
SECItem *  result,
SECItem *  digest 
)

Definition at line 435 of file secsign.c.

{
    int modulusLen;
    SECStatus rv;
    SECItem digder;
    PRArenaPool *arena = 0;
    SGNDigestInfo *di = 0;


    result->data = 0;

    if (privKey->keyType == rsaKey) {

       arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
       if ( !arena ) {
           rv = SECFailure;
           goto loser;
       }
    
       /* Construct digest info */
       di = SGN_CreateDigestInfo(algtag, digest->data, digest->len);
       if (!di) {
           rv = SECFailure;
           goto loser;
       }

       /* Der encode the digest as a DigestInfo */
       rv = DER_Encode(arena, &digder, SGNDigestInfoTemplate, di);
       if (rv != SECSuccess) {
           goto loser;
       }
    } else {
       digder.data = digest->data;
       digder.len = digest->len;
    }

    /*
    ** Encrypt signature after constructing appropriate PKCS#1 signature
    ** block
    */
    modulusLen = PK11_SignatureLen(privKey);
    if (modulusLen <= 0) {
       PORT_SetError(SEC_ERROR_INVALID_KEY);
       rv = SECFailure;
       goto loser;
    }
    result->len = modulusLen;
    result->data = (unsigned char*) PORT_Alloc(modulusLen);

    if (result->data == NULL) {
       rv = SECFailure;
       goto loser;
    }

    rv = PK11_Sign(privKey, result, &digder);
    if (rv != SECSuccess) {
       PORT_Free(result->data);
       result->data = NULL;
    }

  loser:
    SGN_DestroyDigestInfo(di);
    if (arena != NULL) {
       PORT_FreeArena(arena, PR_FALSE);
    }
    return rv;
}

Here is the call graph for this function:

SECStatus SGN_End ( SGNContext *  cx,
SECItem *  result 
)

Definition at line 222 of file secsign.c.

{
    unsigned char digest[HASH_LENGTH_MAX];
    unsigned part1;
    int signatureLen;
    SECStatus rv;
    SECItem digder, sigitem;
    PRArenaPool *arena = 0;
    SECKEYPrivateKey *privKey = cx->key;
    SGNDigestInfo *di = 0;

    result->data = 0;
    digder.data = 0;

    /* Finish up digest function */
    if (cx->hashcx == NULL) {
       PORT_SetError(SEC_ERROR_INVALID_ARGS);
       return SECFailure;
    }
    (*cx->hashobj->end)(cx->hashcx, digest, &part1, sizeof(digest));


    if (privKey->keyType == rsaKey) {

       arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
       if ( !arena ) {
           rv = SECFailure;
           goto loser;
       }
    
       /* Construct digest info */
       di = SGN_CreateDigestInfo(cx->hashalg, digest, part1);
       if (!di) {
           rv = SECFailure;
           goto loser;
       }

       /* Der encode the digest as a DigestInfo */
       rv = DER_Encode(arena, &digder, SGNDigestInfoTemplate, di);
       if (rv != SECSuccess) {
           goto loser;
       }
    } else {
       digder.data = digest;
       digder.len = part1;
    }

    /*
    ** Encrypt signature after constructing appropriate PKCS#1 signature
    ** block
    */
    signatureLen = PK11_SignatureLen(privKey);
    if (signatureLen <= 0) {
       PORT_SetError(SEC_ERROR_INVALID_KEY);
       rv = SECFailure;
       goto loser;
    }
    sigitem.len = signatureLen;
    sigitem.data = (unsigned char*) PORT_Alloc(signatureLen);

    if (sigitem.data == NULL) {
       rv = SECFailure;
       goto loser;
    }

    rv = PK11_Sign(privKey, &sigitem, &digder);
    if (rv != SECSuccess) {
       PORT_Free(sigitem.data);
       sigitem.data = NULL;
       goto loser;
    }

    if ((cx->signalg == SEC_OID_ANSIX9_DSA_SIGNATURE) ||
        (cx->signalg == SEC_OID_ANSIX962_EC_PUBLIC_KEY)) {
        /* DSAU_EncodeDerSigWithLen works for DSA and ECDSA */
       rv = DSAU_EncodeDerSigWithLen(result, &sigitem, sigitem.len); 
       PORT_Free(sigitem.data);
       if (rv != SECSuccess)
           goto loser;
    } else {
       result->len = sigitem.len;
       result->data = sigitem.data;
    }

  loser:
    SGN_DestroyDigestInfo(di);
    if (arena != NULL) {
       PORT_FreeArena(arena, PR_FALSE);
    }
    return rv;
}

Here is the call graph for this function:

SGNContext* SGN_NewContext ( SECOidTag  alg,
SECKEYPrivateKey *  privKey 
)

Definition at line 61 of file secsign.c.

{
    SGNContext *cx;
    SECOidTag hashalg, signalg;
    KeyType keyType;

    /* OK, map a PKCS #7 hash and encrypt algorithm into
     * a standard hashing algorithm. Why did we pass in the whole
     * PKCS #7 algTag if we were just going to change here you might
     * ask. Well the answer is for some cards we may have to do the
     * hashing on card. It may not support CKM_RSA_PKCS sign algorithm,
     * it may just support CKM_RSA_PKCS_WITH_SHA1 and/or CKM_RSA_PKCS_WITH_MD5.
     */
    switch (alg) {
      /* We probably shouldn't be generating MD2 signatures either */
      case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION:
       hashalg = SEC_OID_MD2;
       signalg = SEC_OID_PKCS1_RSA_ENCRYPTION;
       keyType = rsaKey;
       break;
      case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:
        hashalg = SEC_OID_MD5;
       signalg = SEC_OID_PKCS1_RSA_ENCRYPTION;
       keyType = rsaKey;
       break;
      case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
      case SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE:
       hashalg = SEC_OID_SHA1;
       signalg = SEC_OID_PKCS1_RSA_ENCRYPTION;
       keyType = rsaKey;
       break;

      case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
       hashalg = SEC_OID_SHA256;
       signalg = SEC_OID_PKCS1_RSA_ENCRYPTION;
       keyType = rsaKey;
       break;
      case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION:
       hashalg = SEC_OID_SHA384;
       signalg = SEC_OID_PKCS1_RSA_ENCRYPTION;
       keyType = rsaKey;
       break;
      case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION:
       hashalg = SEC_OID_SHA512;
       signalg = SEC_OID_PKCS1_RSA_ENCRYPTION;
       keyType = rsaKey;
       break;

      /* what about normal DSA? */
      case SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST:
      case SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST:
       hashalg = SEC_OID_SHA1;
       signalg = SEC_OID_ANSIX9_DSA_SIGNATURE;
       keyType = dsaKey;
       break;
      case SEC_OID_MISSI_DSS:
      case SEC_OID_MISSI_KEA_DSS:
      case SEC_OID_MISSI_KEA_DSS_OLD:
      case SEC_OID_MISSI_DSS_OLD:
       hashalg = SEC_OID_SHA1;
       signalg = SEC_OID_MISSI_DSS; /* XXX Is there a better algid? */
       keyType = fortezzaKey;
       break;
      case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE:
       hashalg = SEC_OID_SHA1;
       signalg = SEC_OID_ANSIX962_EC_PUBLIC_KEY;
       keyType = ecKey;
       break;
      case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE:
       hashalg = SEC_OID_SHA256;
       signalg = SEC_OID_ANSIX962_EC_PUBLIC_KEY;
       keyType = ecKey;
       break;
      case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE:
       hashalg = SEC_OID_SHA384;
       signalg = SEC_OID_ANSIX962_EC_PUBLIC_KEY;
       keyType = ecKey;
       break;
      case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE:
       hashalg = SEC_OID_SHA512;
       signalg = SEC_OID_ANSIX962_EC_PUBLIC_KEY;
       keyType = ecKey;
       break;
      /* we don't implement MD4 hashes. 
       * we *CERTAINLY* don't want to sign one! */
      case SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION:
      default:
       PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
       return 0;
    }

    /* verify our key type */
    if (key->keyType != keyType &&
       !((key->keyType == dsaKey) && (keyType == fortezzaKey)) &&
       !((key->keyType == fortezzaKey) && (keyType == dsaKey)) ) {
       PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
       return 0;
    }

#ifndef NSS_ECC_MORE_THAN_SUITE_B
    if (key->keyType == ecKey) {
       PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
       return 0;
    }
#endif

    cx = (SGNContext*) PORT_ZAlloc(sizeof(SGNContext));
    if (cx) {
       cx->hashalg = hashalg;
       cx->signalg = signalg;
       cx->key = key;
    }
    return cx;
}

Here is the call graph for this function:

SECStatus SGN_Update ( SGNContext *  cx,
unsigned char *  input,
unsigned int  inputLen 
)
SECStatus VFY_Begin ( VFYContext *  cx)

Definition at line 428 of file secvfy.c.

{
    if (cx->hashcx != NULL) {
       (*cx->hashobj->destroy)(cx->hashcx, PR_TRUE);
       cx->hashcx = NULL;
    }

    cx->hashobj = HASH_GetHashObjectByOidTag(cx->alg);
    if (!cx->hashobj) 
       return SECFailure;   /* error code is set */

    cx->hashcx = (*cx->hashobj->create)();
    if (cx->hashcx == NULL)
       return SECFailure;

    (*cx->hashobj->begin)(cx->hashcx);
    return SECSuccess;
}

Here is the call graph for this function:

VFYContext* VFY_CreateContext ( SECKEYPublicKey *  key,
SECItem *  sig,
SECOidTag  algid,
void wincx 
)

Definition at line 404 of file secvfy.c.

{
   return vfy_CreateContextPrivate(key, sig, algid, NULL, wincx);
}

Here is the call graph for this function:

void VFY_DestroyContext ( VFYContext *  cx,
PRBool  freeit 
)

Definition at line 411 of file secvfy.c.

{
    if (cx) {
       if (cx->hashcx != NULL) {
           (*cx->hashobj->destroy)(cx->hashcx, PR_TRUE);
           cx->hashcx = NULL;
       }
       if (cx->key) {
           SECKEY_DestroyPublicKey(cx->key);
       }
       if (freeit) {
           PORT_ZFree(cx, sizeof(VFYContext));
       }
    }
}

Here is the call graph for this function:

SECStatus VFY_End ( VFYContext *  cx)

Definition at line 527 of file secvfy.c.

Here is the call graph for this function:

SECStatus VFY_EndWithSignature ( VFYContext *  cx,
SECItem *  sig 
)

Definition at line 459 of file secvfy.c.

{
    unsigned char final[HASH_LENGTH_MAX];
    unsigned part;
    SECItem hash,dsasig; /* dsasig is also used for ECDSA */
    SECStatus rv;

    if ((cx->hasSignature == PR_FALSE) && (sig == NULL)) {
       PORT_SetError(SEC_ERROR_INVALID_ARGS);
       return SECFailure;
    }

    if (cx->hashcx == NULL) {
       PORT_SetError(SEC_ERROR_INVALID_ARGS);
       return SECFailure;
    }
    (*cx->hashobj->end)(cx->hashcx, final, &part, sizeof(final));
    switch (cx->type) {
      case VFY_DSA:
      case VFY_ECDSA:
       dsasig.data = cx->u.buffer;
       if (cx->type == VFY_DSA) {
           dsasig.len = DSA_SIGNATURE_LEN;
       } else {
           dsasig.len = SECKEY_SignatureLen(cx->key);
       }
       if (dsasig.len == 0) {
           return SECFailure;
       }
       if (sig) {
           rv = decodeECorDSASignature(cx->sigAlg,sig,dsasig.data,
                                   dsasig.len);
           if (rv != SECSuccess) {
              PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
              return SECFailure;
           }
       } 
       hash.data = final;
       hash.len = part;
       if (PK11_Verify(cx->key,&dsasig,&hash,cx->wincx) != SECSuccess) {
              PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
              return SECFailure;
       }
       break;
      case VFY_RSA:
       if (sig) {
           SECOidTag hashid = SEC_OID_UNKNOWN;
           rv = DecryptSigBlock(&hashid, cx->u.buffer, &cx->rsadigestlen,
                  HASH_LENGTH_MAX, cx->key, sig, (char*)cx->wincx);
           if ((rv != SECSuccess) || (hashid != cx->alg)) {
              PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
              return SECFailure;
           }
       }
       if ((part != cx->rsadigestlen) ||
              PORT_Memcmp(final, cx->u.buffer, part)) {
           PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
           return SECFailure;
       }
       break;
      default:
       PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
       return SECFailure; /* shouldn't happen */
    }
    return SECSuccess;
}

Here is the call graph for this function:

SECStatus VFY_Update ( VFYContext *  cx,
unsigned char *  input,
unsigned int  inputLen 
)
SECStatus VFY_VerifyData ( unsigned char *  buf,
int  len,
SECKEYPublicKey *  key,
SECItem *  sig,
SECOidTag  algid,
void wincx 
)

Definition at line 612 of file secvfy.c.

{
    return vfy_VerifyDataPrivate(buf, len, key, sig, algid, NULL, wincx);
}

Here is the call graph for this function:

SECStatus VFY_VerifyDataWithAlgorithmID ( const unsigned char *  buf,
int  len,
const SECKEYPublicKey *  key,
const SECItem *  sig,
const SECAlgorithmID *  algid,
SECOidTag reserved,
void wincx 
)

Definition at line 622 of file secvfy.c.

{
    /* the hash parameter is only provided to match the NSS 3.12 signature */
    PORT_Assert(reserved == NULL);
    if (reserved) {
       /* shouldn't happen, This function is not exported, and the only
        * NSS callers pass 'NULL' */
       PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
       return SECFailure;
    }
    return vfy_VerifyDataPrivate(buf, len, key, sig, 
           SECOID_GetAlgorithmTag((SECAlgorithmID *)sigAlgorithm),
           &sigAlgorithm->parameters, wincx);
}

Here is the call graph for this function:

SECStatus VFY_VerifyDigest ( SECItem *  dig,
SECKEYPublicKey *  key,
SECItem *  sig,
SECOidTag  algid,
void wincx 
)

Definition at line 540 of file secvfy.c.

{
    SECStatus rv;
    VFYContext *cx;
    SECItem dsasig; /* also used for ECDSA */

    rv = SECFailure;

    cx = VFY_CreateContext(key, sig, algid, wincx);
    if (cx != NULL) {
       switch (key->keyType) {
       case rsaKey:
           if ((digest->len != cx->rsadigestlen) ||
              PORT_Memcmp(digest->data, cx->u.buffer, digest->len)) {
              PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
           } else {
              rv = SECSuccess;
           }
           break;
       case fortezzaKey:
       case dsaKey:
       case ecKey:
           dsasig.data = cx->u.buffer;
           if (key->keyType == ecKey) {
              dsasig.len = SECKEY_SignatureLen(cx->key);
           } else {
              /* magic size of dsa signature */
              dsasig.len = DSA_SIGNATURE_LEN;
           }
           if (dsasig.len == 0) {
              break;
           }
           if (PK11_Verify(cx->key, &dsasig, digest, cx->wincx)
              != SECSuccess) {
              PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
           } else {
              rv = SECSuccess;
           }
           break;
       default:
           break;
       }
       VFY_DestroyContext(cx, PR_TRUE);
    }
    return rv;
}

Here is the call graph for this function: