1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this file,
5 * You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7 #include "nsIIdentityCryptoService.h"
8 #include "mozilla/ModuleUtils.h"
9 #include "nsServiceManagerUtils.h"
10 #include "nsNSSShutDown.h"
11 #include "nsIThread.h"
12 #include "nsThreadUtils.h"
13 #include "nsCOMPtr.h"
14 #include "nsProxyRelease.h"
15 #include "nsString.h"
16 #include "mozilla/ArrayUtils.h" // ArrayLength
17 #include "mozilla/Base64.h"
18 #include "ScopedNSSTypes.h"
19 #include "NSSErrorsService.h"
20
21 #include "nss.h"
22 #include "pk11pub.h"
23 #include "secmod.h"
24 #include "secerr.h"
25 #include "keyhi.h"
26 #include "cryptohi.h"
27
28 #include <limits.h>
29
30 using namespace mozilla;
31
32 namespace {
33
34 void
HexEncode(const SECItem * it,nsACString & result)35 HexEncode(const SECItem * it, nsACString & result)
36 {
37 const char * digits = "0123456789ABCDEF";
38 result.SetCapacity((it->len * 2) + 1);
39 result.SetLength(it->len * 2);
40 char * p = result.BeginWriting();
41 for (unsigned int i = 0; i < it->len; ++i) {
42 *p++ = digits[it->data[i] >> 4];
43 *p++ = digits[it->data[i] & 0x0f];
44 }
45 }
46
47 #define DSA_KEY_TYPE_STRING (NS_LITERAL_CSTRING("DS160"))
48 #define RSA_KEY_TYPE_STRING (NS_LITERAL_CSTRING("RS256"))
49
50 class KeyPair : public nsIIdentityKeyPair, public nsNSSShutDownObject
51 {
52 public:
53 NS_DECL_THREADSAFE_ISUPPORTS
54 NS_DECL_NSIIDENTITYKEYPAIR
55
56 KeyPair(SECKEYPrivateKey* aPrivateKey, SECKEYPublicKey* aPublicKey,
57 nsIEventTarget* aOperationThread);
58
59 private:
~KeyPair()60 ~KeyPair()
61 {
62 nsNSSShutDownPreventionLock locker;
63 if (isAlreadyShutDown()) {
64 return;
65 }
66 destructorSafeDestroyNSSReference();
67 shutdown(ShutdownCalledFrom::Object);
68 }
69
virtualDestroyNSSReference()70 void virtualDestroyNSSReference() override
71 {
72 destructorSafeDestroyNSSReference();
73 }
74
destructorSafeDestroyNSSReference()75 void destructorSafeDestroyNSSReference()
76 {
77 SECKEY_DestroyPrivateKey(mPrivateKey);
78 mPrivateKey = nullptr;
79 SECKEY_DestroyPublicKey(mPublicKey);
80 mPublicKey = nullptr;
81 }
82
83 SECKEYPrivateKey * mPrivateKey;
84 SECKEYPublicKey * mPublicKey;
85 nsCOMPtr<nsIEventTarget> mThread;
86
87 KeyPair(const KeyPair &) = delete;
88 void operator=(const KeyPair &) = delete;
89 };
90
91 NS_IMPL_ISUPPORTS(KeyPair, nsIIdentityKeyPair)
92
93 class KeyGenRunnable : public Runnable, public nsNSSShutDownObject
94 {
95 public:
96 NS_DECL_NSIRUNNABLE
97
98 KeyGenRunnable(KeyType keyType, nsIIdentityKeyGenCallback * aCallback,
99 nsIEventTarget* aOperationThread);
100
101 private:
~KeyGenRunnable()102 ~KeyGenRunnable()
103 {
104 nsNSSShutDownPreventionLock locker;
105 if (isAlreadyShutDown()) {
106 return;
107 }
108 destructorSafeDestroyNSSReference();
109 shutdown(ShutdownCalledFrom::Object);
110 }
111
virtualDestroyNSSReference()112 virtual void virtualDestroyNSSReference() override
113 {
114 destructorSafeDestroyNSSReference();
115 }
116
destructorSafeDestroyNSSReference()117 void destructorSafeDestroyNSSReference()
118 {
119 }
120
121 const KeyType mKeyType; // in
122 nsMainThreadPtrHandle<nsIIdentityKeyGenCallback> mCallback; // in
123 nsresult mRv; // out
124 nsCOMPtr<nsIIdentityKeyPair> mKeyPair; // out
125 nsCOMPtr<nsIEventTarget> mThread;
126
127 KeyGenRunnable(const KeyGenRunnable &) = delete;
128 void operator=(const KeyGenRunnable &) = delete;
129 };
130
131 class SignRunnable : public Runnable, public nsNSSShutDownObject
132 {
133 public:
134 NS_DECL_NSIRUNNABLE
135
136 SignRunnable(const nsACString & textToSign, SECKEYPrivateKey * privateKey,
137 nsIIdentitySignCallback * aCallback);
138
139 private:
~SignRunnable()140 ~SignRunnable()
141 {
142 nsNSSShutDownPreventionLock locker;
143 if (isAlreadyShutDown()) {
144 return;
145 }
146 destructorSafeDestroyNSSReference();
147 shutdown(ShutdownCalledFrom::Object);
148 }
149
virtualDestroyNSSReference()150 void virtualDestroyNSSReference() override
151 {
152 destructorSafeDestroyNSSReference();
153 }
154
destructorSafeDestroyNSSReference()155 void destructorSafeDestroyNSSReference()
156 {
157 SECKEY_DestroyPrivateKey(mPrivateKey);
158 mPrivateKey = nullptr;
159 }
160
161 const nsCString mTextToSign; // in
162 SECKEYPrivateKey* mPrivateKey; // in
163 nsMainThreadPtrHandle<nsIIdentitySignCallback> mCallback; // in
164 nsresult mRv; // out
165 nsCString mSignature; // out
166
167 private:
168 SignRunnable(const SignRunnable &) = delete;
169 void operator=(const SignRunnable &) = delete;
170 };
171
172 class IdentityCryptoService final : public nsIIdentityCryptoService
173 {
174 public:
175 NS_DECL_THREADSAFE_ISUPPORTS
176 NS_DECL_NSIIDENTITYCRYPTOSERVICE
177
IdentityCryptoService()178 IdentityCryptoService() { }
Init()179 nsresult Init()
180 {
181 nsresult rv;
182 nsCOMPtr<nsISupports> dummyUsedToEnsureNSSIsInitialized
183 = do_GetService("@mozilla.org/psm;1", &rv);
184 NS_ENSURE_SUCCESS(rv, rv);
185
186 nsCOMPtr<nsIThread> thread;
187 rv = NS_NewNamedThread("IdentityCrypto", getter_AddRefs(thread));
188 NS_ENSURE_SUCCESS(rv, rv);
189
190 mThread = thread.forget();
191
192 return NS_OK;
193 }
194
195 private:
~IdentityCryptoService()196 ~IdentityCryptoService() { }
197 IdentityCryptoService(const KeyPair &) = delete;
198 void operator=(const IdentityCryptoService &) = delete;
199
200 nsCOMPtr<nsIEventTarget> mThread;
201 };
202
NS_IMPL_ISUPPORTS(IdentityCryptoService,nsIIdentityCryptoService)203 NS_IMPL_ISUPPORTS(IdentityCryptoService, nsIIdentityCryptoService)
204
205 NS_IMETHODIMP
206 IdentityCryptoService::GenerateKeyPair(
207 const nsACString & keyTypeString, nsIIdentityKeyGenCallback * callback)
208 {
209 KeyType keyType;
210 if (keyTypeString.Equals(RSA_KEY_TYPE_STRING)) {
211 keyType = rsaKey;
212 } else if (keyTypeString.Equals(DSA_KEY_TYPE_STRING)) {
213 keyType = dsaKey;
214 } else {
215 return NS_ERROR_UNEXPECTED;
216 }
217
218 nsCOMPtr<nsIRunnable> r = new KeyGenRunnable(keyType, callback, mThread);
219 nsresult rv = mThread->Dispatch(r.forget(), NS_DISPATCH_NORMAL);
220 NS_ENSURE_SUCCESS(rv, rv);
221
222 return NS_OK;
223 }
224
225 NS_IMETHODIMP
Base64UrlEncode(const nsACString & utf8Input,nsACString & result)226 IdentityCryptoService::Base64UrlEncode(const nsACString & utf8Input,
227 nsACString & result)
228 {
229 return Base64URLEncode(utf8Input.Length(),
230 reinterpret_cast<const uint8_t*>(utf8Input.BeginReading()),
231 Base64URLEncodePaddingPolicy::Include, result);
232 }
233
KeyPair(SECKEYPrivateKey * privateKey,SECKEYPublicKey * publicKey,nsIEventTarget * operationThread)234 KeyPair::KeyPair(SECKEYPrivateKey * privateKey, SECKEYPublicKey * publicKey,
235 nsIEventTarget* operationThread)
236 : mPrivateKey(privateKey)
237 , mPublicKey(publicKey)
238 , mThread(operationThread)
239 {
240 MOZ_ASSERT(!NS_IsMainThread());
241 }
242
243 NS_IMETHODIMP
GetHexRSAPublicKeyExponent(nsACString & result)244 KeyPair::GetHexRSAPublicKeyExponent(nsACString & result)
245 {
246 MOZ_ASSERT(NS_IsMainThread());
247 NS_ENSURE_TRUE(mPublicKey, NS_ERROR_NOT_AVAILABLE);
248 NS_ENSURE_TRUE(mPublicKey->keyType == rsaKey, NS_ERROR_NOT_AVAILABLE);
249 HexEncode(&mPublicKey->u.rsa.publicExponent, result);
250 return NS_OK;
251 }
252
253 NS_IMETHODIMP
GetHexRSAPublicKeyModulus(nsACString & result)254 KeyPair::GetHexRSAPublicKeyModulus(nsACString & result)
255 {
256 MOZ_ASSERT(NS_IsMainThread());
257 NS_ENSURE_TRUE(mPublicKey, NS_ERROR_NOT_AVAILABLE);
258 NS_ENSURE_TRUE(mPublicKey->keyType == rsaKey, NS_ERROR_NOT_AVAILABLE);
259 HexEncode(&mPublicKey->u.rsa.modulus, result);
260 return NS_OK;
261 }
262
263 NS_IMETHODIMP
GetHexDSAPrime(nsACString & result)264 KeyPair::GetHexDSAPrime(nsACString & result)
265 {
266 MOZ_ASSERT(NS_IsMainThread());
267 NS_ENSURE_TRUE(mPublicKey, NS_ERROR_NOT_AVAILABLE);
268 NS_ENSURE_TRUE(mPublicKey->keyType == dsaKey, NS_ERROR_NOT_AVAILABLE);
269 HexEncode(&mPublicKey->u.dsa.params.prime, result);
270 return NS_OK;
271 }
272
273 NS_IMETHODIMP
GetHexDSASubPrime(nsACString & result)274 KeyPair::GetHexDSASubPrime(nsACString & result)
275 {
276 MOZ_ASSERT(NS_IsMainThread());
277 NS_ENSURE_TRUE(mPublicKey, NS_ERROR_NOT_AVAILABLE);
278 NS_ENSURE_TRUE(mPublicKey->keyType == dsaKey, NS_ERROR_NOT_AVAILABLE);
279 HexEncode(&mPublicKey->u.dsa.params.subPrime, result);
280 return NS_OK;
281 }
282
283 NS_IMETHODIMP
GetHexDSAGenerator(nsACString & result)284 KeyPair::GetHexDSAGenerator(nsACString & result)
285 {
286 MOZ_ASSERT(NS_IsMainThread());
287 NS_ENSURE_TRUE(mPublicKey, NS_ERROR_NOT_AVAILABLE);
288 NS_ENSURE_TRUE(mPublicKey->keyType == dsaKey, NS_ERROR_NOT_AVAILABLE);
289 HexEncode(&mPublicKey->u.dsa.params.base, result);
290 return NS_OK;
291 }
292
293 NS_IMETHODIMP
GetHexDSAPublicValue(nsACString & result)294 KeyPair::GetHexDSAPublicValue(nsACString & result)
295 {
296 MOZ_ASSERT(NS_IsMainThread());
297 NS_ENSURE_TRUE(mPublicKey, NS_ERROR_NOT_AVAILABLE);
298 NS_ENSURE_TRUE(mPublicKey->keyType == dsaKey, NS_ERROR_NOT_AVAILABLE);
299 HexEncode(&mPublicKey->u.dsa.publicValue, result);
300 return NS_OK;
301 }
302
303 NS_IMETHODIMP
GetKeyType(nsACString & result)304 KeyPair::GetKeyType(nsACString & result)
305 {
306 MOZ_ASSERT(NS_IsMainThread());
307 NS_ENSURE_TRUE(mPublicKey, NS_ERROR_NOT_AVAILABLE);
308
309 switch (mPublicKey->keyType) {
310 case rsaKey: result = RSA_KEY_TYPE_STRING; return NS_OK;
311 case dsaKey: result = DSA_KEY_TYPE_STRING; return NS_OK;
312 default: return NS_ERROR_UNEXPECTED;
313 }
314 }
315
316 NS_IMETHODIMP
Sign(const nsACString & textToSign,nsIIdentitySignCallback * callback)317 KeyPair::Sign(const nsACString & textToSign,
318 nsIIdentitySignCallback* callback)
319 {
320 MOZ_ASSERT(NS_IsMainThread());
321 nsCOMPtr<nsIRunnable> r = new SignRunnable(textToSign, mPrivateKey,
322 callback);
323
324 return mThread->Dispatch(r, NS_DISPATCH_NORMAL);
325 }
326
KeyGenRunnable(KeyType keyType,nsIIdentityKeyGenCallback * callback,nsIEventTarget * operationThread)327 KeyGenRunnable::KeyGenRunnable(KeyType keyType,
328 nsIIdentityKeyGenCallback * callback,
329 nsIEventTarget* operationThread)
330 : mKeyType(keyType)
331 , mCallback(new nsMainThreadPtrHolder<nsIIdentityKeyGenCallback>(callback))
332 , mRv(NS_ERROR_NOT_INITIALIZED)
333 , mThread(operationThread)
334 {
335 }
336
337 MOZ_MUST_USE nsresult
GenerateKeyPair(PK11SlotInfo * slot,SECKEYPrivateKey ** privateKey,SECKEYPublicKey ** publicKey,CK_MECHANISM_TYPE mechanism,void * params)338 GenerateKeyPair(PK11SlotInfo * slot,
339 SECKEYPrivateKey ** privateKey,
340 SECKEYPublicKey ** publicKey,
341 CK_MECHANISM_TYPE mechanism,
342 void * params)
343 {
344 *publicKey = nullptr;
345 *privateKey = PK11_GenerateKeyPair(slot, mechanism, params, publicKey,
346 PR_FALSE /*isPerm*/,
347 PR_TRUE /*isSensitive*/,
348 nullptr /*&pwdata*/);
349 if (!*privateKey) {
350 MOZ_ASSERT(!*publicKey);
351 return mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
352 }
353 if (!*publicKey) {
354 SECKEY_DestroyPrivateKey(*privateKey);
355 *privateKey = nullptr;
356 MOZ_CRASH("PK11_GnerateKeyPair returned private key without public key");
357 }
358
359 return NS_OK;
360 }
361
362
363 MOZ_MUST_USE nsresult
GenerateRSAKeyPair(PK11SlotInfo * slot,SECKEYPrivateKey ** privateKey,SECKEYPublicKey ** publicKey)364 GenerateRSAKeyPair(PK11SlotInfo * slot,
365 SECKEYPrivateKey ** privateKey,
366 SECKEYPublicKey ** publicKey)
367 {
368 MOZ_ASSERT(!NS_IsMainThread());
369
370 PK11RSAGenParams rsaParams;
371 rsaParams.keySizeInBits = 2048;
372 rsaParams.pe = 0x10001;
373 return GenerateKeyPair(slot, privateKey, publicKey, CKM_RSA_PKCS_KEY_PAIR_GEN,
374 &rsaParams);
375 }
376
377 MOZ_MUST_USE nsresult
GenerateDSAKeyPair(PK11SlotInfo * slot,SECKEYPrivateKey ** privateKey,SECKEYPublicKey ** publicKey)378 GenerateDSAKeyPair(PK11SlotInfo * slot,
379 SECKEYPrivateKey ** privateKey,
380 SECKEYPublicKey ** publicKey)
381 {
382 MOZ_ASSERT(!NS_IsMainThread());
383
384 // XXX: These could probably be static const arrays, but this way we avoid
385 // compiler warnings and also we avoid having to worry much about whether the
386 // functions that take these inputs will (unexpectedly) modify them.
387
388 // Using NIST parameters. Some other BrowserID components require that these
389 // exact parameters are used.
390 uint8_t P[] = {
391 0xFF,0x60,0x04,0x83,0xDB,0x6A,0xBF,0xC5,0xB4,0x5E,0xAB,0x78,
392 0x59,0x4B,0x35,0x33,0xD5,0x50,0xD9,0xF1,0xBF,0x2A,0x99,0x2A,
393 0x7A,0x8D,0xAA,0x6D,0xC3,0x4F,0x80,0x45,0xAD,0x4E,0x6E,0x0C,
394 0x42,0x9D,0x33,0x4E,0xEE,0xAA,0xEF,0xD7,0xE2,0x3D,0x48,0x10,
395 0xBE,0x00,0xE4,0xCC,0x14,0x92,0xCB,0xA3,0x25,0xBA,0x81,0xFF,
396 0x2D,0x5A,0x5B,0x30,0x5A,0x8D,0x17,0xEB,0x3B,0xF4,0xA0,0x6A,
397 0x34,0x9D,0x39,0x2E,0x00,0xD3,0x29,0x74,0x4A,0x51,0x79,0x38,
398 0x03,0x44,0xE8,0x2A,0x18,0xC4,0x79,0x33,0x43,0x8F,0x89,0x1E,
399 0x22,0xAE,0xEF,0x81,0x2D,0x69,0xC8,0xF7,0x5E,0x32,0x6C,0xB7,
400 0x0E,0xA0,0x00,0xC3,0xF7,0x76,0xDF,0xDB,0xD6,0x04,0x63,0x8C,
401 0x2E,0xF7,0x17,0xFC,0x26,0xD0,0x2E,0x17
402 };
403
404 uint8_t Q[] = {
405 0xE2,0x1E,0x04,0xF9,0x11,0xD1,0xED,0x79,0x91,0x00,0x8E,0xCA,
406 0xAB,0x3B,0xF7,0x75,0x98,0x43,0x09,0xC3
407 };
408
409 uint8_t G[] = {
410 0xC5,0x2A,0x4A,0x0F,0xF3,0xB7,0xE6,0x1F,0xDF,0x18,0x67,0xCE,
411 0x84,0x13,0x83,0x69,0xA6,0x15,0x4F,0x4A,0xFA,0x92,0x96,0x6E,
412 0x3C,0x82,0x7E,0x25,0xCF,0xA6,0xCF,0x50,0x8B,0x90,0xE5,0xDE,
413 0x41,0x9E,0x13,0x37,0xE0,0x7A,0x2E,0x9E,0x2A,0x3C,0xD5,0xDE,
414 0xA7,0x04,0xD1,0x75,0xF8,0xEB,0xF6,0xAF,0x39,0x7D,0x69,0xE1,
415 0x10,0xB9,0x6A,0xFB,0x17,0xC7,0xA0,0x32,0x59,0x32,0x9E,0x48,
416 0x29,0xB0,0xD0,0x3B,0xBC,0x78,0x96,0xB1,0x5B,0x4A,0xDE,0x53,
417 0xE1,0x30,0x85,0x8C,0xC3,0x4D,0x96,0x26,0x9A,0xA8,0x90,0x41,
418 0xF4,0x09,0x13,0x6C,0x72,0x42,0xA3,0x88,0x95,0xC9,0xD5,0xBC,
419 0xCA,0xD4,0xF3,0x89,0xAF,0x1D,0x7A,0x4B,0xD1,0x39,0x8B,0xD0,
420 0x72,0xDF,0xFA,0x89,0x62,0x33,0x39,0x7A
421 };
422
423 static_assert(MOZ_ARRAY_LENGTH(P) == 1024 / CHAR_BIT, "bad DSA P");
424 static_assert(MOZ_ARRAY_LENGTH(Q) == 160 / CHAR_BIT, "bad DSA Q");
425 static_assert(MOZ_ARRAY_LENGTH(G) == 1024 / CHAR_BIT, "bad DSA G");
426
427 PQGParams pqgParams = {
428 nullptr /*arena*/,
429 { siBuffer, P, static_cast<unsigned int>(mozilla::ArrayLength(P)) },
430 { siBuffer, Q, static_cast<unsigned int>(mozilla::ArrayLength(Q)) },
431 { siBuffer, G, static_cast<unsigned int>(mozilla::ArrayLength(G)) }
432 };
433
434 return GenerateKeyPair(slot, privateKey, publicKey, CKM_DSA_KEY_PAIR_GEN,
435 &pqgParams);
436 }
437
438 NS_IMETHODIMP
Run()439 KeyGenRunnable::Run()
440 {
441 if (!NS_IsMainThread()) {
442 nsNSSShutDownPreventionLock locker;
443 if (isAlreadyShutDown()) {
444 mRv = NS_ERROR_NOT_AVAILABLE;
445 } else {
446 // We always want to use the internal slot for BrowserID; in particular,
447 // we want to avoid smartcard slots.
448 PK11SlotInfo *slot = PK11_GetInternalSlot();
449 if (!slot) {
450 mRv = NS_ERROR_UNEXPECTED;
451 } else {
452 SECKEYPrivateKey *privk = nullptr;
453 SECKEYPublicKey *pubk = nullptr;
454
455 switch (mKeyType) {
456 case rsaKey:
457 mRv = GenerateRSAKeyPair(slot, &privk, &pubk);
458 break;
459 case dsaKey:
460 mRv = GenerateDSAKeyPair(slot, &privk, &pubk);
461 break;
462 default:
463 MOZ_CRASH("unknown key type");
464 }
465
466 PK11_FreeSlot(slot);
467
468 if (NS_SUCCEEDED(mRv)) {
469 MOZ_ASSERT(privk);
470 MOZ_ASSERT(pubk);
471 // mKeyPair will take over ownership of privk and pubk
472 mKeyPair = new KeyPair(privk, pubk, mThread);
473 }
474 }
475 }
476
477 NS_DispatchToMainThread(this);
478 } else {
479 // Back on Main Thread
480 (void) mCallback->GenerateKeyPairFinished(mRv, mKeyPair);
481 }
482 return NS_OK;
483 }
484
SignRunnable(const nsACString & aText,SECKEYPrivateKey * privateKey,nsIIdentitySignCallback * aCallback)485 SignRunnable::SignRunnable(const nsACString & aText,
486 SECKEYPrivateKey * privateKey,
487 nsIIdentitySignCallback * aCallback)
488 : mTextToSign(aText)
489 , mPrivateKey(SECKEY_CopyPrivateKey(privateKey))
490 , mCallback(new nsMainThreadPtrHolder<nsIIdentitySignCallback>(aCallback))
491 , mRv(NS_ERROR_NOT_INITIALIZED)
492 {
493 }
494
495 NS_IMETHODIMP
Run()496 SignRunnable::Run()
497 {
498 if (!NS_IsMainThread()) {
499 nsNSSShutDownPreventionLock locker;
500 if (isAlreadyShutDown()) {
501 mRv = NS_ERROR_NOT_AVAILABLE;
502 } else {
503 // We need the output in PKCS#11 format, not DER encoding, so we must use
504 // PK11_HashBuf and PK11_Sign instead of SEC_SignData.
505
506 SECItem sig = { siBuffer, nullptr, 0 };
507 int sigLength = PK11_SignatureLen(mPrivateKey);
508 if (sigLength <= 0) {
509 mRv = mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
510 } else if (!SECITEM_AllocItem(nullptr, &sig, sigLength)) {
511 mRv = mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
512 } else {
513 uint8_t hash[32]; // big enough for SHA-1 or SHA-256
514 SECOidTag hashAlg = mPrivateKey->keyType == dsaKey ? SEC_OID_SHA1
515 : SEC_OID_SHA256;
516 SECItem hashItem = { siBuffer, hash,
517 hashAlg == SEC_OID_SHA1 ? 20u : 32u };
518
519 mRv = MapSECStatus(PK11_HashBuf(hashAlg, hash,
520 const_cast<uint8_t*>(reinterpret_cast<const uint8_t *>(
521 mTextToSign.get())),
522 mTextToSign.Length()));
523 if (NS_SUCCEEDED(mRv)) {
524 mRv = MapSECStatus(PK11_Sign(mPrivateKey, &sig, &hashItem));
525 }
526 if (NS_SUCCEEDED(mRv)) {
527 mRv = Base64URLEncode(sig.len, sig.data,
528 Base64URLEncodePaddingPolicy::Include,
529 mSignature);
530 }
531 SECITEM_FreeItem(&sig, false);
532 }
533 }
534
535 NS_DispatchToMainThread(this);
536 } else {
537 // Back on Main Thread
538 (void) mCallback->SignFinished(mRv, mSignature);
539 }
540
541 return NS_OK;
542 }
543
544 // XPCOM module registration
545
546 NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(IdentityCryptoService, Init)
547
548 #define NS_IDENTITYCRYPTOSERVICE_CID \
549 {0xbea13a3a, 0x44e8, 0x4d7f, {0xa0, 0xa2, 0x2c, 0x67, 0xf8, 0x4e, 0x3a, 0x97}}
550
551 NS_DEFINE_NAMED_CID(NS_IDENTITYCRYPTOSERVICE_CID);
552
553 const mozilla::Module::CIDEntry kCIDs[] = {
554 { &kNS_IDENTITYCRYPTOSERVICE_CID, false, nullptr, IdentityCryptoServiceConstructor },
555 { nullptr }
556 };
557
558 const mozilla::Module::ContractIDEntry kContracts[] = {
559 { "@mozilla.org/identity/crypto-service;1", &kNS_IDENTITYCRYPTOSERVICE_CID },
560 { nullptr }
561 };
562
563 const mozilla::Module kModule = {
564 mozilla::Module::kVersion,
565 kCIDs,
566 kContracts
567 };
568
569 } // unnamed namespace
570
571 NSMODULE_DEFN(identity) = &kModule;
572