OLD | NEW |
---|---|
1 /* ***** BEGIN LICENSE BLOCK ***** | 1 /* ***** BEGIN LICENSE BLOCK ***** |
2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
3 * | 3 * |
4 * The contents of this file are subject to the Mozilla Public License Version | 4 * The contents of this file are subject to the Mozilla Public License Version |
5 * 1.1 (the "License"); you may not use this file except in compliance with | 5 * 1.1 (the "License"); you may not use this file except in compliance with |
6 * the License. You may obtain a copy of the License at | 6 * the License. You may obtain a copy of the License at |
7 * http://www.mozilla.org/MPL/ | 7 * http://www.mozilla.org/MPL/ |
8 * | 8 * |
9 * Software distributed under the License is distributed on an "AS IS" basis, | 9 * Software distributed under the License is distributed on an "AS IS" basis, |
10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License | 10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License |
(...skipping 209 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
220 ** This is a "session" (temporary), not "token" (permanent) key. | 220 ** This is a "session" (temporary), not "token" (permanent) key. |
221 ** Because of the high probability that this key will need to be moved to | 221 ** Because of the high probability that this key will need to be moved to |
222 ** another token, and the high cost of moving "sensitive" keys, we attempt | 222 ** another token, and the high cost of moving "sensitive" keys, we attempt |
223 ** to create this key pair without the "sensitive" attribute, but revert to | 223 ** to create this key pair without the "sensitive" attribute, but revert to |
224 ** creating a "sensitive" key if necessary. | 224 ** creating a "sensitive" key if necessary. |
225 */ | 225 */ |
226 SECKEYPrivateKey * | 226 SECKEYPrivateKey * |
227 SECKEY_CreateDHPrivateKey(SECKEYDHParams *param, SECKEYPublicKey **pubk, void *c x) | 227 SECKEY_CreateDHPrivateKey(SECKEYDHParams *param, SECKEYPublicKey **pubk, void *c x) |
228 { | 228 { |
229 SECKEYPrivateKey *privk; | 229 SECKEYPrivateKey *privk; |
230 PK11SlotInfo *slot = PK11_GetBestSlot(CKM_DH_PKCS_KEY_PAIR_GEN,cx); | 230 PK11SlotInfo *slot; |
231 | |
232 if (!param || !param->base.data || !param->prime.data || | |
wtc
2010/08/10 00:24:30
This is a DH key size check. Without the DH key s
| |
233 param->prime.len < 512/8 || param->base.len == 0 || | |
234 param->base.len > param->prime.len + 1 || | |
235 » (param->base.len == 1 && param->base.data[0] == 0)) { | |
236 » PORT_SetError(SEC_ERROR_INVALID_ARGS); | |
237 » return NULL; | |
238 } | |
239 | |
240 slot = PK11_GetBestSlot(CKM_DH_PKCS_KEY_PAIR_GEN,cx); | |
231 if (!slot) { | 241 if (!slot) { |
232 return NULL; | 242 return NULL; |
233 } | 243 } |
234 | 244 |
235 privk = PK11_GenerateKeyPair(slot, CKM_DH_PKCS_KEY_PAIR_GEN, param, | 245 privk = PK11_GenerateKeyPair(slot, CKM_DH_PKCS_KEY_PAIR_GEN, param, |
236 pubk, PR_FALSE, PR_FALSE, cx); | 246 pubk, PR_FALSE, PR_FALSE, cx); |
237 if (!privk) | 247 if (!privk) |
238 privk = PK11_GenerateKeyPair(slot, CKM_DH_PKCS_KEY_PAIR_GEN, param, | 248 privk = PK11_GenerateKeyPair(slot, CKM_DH_PKCS_KEY_PAIR_GEN, param, |
239 pubk, PR_FALSE, PR_TRUE, cx); | 249 pubk, PR_FALSE, PR_TRUE, cx); |
240 | 250 |
(...skipping 626 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
867 if (pubk->u.fortezza.clearance.data == NULL) { | 877 if (pubk->u.fortezza.clearance.data == NULL) { |
868 return SECFailure; | 878 return SECFailure; |
869 } | 879 } |
870 PORT_Memcpy(pubk->u.fortezza.clearance.data,clearptr, | 880 PORT_Memcpy(pubk->u.fortezza.clearance.data,clearptr, |
871 pubk->u.fortezza.clearance.len); | 881 pubk->u.fortezza.clearance.len); |
872 | 882 |
873 /* KEAPrivilege (the string up to the first byte with the hi-bit on */ | 883 /* KEAPrivilege (the string up to the first byte with the hi-bit on */ |
874 clearptr = rawptr; | 884 clearptr = rawptr; |
875 while ((rawptr < end) && (*rawptr++ & 0x80)); | 885 while ((rawptr < end) && (*rawptr++ & 0x80)); |
876 if (rawptr >= end) { return SECFailure; } | 886 if (rawptr >= end) { return SECFailure; } |
877 » pubk->u.fortezza.KEApriviledge.len = rawptr - clearptr; | 887 » pubk->u.fortezza.KEAprivilege.len = rawptr - clearptr; |
878 » pubk->u.fortezza.KEApriviledge.data = | 888 » pubk->u.fortezza.KEAprivilege.data = |
879 » » (unsigned char*)PORT_ArenaZAlloc(arena,pubk->u.fortezza.KEAprivi ledge.len); | 889 » » (unsigned char*)PORT_ArenaZAlloc(arena,pubk->u.fortezza.KEAprivi lege.len); |
880 » if (pubk->u.fortezza.KEApriviledge.data == NULL) { | 890 » if (pubk->u.fortezza.KEAprivilege.data == NULL) { |
881 return SECFailure; | 891 return SECFailure; |
882 } | 892 } |
883 » PORT_Memcpy(pubk->u.fortezza.KEApriviledge.data,clearptr, | 893 » PORT_Memcpy(pubk->u.fortezza.KEAprivilege.data,clearptr, |
884 » » » » pubk->u.fortezza.KEApriviledge.len); | 894 » » » » pubk->u.fortezza.KEAprivilege.len); |
885 | 895 |
886 | 896 |
887 /* now copy the key. The next to bytes are the key length, and the | 897 /* now copy the key. The next to bytes are the key length, and the |
888 * key follows */ | 898 * key follows */ |
889 pubk->u.fortezza.KEAKey.len = (*rawptr << 8) | rawptr[1]; | 899 pubk->u.fortezza.KEAKey.len = (*rawptr << 8) | rawptr[1]; |
890 | 900 |
891 rawptr += 2; | 901 rawptr += 2; |
892 if (rawptr+pubk->u.fortezza.KEAKey.len > end) { return SECFailure; } | 902 if (rawptr+pubk->u.fortezza.KEAKey.len > end) { return SECFailure; } |
893 pubk->u.fortezza.KEAKey.data = | 903 pubk->u.fortezza.KEAKey.data = |
894 (unsigned char*)PORT_ArenaZAlloc(arena,pubk->u.fortezza. KEAKey.len); | 904 (unsigned char*)PORT_ArenaZAlloc(arena,pubk->u.fortezza. KEAKey.len); |
895 if (pubk->u.fortezza.KEAKey.data == NULL) { | 905 if (pubk->u.fortezza.KEAKey.data == NULL) { |
896 return SECFailure; | 906 return SECFailure; |
897 } | 907 } |
898 PORT_Memcpy(pubk->u.fortezza.KEAKey.data,rawptr, | 908 PORT_Memcpy(pubk->u.fortezza.KEAKey.data,rawptr, |
899 pubk->u.fortezza.KEAKey.len); | 909 pubk->u.fortezza.KEAKey.len); |
900 rawptr += pubk->u.fortezza.KEAKey.len; | 910 rawptr += pubk->u.fortezza.KEAKey.len; |
901 | 911 |
902 /* shared key */ | 912 /* shared key */ |
903 if (rawptr >= end) { | 913 if (rawptr >= end) { |
904 pubk->u.fortezza.DSSKey.len = pubk->u.fortezza.KEAKey.len; | 914 pubk->u.fortezza.DSSKey.len = pubk->u.fortezza.KEAKey.len; |
905 /* this depends on the fact that we are going to get freed with an | 915 /* this depends on the fact that we are going to get freed with an |
906 * ArenaFree call. We cannot free DSSKey and KEAKey separately */ | 916 * ArenaFree call. We cannot free DSSKey and KEAKey separately */ |
907 pubk->u.fortezza.DSSKey.data= | 917 pubk->u.fortezza.DSSKey.data= |
908 pubk->u.fortezza.KEAKey.data; | 918 pubk->u.fortezza.KEAKey.data; |
909 » pubk->u.fortezza.DSSpriviledge.len = | 919 » pubk->u.fortezza.DSSprivilege.len = |
910 » » » » pubk->u.fortezza.KEApriviledge.len; | 920 » » » » pubk->u.fortezza.KEAprivilege.len; |
911 » pubk->u.fortezza.DSSpriviledge.data = | 921 » pubk->u.fortezza.DSSprivilege.data = |
912 » » » pubk->u.fortezza.DSSpriviledge.data; | 922 » » » pubk->u.fortezza.DSSprivilege.data; |
913 goto done; | 923 goto done; |
914 } | 924 } |
915 | 925 |
916 | 926 |
917 /* DSS Version is next */ | 927 /* DSS Version is next */ |
918 pubk->u.fortezza.DSSversion = *rawptr++; | 928 pubk->u.fortezza.DSSversion = *rawptr++; |
919 | 929 |
920 if (*rawptr++ != 2) { | 930 if (*rawptr++ != 2) { |
921 return SECFailure; | 931 return SECFailure; |
922 } | 932 } |
923 | 933 |
924 /* DSSPrivilege (the string up to the first byte with the hi-bit on */ | 934 /* DSSPrivilege (the string up to the first byte with the hi-bit on */ |
925 clearptr = rawptr; | 935 clearptr = rawptr; |
926 while ((rawptr < end) && (*rawptr++ & 0x80)); | 936 while ((rawptr < end) && (*rawptr++ & 0x80)); |
927 if (rawptr >= end) { return SECFailure; } | 937 if (rawptr >= end) { return SECFailure; } |
928 » pubk->u.fortezza.DSSpriviledge.len = rawptr - clearptr; | 938 » pubk->u.fortezza.DSSprivilege.len = rawptr - clearptr; |
929 » pubk->u.fortezza.DSSpriviledge.data = | 939 » pubk->u.fortezza.DSSprivilege.data = |
930 » » (unsigned char*)PORT_ArenaZAlloc(arena,pubk->u.fortezza.DSSprivi ledge.len); | 940 » » (unsigned char*)PORT_ArenaZAlloc(arena,pubk->u.fortezza.DSSprivi lege.len); |
931 » if (pubk->u.fortezza.DSSpriviledge.data == NULL) { | 941 » if (pubk->u.fortezza.DSSprivilege.data == NULL) { |
932 return SECFailure; | 942 return SECFailure; |
933 } | 943 } |
934 » PORT_Memcpy(pubk->u.fortezza.DSSpriviledge.data,clearptr, | 944 » PORT_Memcpy(pubk->u.fortezza.DSSprivilege.data,clearptr, |
935 » » » » pubk->u.fortezza.DSSpriviledge.len); | 945 » » » » pubk->u.fortezza.DSSprivilege.len); |
936 | 946 |
937 /* finally copy the DSS key. The next to bytes are the key length, | 947 /* finally copy the DSS key. The next to bytes are the key length, |
938 * and the key follows */ | 948 * and the key follows */ |
939 pubk->u.fortezza.DSSKey.len = (*rawptr << 8) | rawptr[1]; | 949 pubk->u.fortezza.DSSKey.len = (*rawptr << 8) | rawptr[1]; |
940 | 950 |
941 rawptr += 2; | 951 rawptr += 2; |
942 if (rawptr+pubk->u.fortezza.DSSKey.len > end){ return SECFailure; } | 952 if (rawptr+pubk->u.fortezza.DSSKey.len > end){ return SECFailure; } |
943 pubk->u.fortezza.DSSKey.data = | 953 pubk->u.fortezza.DSSKey.data = |
944 (unsigned char*)PORT_ArenaZAlloc(arena,pubk->u.fortezza. DSSKey.len); | 954 (unsigned char*)PORT_ArenaZAlloc(arena,pubk->u.fortezza. DSSKey.len); |
945 if (pubk->u.fortezza.DSSKey.data == NULL) { | 955 if (pubk->u.fortezza.DSSKey.data == NULL) { |
(...skipping 12 matching lines...) Expand all Loading... | |
958 /* Function used to make an oid tag to a key type */ | 968 /* Function used to make an oid tag to a key type */ |
959 KeyType | 969 KeyType |
960 seckey_GetKeyType (SECOidTag tag) { | 970 seckey_GetKeyType (SECOidTag tag) { |
961 KeyType keyType; | 971 KeyType keyType; |
962 | 972 |
963 switch (tag) { | 973 switch (tag) { |
964 case SEC_OID_X500_RSA_ENCRYPTION: | 974 case SEC_OID_X500_RSA_ENCRYPTION: |
965 case SEC_OID_PKCS1_RSA_ENCRYPTION: | 975 case SEC_OID_PKCS1_RSA_ENCRYPTION: |
966 keyType = rsaKey; | 976 keyType = rsaKey; |
967 break; | 977 break; |
978 case SEC_OID_PKCS1_RSA_PSS_SIGNATURE: | |
979 keyType = rsaPssKey; | |
980 break; | |
981 case SEC_OID_PKCS1_RSA_OAEP_ENCRYPTION: | |
982 keyType = rsaOaepKey; | |
983 break; | |
968 case SEC_OID_ANSIX9_DSA_SIGNATURE: | 984 case SEC_OID_ANSIX9_DSA_SIGNATURE: |
969 keyType = dsaKey; | 985 keyType = dsaKey; |
970 break; | 986 break; |
971 case SEC_OID_MISSI_KEA_DSS_OLD: | 987 case SEC_OID_MISSI_KEA_DSS_OLD: |
972 case SEC_OID_MISSI_KEA_DSS: | 988 case SEC_OID_MISSI_KEA_DSS: |
973 case SEC_OID_MISSI_DSS_OLD: | 989 case SEC_OID_MISSI_DSS_OLD: |
974 case SEC_OID_MISSI_DSS: | 990 case SEC_OID_MISSI_DSS: |
975 keyType = fortezzaKey; | 991 keyType = fortezzaKey; |
976 break; | 992 break; |
977 case SEC_OID_MISSI_KEA: | 993 case SEC_OID_MISSI_KEA: |
(...skipping 481 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1459 | 1475 |
1460 /* returns key strength in bytes (not bits) */ | 1476 /* returns key strength in bytes (not bits) */ |
1461 unsigned | 1477 unsigned |
1462 SECKEY_PublicKeyStrength(const SECKEYPublicKey *pubk) | 1478 SECKEY_PublicKeyStrength(const SECKEYPublicKey *pubk) |
1463 { | 1479 { |
1464 unsigned char b0; | 1480 unsigned char b0; |
1465 unsigned size; | 1481 unsigned size; |
1466 | 1482 |
1467 /* interpret modulus length as key strength... in | 1483 /* interpret modulus length as key strength... in |
1468 * fortezza that's the public key length */ | 1484 * fortezza that's the public key length */ |
1469 | 1485 if (!pubk) |
1486 » goto loser; | |
1470 switch (pubk->keyType) { | 1487 switch (pubk->keyType) { |
1471 case rsaKey: | 1488 case rsaKey: |
1489 if (!pubk->u.rsa.modulus.data) break; | |
1472 b0 = pubk->u.rsa.modulus.data[0]; | 1490 b0 = pubk->u.rsa.modulus.data[0]; |
1473 return b0 ? pubk->u.rsa.modulus.len : pubk->u.rsa.modulus.len - 1; | 1491 return b0 ? pubk->u.rsa.modulus.len : pubk->u.rsa.modulus.len - 1; |
1474 case dsaKey: | 1492 case dsaKey: |
1493 if (!pubk->u.dsa.publicValue.data) break; | |
1475 b0 = pubk->u.dsa.publicValue.data[0]; | 1494 b0 = pubk->u.dsa.publicValue.data[0]; |
1476 return b0 ? pubk->u.dsa.publicValue.len : | 1495 return b0 ? pubk->u.dsa.publicValue.len : |
1477 pubk->u.dsa.publicValue.len - 1; | 1496 pubk->u.dsa.publicValue.len - 1; |
1478 case dhKey: | 1497 case dhKey: |
1498 if (!pubk->u.dh.publicValue.data) break; | |
1479 b0 = pubk->u.dh.publicValue.data[0]; | 1499 b0 = pubk->u.dh.publicValue.data[0]; |
1480 return b0 ? pubk->u.dh.publicValue.len : | 1500 return b0 ? pubk->u.dh.publicValue.len : |
1481 pubk->u.dh.publicValue.len - 1; | 1501 pubk->u.dh.publicValue.len - 1; |
1482 case fortezzaKey: | 1502 case fortezzaKey: |
1483 return PR_MAX(pubk->u.fortezza.KEAKey.len, pubk->u.fortezza.DSSKey.len); | 1503 return PR_MAX(pubk->u.fortezza.KEAKey.len, pubk->u.fortezza.DSSKey.len); |
1484 case ecKey: | 1504 case ecKey: |
1485 /* Get the key size in bits and adjust */ | 1505 /* Get the key size in bits and adjust */ |
1486 size = SECKEY_ECParamsToKeySize(&pubk->u.ec.DEREncodedParams); | 1506 size = SECKEY_ECParamsToKeySize(&pubk->u.ec.DEREncodedParams); |
1487 return (size + 7)/8; | 1507 return (size + 7)/8; |
1488 default: | 1508 default: |
1489 break; | 1509 break; |
1490 } | 1510 } |
1511 loser: | |
1491 PORT_SetError(SEC_ERROR_INVALID_KEY); | 1512 PORT_SetError(SEC_ERROR_INVALID_KEY); |
1492 return 0; | 1513 return 0; |
1493 } | 1514 } |
1494 | 1515 |
1495 /* returns key strength in bits */ | 1516 /* returns key strength in bits */ |
1496 unsigned | 1517 unsigned |
1497 SECKEY_PublicKeyStrengthInBits(const SECKEYPublicKey *pubk) | 1518 SECKEY_PublicKeyStrengthInBits(const SECKEYPublicKey *pubk) |
1498 { | 1519 { |
1499 unsigned size; | 1520 unsigned size; |
1500 switch (pubk->keyType) { | 1521 switch (pubk->keyType) { |
(...skipping 146 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1647 &pubk->u.kea.params.hash); | 1668 &pubk->u.kea.params.hash); |
1648 break; | 1669 break; |
1649 case fortezzaKey: | 1670 case fortezzaKey: |
1650 copyk->u.fortezza.KEAversion = pubk->u.fortezza.KEAversion; | 1671 copyk->u.fortezza.KEAversion = pubk->u.fortezza.KEAversion; |
1651 copyk->u.fortezza.DSSversion = pubk->u.fortezza.DSSversion; | 1672 copyk->u.fortezza.DSSversion = pubk->u.fortezza.DSSversion; |
1652 PORT_Memcpy(copyk->u.fortezza.KMID, pubk->u.fortezza.KMID, | 1673 PORT_Memcpy(copyk->u.fortezza.KMID, pubk->u.fortezza.KMID, |
1653 sizeof(pubk->u.fortezza.KMID)); | 1674 sizeof(pubk->u.fortezza.KMID)); |
1654 rv = SECITEM_CopyItem(arena, ©k->u.fortezza.clearance, | 1675 rv = SECITEM_CopyItem(arena, ©k->u.fortezza.clearance, |
1655 &pubk->u.fortezza.clearance); | 1676 &pubk->u.fortezza.clearance); |
1656 if (rv != SECSuccess) break; | 1677 if (rv != SECSuccess) break; |
1657 rv = SECITEM_CopyItem(arena, ©k->u.fortezza.KEApriviledge, | 1678 rv = SECITEM_CopyItem(arena, ©k->u.fortezza.KEAprivilege, |
1658 &pubk->u.fortezza.KEApriviledge); | 1679 &pubk->u.fortezza.KEAprivilege); |
1659 if (rv != SECSuccess) break; | 1680 if (rv != SECSuccess) break; |
1660 rv = SECITEM_CopyItem(arena, ©k->u.fortezza.DSSpriviledge, | 1681 rv = SECITEM_CopyItem(arena, ©k->u.fortezza.DSSprivilege, |
1661 &pubk->u.fortezza.DSSpriviledge); | 1682 &pubk->u.fortezza.DSSprivilege); |
1662 if (rv != SECSuccess) break; | 1683 if (rv != SECSuccess) break; |
1663 rv = SECITEM_CopyItem(arena, ©k->u.fortezza.KEAKey, | 1684 rv = SECITEM_CopyItem(arena, ©k->u.fortezza.KEAKey, |
1664 &pubk->u.fortezza.KEAKey); | 1685 &pubk->u.fortezza.KEAKey); |
1665 if (rv != SECSuccess) break; | 1686 if (rv != SECSuccess) break; |
1666 rv = SECITEM_CopyItem(arena, ©k->u.fortezza.DSSKey, | 1687 rv = SECITEM_CopyItem(arena, ©k->u.fortezza.DSSKey, |
1667 &pubk->u.fortezza.DSSKey); | 1688 &pubk->u.fortezza.DSSKey); |
1668 if (rv != SECSuccess) break; | 1689 if (rv != SECSuccess) break; |
1669 rv = SECITEM_CopyItem(arena, ©k->u.fortezza.params.prime, | 1690 rv = SECITEM_CopyItem(arena, ©k->u.fortezza.params.prime, |
1670 &pubk->u.fortezza.params.prime); | 1691 &pubk->u.fortezza.params.prime); |
1671 if (rv != SECSuccess) break; | 1692 if (rv != SECSuccess) break; |
(...skipping 849 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
2521 SECKEY_CacheStaticFlags(SECKEYPrivateKey* key) | 2542 SECKEY_CacheStaticFlags(SECKEYPrivateKey* key) |
2522 { | 2543 { |
2523 SECStatus rv = SECFailure; | 2544 SECStatus rv = SECFailure; |
2524 if (key && key->pkcs11Slot && key->pkcs11ID) { | 2545 if (key && key->pkcs11Slot && key->pkcs11ID) { |
2525 key->staticflags |= SECKEY_Attributes_Cached; | 2546 key->staticflags |= SECKEY_Attributes_Cached; |
2526 SECKEY_CacheAttribute(key, CKA_PRIVATE); | 2547 SECKEY_CacheAttribute(key, CKA_PRIVATE); |
2527 rv = SECSuccess; | 2548 rv = SECSuccess; |
2528 } | 2549 } |
2529 return rv; | 2550 return rv; |
2530 } | 2551 } |
OLD | NEW |