Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(90)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: nss/mozilla/security/nss/lib/cryptohi/seckey.c

Issue 3135002: Update to NSS 3.12.7 and NSPR 4.8.6.... (Closed) Base URL: svn://chrome-svn/chrome/trunk/deps/third_party/
Patch Set: Created 10 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « nss/mozilla/security/nss/lib/cryptohi/sechash.c ('k') | nss/mozilla/security/nss/lib/cryptohi/secvfy.c » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* ***** BEGIN LICENSE BLOCK ***** 1 /* ***** BEGIN LICENSE BLOCK *****
2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
3 * 3 *
4 * The contents of this file are subject to the Mozilla Public License Version 4 * The contents of this file are subject to the Mozilla Public License Version
5 * 1.1 (the "License"); you may not use this file except in compliance with 5 * 1.1 (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at 6 * the License. You may obtain a copy of the License at
7 * http://www.mozilla.org/MPL/ 7 * http://www.mozilla.org/MPL/
8 * 8 *
9 * Software distributed under the License is distributed on an "AS IS" basis, 9 * Software distributed under the License is distributed on an "AS IS" basis,
10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License 10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
(...skipping 209 matching lines...) Expand 10 before | Expand all | Expand 10 after
220 ** This is a "session" (temporary), not "token" (permanent) key. 220 ** This is a "session" (temporary), not "token" (permanent) key.
221 ** Because of the high probability that this key will need to be moved to 221 ** Because of the high probability that this key will need to be moved to
222 ** another token, and the high cost of moving "sensitive" keys, we attempt 222 ** another token, and the high cost of moving "sensitive" keys, we attempt
223 ** to create this key pair without the "sensitive" attribute, but revert to 223 ** to create this key pair without the "sensitive" attribute, but revert to
224 ** creating a "sensitive" key if necessary. 224 ** creating a "sensitive" key if necessary.
225 */ 225 */
226 SECKEYPrivateKey * 226 SECKEYPrivateKey *
227 SECKEY_CreateDHPrivateKey(SECKEYDHParams *param, SECKEYPublicKey **pubk, void *c x) 227 SECKEY_CreateDHPrivateKey(SECKEYDHParams *param, SECKEYPublicKey **pubk, void *c x)
228 { 228 {
229 SECKEYPrivateKey *privk; 229 SECKEYPrivateKey *privk;
230 PK11SlotInfo *slot = PK11_GetBestSlot(CKM_DH_PKCS_KEY_PAIR_GEN,cx); 230 PK11SlotInfo *slot;
231
232 if (!param || !param->base.data || !param->prime.data ||
wtc 2010/08/10 00:24:30 This is a DH key size check. Without the DH key s
233 param->prime.len < 512/8 || param->base.len == 0 ||
234 param->base.len > param->prime.len + 1 ||
235 » (param->base.len == 1 && param->base.data[0] == 0)) {
236 » PORT_SetError(SEC_ERROR_INVALID_ARGS);
237 » return NULL;
238 }
239
240 slot = PK11_GetBestSlot(CKM_DH_PKCS_KEY_PAIR_GEN,cx);
231 if (!slot) { 241 if (!slot) {
232 return NULL; 242 return NULL;
233 } 243 }
234 244
235 privk = PK11_GenerateKeyPair(slot, CKM_DH_PKCS_KEY_PAIR_GEN, param, 245 privk = PK11_GenerateKeyPair(slot, CKM_DH_PKCS_KEY_PAIR_GEN, param,
236 pubk, PR_FALSE, PR_FALSE, cx); 246 pubk, PR_FALSE, PR_FALSE, cx);
237 if (!privk) 247 if (!privk)
238 privk = PK11_GenerateKeyPair(slot, CKM_DH_PKCS_KEY_PAIR_GEN, param, 248 privk = PK11_GenerateKeyPair(slot, CKM_DH_PKCS_KEY_PAIR_GEN, param,
239 pubk, PR_FALSE, PR_TRUE, cx); 249 pubk, PR_FALSE, PR_TRUE, cx);
240 250
(...skipping 626 matching lines...) Expand 10 before | Expand all | Expand 10 after
867 if (pubk->u.fortezza.clearance.data == NULL) { 877 if (pubk->u.fortezza.clearance.data == NULL) {
868 return SECFailure; 878 return SECFailure;
869 } 879 }
870 PORT_Memcpy(pubk->u.fortezza.clearance.data,clearptr, 880 PORT_Memcpy(pubk->u.fortezza.clearance.data,clearptr,
871 pubk->u.fortezza.clearance.len); 881 pubk->u.fortezza.clearance.len);
872 882
873 /* KEAPrivilege (the string up to the first byte with the hi-bit on */ 883 /* KEAPrivilege (the string up to the first byte with the hi-bit on */
874 clearptr = rawptr; 884 clearptr = rawptr;
875 while ((rawptr < end) && (*rawptr++ & 0x80)); 885 while ((rawptr < end) && (*rawptr++ & 0x80));
876 if (rawptr >= end) { return SECFailure; } 886 if (rawptr >= end) { return SECFailure; }
877 » pubk->u.fortezza.KEApriviledge.len = rawptr - clearptr; 887 » pubk->u.fortezza.KEAprivilege.len = rawptr - clearptr;
878 » pubk->u.fortezza.KEApriviledge.data = 888 » pubk->u.fortezza.KEAprivilege.data =
879 » » (unsigned char*)PORT_ArenaZAlloc(arena,pubk->u.fortezza.KEAprivi ledge.len); 889 » » (unsigned char*)PORT_ArenaZAlloc(arena,pubk->u.fortezza.KEAprivi lege.len);
880 » if (pubk->u.fortezza.KEApriviledge.data == NULL) { 890 » if (pubk->u.fortezza.KEAprivilege.data == NULL) {
881 return SECFailure; 891 return SECFailure;
882 } 892 }
883 » PORT_Memcpy(pubk->u.fortezza.KEApriviledge.data,clearptr, 893 » PORT_Memcpy(pubk->u.fortezza.KEAprivilege.data,clearptr,
884 » » » » pubk->u.fortezza.KEApriviledge.len); 894 » » » » pubk->u.fortezza.KEAprivilege.len);
885 895
886 896
887 /* now copy the key. The next to bytes are the key length, and the 897 /* now copy the key. The next to bytes are the key length, and the
888 * key follows */ 898 * key follows */
889 pubk->u.fortezza.KEAKey.len = (*rawptr << 8) | rawptr[1]; 899 pubk->u.fortezza.KEAKey.len = (*rawptr << 8) | rawptr[1];
890 900
891 rawptr += 2; 901 rawptr += 2;
892 if (rawptr+pubk->u.fortezza.KEAKey.len > end) { return SECFailure; } 902 if (rawptr+pubk->u.fortezza.KEAKey.len > end) { return SECFailure; }
893 pubk->u.fortezza.KEAKey.data = 903 pubk->u.fortezza.KEAKey.data =
894 (unsigned char*)PORT_ArenaZAlloc(arena,pubk->u.fortezza. KEAKey.len); 904 (unsigned char*)PORT_ArenaZAlloc(arena,pubk->u.fortezza. KEAKey.len);
895 if (pubk->u.fortezza.KEAKey.data == NULL) { 905 if (pubk->u.fortezza.KEAKey.data == NULL) {
896 return SECFailure; 906 return SECFailure;
897 } 907 }
898 PORT_Memcpy(pubk->u.fortezza.KEAKey.data,rawptr, 908 PORT_Memcpy(pubk->u.fortezza.KEAKey.data,rawptr,
899 pubk->u.fortezza.KEAKey.len); 909 pubk->u.fortezza.KEAKey.len);
900 rawptr += pubk->u.fortezza.KEAKey.len; 910 rawptr += pubk->u.fortezza.KEAKey.len;
901 911
902 /* shared key */ 912 /* shared key */
903 if (rawptr >= end) { 913 if (rawptr >= end) {
904 pubk->u.fortezza.DSSKey.len = pubk->u.fortezza.KEAKey.len; 914 pubk->u.fortezza.DSSKey.len = pubk->u.fortezza.KEAKey.len;
905 /* this depends on the fact that we are going to get freed with an 915 /* this depends on the fact that we are going to get freed with an
906 * ArenaFree call. We cannot free DSSKey and KEAKey separately */ 916 * ArenaFree call. We cannot free DSSKey and KEAKey separately */
907 pubk->u.fortezza.DSSKey.data= 917 pubk->u.fortezza.DSSKey.data=
908 pubk->u.fortezza.KEAKey.data; 918 pubk->u.fortezza.KEAKey.data;
909 » pubk->u.fortezza.DSSpriviledge.len = 919 » pubk->u.fortezza.DSSprivilege.len =
910 » » » » pubk->u.fortezza.KEApriviledge.len; 920 » » » » pubk->u.fortezza.KEAprivilege.len;
911 » pubk->u.fortezza.DSSpriviledge.data = 921 » pubk->u.fortezza.DSSprivilege.data =
912 » » » pubk->u.fortezza.DSSpriviledge.data; 922 » » » pubk->u.fortezza.DSSprivilege.data;
913 goto done; 923 goto done;
914 } 924 }
915 925
916 926
917 /* DSS Version is next */ 927 /* DSS Version is next */
918 pubk->u.fortezza.DSSversion = *rawptr++; 928 pubk->u.fortezza.DSSversion = *rawptr++;
919 929
920 if (*rawptr++ != 2) { 930 if (*rawptr++ != 2) {
921 return SECFailure; 931 return SECFailure;
922 } 932 }
923 933
924 /* DSSPrivilege (the string up to the first byte with the hi-bit on */ 934 /* DSSPrivilege (the string up to the first byte with the hi-bit on */
925 clearptr = rawptr; 935 clearptr = rawptr;
926 while ((rawptr < end) && (*rawptr++ & 0x80)); 936 while ((rawptr < end) && (*rawptr++ & 0x80));
927 if (rawptr >= end) { return SECFailure; } 937 if (rawptr >= end) { return SECFailure; }
928 » pubk->u.fortezza.DSSpriviledge.len = rawptr - clearptr; 938 » pubk->u.fortezza.DSSprivilege.len = rawptr - clearptr;
929 » pubk->u.fortezza.DSSpriviledge.data = 939 » pubk->u.fortezza.DSSprivilege.data =
930 » » (unsigned char*)PORT_ArenaZAlloc(arena,pubk->u.fortezza.DSSprivi ledge.len); 940 » » (unsigned char*)PORT_ArenaZAlloc(arena,pubk->u.fortezza.DSSprivi lege.len);
931 » if (pubk->u.fortezza.DSSpriviledge.data == NULL) { 941 » if (pubk->u.fortezza.DSSprivilege.data == NULL) {
932 return SECFailure; 942 return SECFailure;
933 } 943 }
934 » PORT_Memcpy(pubk->u.fortezza.DSSpriviledge.data,clearptr, 944 » PORT_Memcpy(pubk->u.fortezza.DSSprivilege.data,clearptr,
935 » » » » pubk->u.fortezza.DSSpriviledge.len); 945 » » » » pubk->u.fortezza.DSSprivilege.len);
936 946
937 /* finally copy the DSS key. The next to bytes are the key length, 947 /* finally copy the DSS key. The next to bytes are the key length,
938 * and the key follows */ 948 * and the key follows */
939 pubk->u.fortezza.DSSKey.len = (*rawptr << 8) | rawptr[1]; 949 pubk->u.fortezza.DSSKey.len = (*rawptr << 8) | rawptr[1];
940 950
941 rawptr += 2; 951 rawptr += 2;
942 if (rawptr+pubk->u.fortezza.DSSKey.len > end){ return SECFailure; } 952 if (rawptr+pubk->u.fortezza.DSSKey.len > end){ return SECFailure; }
943 pubk->u.fortezza.DSSKey.data = 953 pubk->u.fortezza.DSSKey.data =
944 (unsigned char*)PORT_ArenaZAlloc(arena,pubk->u.fortezza. DSSKey.len); 954 (unsigned char*)PORT_ArenaZAlloc(arena,pubk->u.fortezza. DSSKey.len);
945 if (pubk->u.fortezza.DSSKey.data == NULL) { 955 if (pubk->u.fortezza.DSSKey.data == NULL) {
(...skipping 12 matching lines...) Expand all
958 /* Function used to make an oid tag to a key type */ 968 /* Function used to make an oid tag to a key type */
959 KeyType 969 KeyType
960 seckey_GetKeyType (SECOidTag tag) { 970 seckey_GetKeyType (SECOidTag tag) {
961 KeyType keyType; 971 KeyType keyType;
962 972
963 switch (tag) { 973 switch (tag) {
964 case SEC_OID_X500_RSA_ENCRYPTION: 974 case SEC_OID_X500_RSA_ENCRYPTION:
965 case SEC_OID_PKCS1_RSA_ENCRYPTION: 975 case SEC_OID_PKCS1_RSA_ENCRYPTION:
966 keyType = rsaKey; 976 keyType = rsaKey;
967 break; 977 break;
978 case SEC_OID_PKCS1_RSA_PSS_SIGNATURE:
979 keyType = rsaPssKey;
980 break;
981 case SEC_OID_PKCS1_RSA_OAEP_ENCRYPTION:
982 keyType = rsaOaepKey;
983 break;
968 case SEC_OID_ANSIX9_DSA_SIGNATURE: 984 case SEC_OID_ANSIX9_DSA_SIGNATURE:
969 keyType = dsaKey; 985 keyType = dsaKey;
970 break; 986 break;
971 case SEC_OID_MISSI_KEA_DSS_OLD: 987 case SEC_OID_MISSI_KEA_DSS_OLD:
972 case SEC_OID_MISSI_KEA_DSS: 988 case SEC_OID_MISSI_KEA_DSS:
973 case SEC_OID_MISSI_DSS_OLD: 989 case SEC_OID_MISSI_DSS_OLD:
974 case SEC_OID_MISSI_DSS: 990 case SEC_OID_MISSI_DSS:
975 keyType = fortezzaKey; 991 keyType = fortezzaKey;
976 break; 992 break;
977 case SEC_OID_MISSI_KEA: 993 case SEC_OID_MISSI_KEA:
(...skipping 481 matching lines...) Expand 10 before | Expand all | Expand 10 after
1459 1475
1460 /* returns key strength in bytes (not bits) */ 1476 /* returns key strength in bytes (not bits) */
1461 unsigned 1477 unsigned
1462 SECKEY_PublicKeyStrength(const SECKEYPublicKey *pubk) 1478 SECKEY_PublicKeyStrength(const SECKEYPublicKey *pubk)
1463 { 1479 {
1464 unsigned char b0; 1480 unsigned char b0;
1465 unsigned size; 1481 unsigned size;
1466 1482
1467 /* interpret modulus length as key strength... in 1483 /* interpret modulus length as key strength... in
1468 * fortezza that's the public key length */ 1484 * fortezza that's the public key length */
1469 1485 if (!pubk)
1486 » goto loser;
1470 switch (pubk->keyType) { 1487 switch (pubk->keyType) {
1471 case rsaKey: 1488 case rsaKey:
1489 if (!pubk->u.rsa.modulus.data) break;
1472 b0 = pubk->u.rsa.modulus.data[0]; 1490 b0 = pubk->u.rsa.modulus.data[0];
1473 return b0 ? pubk->u.rsa.modulus.len : pubk->u.rsa.modulus.len - 1; 1491 return b0 ? pubk->u.rsa.modulus.len : pubk->u.rsa.modulus.len - 1;
1474 case dsaKey: 1492 case dsaKey:
1493 if (!pubk->u.dsa.publicValue.data) break;
1475 b0 = pubk->u.dsa.publicValue.data[0]; 1494 b0 = pubk->u.dsa.publicValue.data[0];
1476 return b0 ? pubk->u.dsa.publicValue.len : 1495 return b0 ? pubk->u.dsa.publicValue.len :
1477 pubk->u.dsa.publicValue.len - 1; 1496 pubk->u.dsa.publicValue.len - 1;
1478 case dhKey: 1497 case dhKey:
1498 if (!pubk->u.dh.publicValue.data) break;
1479 b0 = pubk->u.dh.publicValue.data[0]; 1499 b0 = pubk->u.dh.publicValue.data[0];
1480 return b0 ? pubk->u.dh.publicValue.len : 1500 return b0 ? pubk->u.dh.publicValue.len :
1481 pubk->u.dh.publicValue.len - 1; 1501 pubk->u.dh.publicValue.len - 1;
1482 case fortezzaKey: 1502 case fortezzaKey:
1483 return PR_MAX(pubk->u.fortezza.KEAKey.len, pubk->u.fortezza.DSSKey.len); 1503 return PR_MAX(pubk->u.fortezza.KEAKey.len, pubk->u.fortezza.DSSKey.len);
1484 case ecKey: 1504 case ecKey:
1485 /* Get the key size in bits and adjust */ 1505 /* Get the key size in bits and adjust */
1486 size = SECKEY_ECParamsToKeySize(&pubk->u.ec.DEREncodedParams); 1506 size = SECKEY_ECParamsToKeySize(&pubk->u.ec.DEREncodedParams);
1487 return (size + 7)/8; 1507 return (size + 7)/8;
1488 default: 1508 default:
1489 break; 1509 break;
1490 } 1510 }
1511 loser:
1491 PORT_SetError(SEC_ERROR_INVALID_KEY); 1512 PORT_SetError(SEC_ERROR_INVALID_KEY);
1492 return 0; 1513 return 0;
1493 } 1514 }
1494 1515
1495 /* returns key strength in bits */ 1516 /* returns key strength in bits */
1496 unsigned 1517 unsigned
1497 SECKEY_PublicKeyStrengthInBits(const SECKEYPublicKey *pubk) 1518 SECKEY_PublicKeyStrengthInBits(const SECKEYPublicKey *pubk)
1498 { 1519 {
1499 unsigned size; 1520 unsigned size;
1500 switch (pubk->keyType) { 1521 switch (pubk->keyType) {
(...skipping 146 matching lines...) Expand 10 before | Expand all | Expand 10 after
1647 &pubk->u.kea.params.hash); 1668 &pubk->u.kea.params.hash);
1648 break; 1669 break;
1649 case fortezzaKey: 1670 case fortezzaKey:
1650 copyk->u.fortezza.KEAversion = pubk->u.fortezza.KEAversion; 1671 copyk->u.fortezza.KEAversion = pubk->u.fortezza.KEAversion;
1651 copyk->u.fortezza.DSSversion = pubk->u.fortezza.DSSversion; 1672 copyk->u.fortezza.DSSversion = pubk->u.fortezza.DSSversion;
1652 PORT_Memcpy(copyk->u.fortezza.KMID, pubk->u.fortezza.KMID, 1673 PORT_Memcpy(copyk->u.fortezza.KMID, pubk->u.fortezza.KMID,
1653 sizeof(pubk->u.fortezza.KMID)); 1674 sizeof(pubk->u.fortezza.KMID));
1654 rv = SECITEM_CopyItem(arena, &copyk->u.fortezza.clearance, 1675 rv = SECITEM_CopyItem(arena, &copyk->u.fortezza.clearance,
1655 &pubk->u.fortezza.clearance); 1676 &pubk->u.fortezza.clearance);
1656 if (rv != SECSuccess) break; 1677 if (rv != SECSuccess) break;
1657 rv = SECITEM_CopyItem(arena, &copyk->u.fortezza.KEApriviledge, 1678 rv = SECITEM_CopyItem(arena, &copyk->u.fortezza.KEAprivilege,
1658 &pubk->u.fortezza.KEApriviledge); 1679 &pubk->u.fortezza.KEAprivilege);
1659 if (rv != SECSuccess) break; 1680 if (rv != SECSuccess) break;
1660 rv = SECITEM_CopyItem(arena, &copyk->u.fortezza.DSSpriviledge, 1681 rv = SECITEM_CopyItem(arena, &copyk->u.fortezza.DSSprivilege,
1661 &pubk->u.fortezza.DSSpriviledge); 1682 &pubk->u.fortezza.DSSprivilege);
1662 if (rv != SECSuccess) break; 1683 if (rv != SECSuccess) break;
1663 rv = SECITEM_CopyItem(arena, &copyk->u.fortezza.KEAKey, 1684 rv = SECITEM_CopyItem(arena, &copyk->u.fortezza.KEAKey,
1664 &pubk->u.fortezza.KEAKey); 1685 &pubk->u.fortezza.KEAKey);
1665 if (rv != SECSuccess) break; 1686 if (rv != SECSuccess) break;
1666 rv = SECITEM_CopyItem(arena, &copyk->u.fortezza.DSSKey, 1687 rv = SECITEM_CopyItem(arena, &copyk->u.fortezza.DSSKey,
1667 &pubk->u.fortezza.DSSKey); 1688 &pubk->u.fortezza.DSSKey);
1668 if (rv != SECSuccess) break; 1689 if (rv != SECSuccess) break;
1669 rv = SECITEM_CopyItem(arena, &copyk->u.fortezza.params.prime, 1690 rv = SECITEM_CopyItem(arena, &copyk->u.fortezza.params.prime,
1670 &pubk->u.fortezza.params.prime); 1691 &pubk->u.fortezza.params.prime);
1671 if (rv != SECSuccess) break; 1692 if (rv != SECSuccess) break;
(...skipping 849 matching lines...) Expand 10 before | Expand all | Expand 10 after
2521 SECKEY_CacheStaticFlags(SECKEYPrivateKey* key) 2542 SECKEY_CacheStaticFlags(SECKEYPrivateKey* key)
2522 { 2543 {
2523 SECStatus rv = SECFailure; 2544 SECStatus rv = SECFailure;
2524 if (key && key->pkcs11Slot && key->pkcs11ID) { 2545 if (key && key->pkcs11Slot && key->pkcs11ID) {
2525 key->staticflags |= SECKEY_Attributes_Cached; 2546 key->staticflags |= SECKEY_Attributes_Cached;
2526 SECKEY_CacheAttribute(key, CKA_PRIVATE); 2547 SECKEY_CacheAttribute(key, CKA_PRIVATE);
2527 rv = SECSuccess; 2548 rv = SECSuccess;
2528 } 2549 }
2529 return rv; 2550 return rv;
2530 } 2551 }
OLDNEW
« no previous file with comments | « nss/mozilla/security/nss/lib/cryptohi/sechash.c ('k') | nss/mozilla/security/nss/lib/cryptohi/secvfy.c » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698