| OLD | NEW |
|---|
| 1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
| 2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
| 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| 4 /* | 4 /* |
| 5 * This file implements PKCS 11 on top of our existing security modules | 5 * This file implements PKCS 11 on top of our existing security modules |
| 6 * | 6 * |
| 7 * For more information about PKCS 11 See PKCS 11 Token Inteface Standard. | 7 * For more information about PKCS 11 See PKCS 11 Token Inteface Standard. |
| 8 * This implementation has two slots: | 8 * This implementation has two slots: |
| 9 * slot 1 is our generic crypto support. It does not require login. | 9 * slot 1 is our generic crypto support. It does not require login. |
| 10 * It supports Public Key ops, and all they bulk ciphers and hashes. | 10 * It supports Public Key ops, and all they bulk ciphers and hashes. |
| (...skipping 1155 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1166 /* make sure we're legal */ | 1166 /* make sure we're legal */ |
| 1167 crv = sftk_GetContext(hSession,&context,SFTK_DECRYPT,PR_TRUE,&session); | 1167 crv = sftk_GetContext(hSession,&context,SFTK_DECRYPT,PR_TRUE,&session); |
| 1168 if (crv != CKR_OK) return crv; | 1168 if (crv != CKR_OK) return crv; |
| 1169 | 1169 |
| 1170 *pulLastPartLen = 0; | 1170 *pulLastPartLen = 0; |
| 1171 if (!pLastPart) { | 1171 if (!pLastPart) { |
| 1172 /* caller is checking the amount of remaining data */ | 1172 /* caller is checking the amount of remaining data */ |
| 1173 if (context->padDataLength > 0) { | 1173 if (context->padDataLength > 0) { |
| 1174 *pulLastPartLen = context->padDataLength; | 1174 *pulLastPartLen = context->padDataLength; |
| 1175 } | 1175 } |
| 1176 rv = SECSuccess; | |
| 1177 goto finish; | 1176 goto finish; |
| 1178 } | 1177 } |
| 1179 | 1178 |
| 1180 if (context->doPad) { | 1179 if (context->doPad) { |
| 1181 /* decrypt our saved buffer */ | 1180 /* decrypt our saved buffer */ |
| 1182 if (context->padDataLength != 0) { | 1181 if (context->padDataLength != 0) { |
| 1183 /* this assumes that pLastPart is big enough to hold the *whole* | 1182 /* this assumes that pLastPart is big enough to hold the *whole* |
| 1184 * buffer!!! */ | 1183 * buffer!!! */ |
| 1185 rv = (*context->update)(context->cipherInfo, pLastPart, &outlen, | 1184 rv = (*context->update)(context->cipherInfo, pLastPart, &outlen, |
| 1186 maxout, context->padBuf, context->blockSize); | 1185 maxout, context->padBuf, context->blockSize); |
| 1187 » if (rv == SECSuccess) { | 1186 » if (rv != SECSuccess) { |
| 1187 » » crv = sftk_MapDecryptError(PORT_GetError()); |
| 1188 » } else { |
| 1188 unsigned int padSize = | 1189 unsigned int padSize = |
| 1189 (unsigned int) pLastPart[context->blockSize-1]; | 1190 (unsigned int) pLastPart[context->blockSize-1]; |
| 1190 if ((padSize > context->blockSize) || (padSize == 0)) { | 1191 if ((padSize > context->blockSize) || (padSize == 0)) { |
| 1191 » » rv = SECFailure; | 1192 » » crv = CKR_ENCRYPTED_DATA_INVALID; |
| 1192 } else { | 1193 } else { |
| 1193 » » *pulLastPartLen = outlen - padSize; | 1194 » » unsigned int i; |
| 1195 » » unsigned int badPadding = 0; /* used as a boolean */ |
| 1196 » » for (i = 0; i < padSize; i++) { |
| 1197 » » » badPadding |= |
| 1198 » » » (unsigned int) pLastPart[context->blockSize-1-i] ^ |
| 1199 » » » padSize; |
| 1200 » » } |
| 1201 » » if (badPadding) { |
| 1202 » » » crv = CKR_ENCRYPTED_DATA_INVALID; |
| 1203 » » } else { |
| 1204 » » » *pulLastPartLen = outlen - padSize; |
| 1205 » » } |
| 1194 } | 1206 } |
| 1195 } | 1207 } |
| 1196 } | 1208 } |
| 1197 } | 1209 } |
| 1198 | 1210 |
| 1199 sftk_TerminateOp( session, SFTK_DECRYPT, context ); | 1211 sftk_TerminateOp( session, SFTK_DECRYPT, context ); |
| 1200 finish: | 1212 finish: |
| 1201 sftk_FreeSession(session); | 1213 sftk_FreeSession(session); |
| 1202 return (rv == SECSuccess) ? CKR_OK : sftk_MapDecryptError(PORT_GetError()); | 1214 return crv; |
| 1203 } | 1215 } |
| 1204 | 1216 |
| 1205 /* NSC_Decrypt decrypts encrypted data in a single part. */ | 1217 /* NSC_Decrypt decrypts encrypted data in a single part. */ |
| 1206 CK_RV NSC_Decrypt(CK_SESSION_HANDLE hSession, | 1218 CK_RV NSC_Decrypt(CK_SESSION_HANDLE hSession, |
| 1207 CK_BYTE_PTR pEncryptedData,CK_ULONG ulEncryptedDataLen,CK_BYTE_PTR pData, | 1219 CK_BYTE_PTR pEncryptedData,CK_ULONG ulEncryptedDataLen,CK_BYTE_PTR pData, |
| 1208 CK_ULONG_PTR pulDataLen) | 1220 CK_ULONG_PTR pulDataLen) |
| 1209 { | 1221 { |
| 1210 SFTKSession *session; | 1222 SFTKSession *session; |
| 1211 SFTKSessionContext *context; | 1223 SFTKSessionContext *context; |
| 1212 unsigned int outlen; | 1224 unsigned int outlen; |
| (...skipping 29 matching lines...) Expand all Loading... |
| 1242 if (crv2 == CKR_OK) | 1254 if (crv2 == CKR_OK) |
| 1243 *pulDataLen += finalLen; | 1255 *pulDataLen += finalLen; |
| 1244 return crv == CKR_OK ? crv2 : crv; | 1256 return crv == CKR_OK ? crv2 : crv; |
| 1245 } | 1257 } |
| 1246 | 1258 |
| 1247 rv = (*context->update)(context->cipherInfo, pData, &outlen, maxoutlen, | 1259 rv = (*context->update)(context->cipherInfo, pData, &outlen, maxoutlen, |
| 1248 pEncryptedData, ulEncryptedDataLen); | 1260 pEncryptedData, ulEncryptedDataLen); |
| 1249 /* XXX need to do MUCH better error mapping than this. */ | 1261 /* XXX need to do MUCH better error mapping than this. */ |
| 1250 crv = (rv == SECSuccess) ? CKR_OK : sftk_MapDecryptError(PORT_GetError()); | 1262 crv = (rv == SECSuccess) ? CKR_OK : sftk_MapDecryptError(PORT_GetError()); |
| 1251 if (rv == SECSuccess && context->doPad) { | 1263 if (rv == SECSuccess && context->doPad) { |
| 1252 » CK_ULONG padding = pData[outlen - 1]; | 1264 » unsigned int padding = pData[outlen - 1]; |
| 1253 if (padding > context->blockSize || !padding) { | 1265 if (padding > context->blockSize || !padding) { |
| 1254 crv = CKR_ENCRYPTED_DATA_INVALID; | 1266 crv = CKR_ENCRYPTED_DATA_INVALID; |
| 1255 » } else | 1267 » } else { |
| 1256 » outlen -= padding; | 1268 » unsigned int i; |
| 1269 » unsigned int badPadding = 0; /* used as a boolean */ |
| 1270 » for (i = 0; i < padding; i++) { |
| 1271 » » badPadding |= (unsigned int) pData[outlen - 1 - i] ^ padding; |
| 1272 » } |
| 1273 » if (badPadding) { |
| 1274 » » crv = CKR_ENCRYPTED_DATA_INVALID; |
| 1275 » } else { |
| 1276 » » outlen -= padding; |
| 1277 » } |
| 1278 » } |
| 1257 } | 1279 } |
| 1258 *pulDataLen = (CK_ULONG) outlen; | 1280 *pulDataLen = (CK_ULONG) outlen; |
| 1259 sftk_TerminateOp( session, SFTK_DECRYPT, context ); | 1281 sftk_TerminateOp( session, SFTK_DECRYPT, context ); |
| 1260 finish: | 1282 finish: |
| 1261 sftk_FreeSession(session); | 1283 sftk_FreeSession(session); |
| 1262 return crv; | 1284 return crv; |
| 1263 } | 1285 } |
| 1264 | 1286 |
| 1265 | 1287 |
| 1266 | 1288 |
| (...skipping 5497 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 6764 att = sftk_FindAttribute(key,CKA_VALUE); | 6786 att = sftk_FindAttribute(key,CKA_VALUE); |
| 6765 sftk_FreeObject(key); | 6787 sftk_FreeObject(key); |
| 6766 if (!att) { | 6788 if (!att) { |
| 6767 return CKR_KEY_HANDLE_INVALID; | 6789 return CKR_KEY_HANDLE_INVALID; |
| 6768 } | 6790 } |
| 6769 crv = NSC_DigestUpdate(hSession,(CK_BYTE_PTR)att->attrib.pValue, | 6791 crv = NSC_DigestUpdate(hSession,(CK_BYTE_PTR)att->attrib.pValue, |
| 6770 att->attrib.ulValueLen); | 6792 att->attrib.ulValueLen); |
| 6771 sftk_FreeAttribute(att); | 6793 sftk_FreeAttribute(att); |
| 6772 return crv; | 6794 return crv; |
| 6773 } | 6795 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 12197027:
Merge NSS_3_14_2_RTM. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/