| OLD | NEW |
|---|
| 1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
| 2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
| 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| 4 /* | 4 /* |
| 5 * This file implements PKCS 11 on top of our existing security modules | 5 * This file implements PKCS 11 on top of our existing security modules |
| 6 * | 6 * |
| 7 * For more information about PKCS 11 See PKCS 11 Token Inteface Standard. | 7 * For more information about PKCS 11 See PKCS 11 Token Inteface Standard. |
| 8 * This implementation has two slots: | 8 * This implementation has two slots: |
| 9 * slot 1 is our generic crypto support. It does not require login. | 9 * slot 1 is our generic crypto support. It does not require login. |
| 10 * It supports Public Key ops, and all they bulk ciphers and hashes. | 10 * It supports Public Key ops, and all they bulk ciphers and hashes. |
| (...skipping 439 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 450 case CKM_AES_CTS: | 450 case CKM_AES_CTS: |
| 451 return NSS_AES_CTS; | 451 return NSS_AES_CTS; |
| 452 case CKM_AES_CTR: | 452 case CKM_AES_CTR: |
| 453 return NSS_AES_CTR; | 453 return NSS_AES_CTR; |
| 454 case CKM_AES_GCM: | 454 case CKM_AES_GCM: |
| 455 return NSS_AES_GCM; | 455 return NSS_AES_GCM; |
| 456 } | 456 } |
| 457 return -1; | 457 return -1; |
| 458 } | 458 } |
| 459 | 459 |
| 460 static SECStatus |
| 461 sftk_EncryptOAEP(SFTKOAEPEncryptInfo *info, unsigned char *output, |
| 462 unsigned int *outputLen, unsigned int maxLen, |
| 463 unsigned char *input, unsigned int inputLen) |
| 464 { |
| 465 return RSA_EncryptOAEP(info->params, info->key, output, outputLen, |
| 466 maxLen, input, inputLen); |
| 467 } |
| 468 |
| 469 static SECStatus |
| 470 sftk_DecryptOAEP(SFTKOAEPDecryptInfo *info, unsigned char *output, |
| 471 unsigned int *outputLen, unsigned int maxLen, |
| 472 unsigned char *input, unsigned int inputLen) |
| 473 { |
| 474 return RSA_DecryptOAEP(info->params, info->key, output, outputLen, |
| 475 maxLen, input, inputLen); |
| 476 } |
| 477 |
| 460 /** NSC_CryptInit initializes an encryption/Decryption operation. | 478 /** NSC_CryptInit initializes an encryption/Decryption operation. |
| 461 * | 479 * |
| 462 * Always called by NSC_EncryptInit, NSC_DecryptInit, NSC_WrapKey,NSC_UnwrapKey. | 480 * Always called by NSC_EncryptInit, NSC_DecryptInit, NSC_WrapKey,NSC_UnwrapKey. |
| 463 * Called by NSC_SignInit, NSC_VerifyInit (via sftk_InitCBCMac) only for block | 481 * Called by NSC_SignInit, NSC_VerifyInit (via sftk_InitCBCMac) only for block |
| 464 * ciphers MAC'ing. | 482 * ciphers MAC'ing. |
| 465 */ | 483 */ |
| 466 static CK_RV | 484 static CK_RV |
| 467 sftk_CryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, | 485 sftk_CryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, |
| 468 CK_OBJECT_HANDLE hKey, | 486 CK_OBJECT_HANDLE hKey, |
| 469 CK_ATTRIBUTE_TYPE mechUsage, CK_ATTRIBUTE_TYPE keyUsage, | 487 CK_ATTRIBUTE_TYPE mechUsage, CK_ATTRIBUTE_TYPE keyUsage, |
| (...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 506 case CKM_RSA_X_509: | 524 case CKM_RSA_X_509: |
| 507 if (key_type != CKK_RSA) { | 525 if (key_type != CKK_RSA) { |
| 508 crv = CKR_KEY_TYPE_INCONSISTENT; | 526 crv = CKR_KEY_TYPE_INCONSISTENT; |
| 509 break; | 527 break; |
| 510 } | 528 } |
| 511 context->multi = PR_FALSE; | 529 context->multi = PR_FALSE; |
| 512 context->rsa = PR_TRUE; | 530 context->rsa = PR_TRUE; |
| 513 if (isEncrypt) { | 531 if (isEncrypt) { |
| 514 NSSLOWKEYPublicKey *pubKey = sftk_GetPubKey(key,CKK_RSA,&crv); | 532 NSSLOWKEYPublicKey *pubKey = sftk_GetPubKey(key,CKK_RSA,&crv); |
| 515 if (pubKey == NULL) { | 533 if (pubKey == NULL) { |
| 534 crv = CKR_KEY_HANDLE_INVALID; |
| 516 break; | 535 break; |
| 517 } | 536 } |
| 518 context->maxLen = nsslowkey_PublicModulusLen(pubKey); | 537 context->maxLen = nsslowkey_PublicModulusLen(pubKey); |
| 519 context->cipherInfo = (void *)pubKey; | 538 context->cipherInfo = (void *)pubKey; |
| 520 context->update = (SFTKCipher) | 539 context->update = (SFTKCipher) |
| 521 (pMechanism->mechanism == CKM_RSA_X_509 | 540 (pMechanism->mechanism == CKM_RSA_X_509 |
| 522 ? RSA_EncryptRaw : RSA_EncryptBlock); | 541 ? RSA_EncryptRaw : RSA_EncryptBlock); |
| 523 } else { | 542 } else { |
| 524 NSSLOWKEYPrivateKey *privKey = sftk_GetPrivKey(key,CKK_RSA,&crv); | 543 NSSLOWKEYPrivateKey *privKey = sftk_GetPrivKey(key,CKK_RSA,&crv); |
| 525 if (privKey == NULL) { | 544 if (privKey == NULL) { |
| 545 crv = CKR_KEY_HANDLE_INVALID; |
| 526 break; | 546 break; |
| 527 } | 547 } |
| 528 context->maxLen = nsslowkey_PrivateModulusLen(privKey); | 548 context->maxLen = nsslowkey_PrivateModulusLen(privKey); |
| 529 context->cipherInfo = (void *)privKey; | 549 context->cipherInfo = (void *)privKey; |
| 530 context->update = (SFTKCipher) | 550 context->update = (SFTKCipher) |
| 531 (pMechanism->mechanism == CKM_RSA_X_509 | 551 (pMechanism->mechanism == CKM_RSA_X_509 |
| 532 ? RSA_DecryptRaw : RSA_DecryptBlock); | 552 ? RSA_DecryptRaw : RSA_DecryptBlock); |
| 533 } | 553 } |
| 534 context->destroy = sftk_Null; | 554 context->destroy = sftk_Null; |
| 535 break; | 555 break; |
| 556 /* XXX: Disabled until unit tests land. |
| 557 case CKM_RSA_PKCS_OAEP: |
| 558 if (key_type != CKK_RSA) { |
| 559 crv = CKR_KEY_TYPE_INCONSISTENT; |
| 560 break; |
| 561 } |
| 562 context->multi = PR_FALSE; |
| 563 context->rsa = PR_TRUE; |
| 564 if (pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_OAEP_PARAMS)) { |
| 565 crv = CKR_MECHANISM_PARAM_INVALID; |
| 566 break; |
| 567 } |
| 568 /\* XXX: Need Parameter validation here *\/ |
| 569 if (isEncrypt) { |
| 570 SFTKOAEPEncryptInfo *info = PORT_New(SFTKOAEPEncryptInfo); |
| 571 if (info == NULL) { |
| 572 crv = CKR_HOST_MEMORY; |
| 573 break; |
| 574 } |
| 575 info->params = pMechanism->pParameter; |
| 576 info->key = sftk_GetPubKey(key, CKK_RSA, &crv); |
| 577 if (info->key == NULL) { |
| 578 PORT_Free(info); |
| 579 crv = CKR_KEY_HANDLE_INVALID; |
| 580 break; |
| 581 } |
| 582 context->update = (SFTKCipher) sftk_EncryptOAEP; |
| 583 context->maxLen = nsslowkey_PublicModulusLen(info->key); |
| 584 context->cipherInfo = info; |
| 585 } else { |
| 586 SFTKOAEPDecryptInfo *info = PORT_New(SFTKOAEPDecryptInfo); |
| 587 if (info == NULL) { |
| 588 crv = CKR_HOST_MEMORY; |
| 589 break; |
| 590 } |
| 591 info->params = pMechanism->pParameter; |
| 592 info->key = sftk_GetPrivKey(key, CKK_RSA, &crv); |
| 593 if (info->key == NULL) { |
| 594 PORT_Free(info); |
| 595 crv = CKR_KEY_HANDLE_INVALID; |
| 596 break; |
| 597 } |
| 598 context->update = (SFTKCipher) sftk_DecryptOAEP; |
| 599 context->maxLen = nsslowkey_PrivateModulusLen(info->key); |
| 600 context->cipherInfo = info; |
| 601 } |
| 602 context->destroy = (SFTKDestroy) sftk_Space; |
| 603 break; |
| 604 */ |
| 536 case CKM_RC2_CBC_PAD: | 605 case CKM_RC2_CBC_PAD: |
| 537 context->doPad = PR_TRUE; | 606 context->doPad = PR_TRUE; |
| 538 /* fall thru */ | 607 /* fall thru */ |
| 539 case CKM_RC2_ECB: | 608 case CKM_RC2_ECB: |
| 540 case CKM_RC2_CBC: | 609 case CKM_RC2_CBC: |
| 541 context->blockSize = 8; | 610 context->blockSize = 8; |
| 542 if (key_type != CKK_RC2) { | 611 if (key_type != CKK_RC2) { |
| 543 crv = CKR_KEY_TYPE_INCONSISTENT; | 612 crv = CKR_KEY_TYPE_INCONSISTENT; |
| 544 break; | 613 break; |
| 545 } | 614 } |
| (...skipping 907 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1453 } | 1522 } |
| 1454 | 1523 |
| 1455 DOSUB(MD2) | 1524 DOSUB(MD2) |
| 1456 DOSUB(MD5) | 1525 DOSUB(MD5) |
| 1457 DOSUB(SHA1) | 1526 DOSUB(SHA1) |
| 1458 DOSUB(SHA224) | 1527 DOSUB(SHA224) |
| 1459 DOSUB(SHA256) | 1528 DOSUB(SHA256) |
| 1460 DOSUB(SHA384) | 1529 DOSUB(SHA384) |
| 1461 DOSUB(SHA512) | 1530 DOSUB(SHA512) |
| 1462 | 1531 |
| 1463 /* | |
| 1464 * HMAC General copies only a portion of the result. This update routine likes | |
| 1465 * the final HMAC output with the signature. | |
| 1466 */ | |
| 1467 static SECStatus | 1532 static SECStatus |
| 1468 sftk_HMACCopy(CK_ULONG *copyLen,unsigned char *sig,unsigned int *sigLen, | 1533 sftk_SignCopy( |
| 1469 » » unsigned int maxLen,unsigned char *hash, unsigned int hashLen) | 1534 » CK_ULONG *copyLen, |
| 1535 » void *out, unsigned int *outLength, |
| 1536 » unsigned int maxLength, |
| 1537 » const unsigned char *hashResult, |
| 1538 » unsigned int hashResultLength) |
| 1470 { | 1539 { |
| 1471 if (maxLen < *copyLen) return SECFailure; | 1540 unsigned int toCopy = *copyLen; |
| 1472 PORT_Memcpy(sig,hash,*copyLen); | 1541 if (toCopy > maxLength) { |
| 1473 *sigLen = *copyLen; | 1542 » toCopy = maxLength; |
| 1543 } |
| 1544 if (toCopy > hashResultLength) { |
| 1545 » toCopy = hashResultLength; |
| 1546 } |
| 1547 memcpy(out, hashResult, toCopy); |
| 1548 if (outLength) { |
| 1549 » *outLength = toCopy; |
| 1550 } |
| 1474 return SECSuccess; | 1551 return SECSuccess; |
| 1475 } | 1552 } |
| 1476 | 1553 |
| 1477 /* Verify is just a compare for HMAC */ | 1554 /* Verify is just a compare for HMAC */ |
| 1478 static SECStatus | 1555 static SECStatus |
| 1479 sftk_HMACCmp(CK_ULONG *copyLen,unsigned char *sig,unsigned int sigLen, | 1556 sftk_HMACCmp(CK_ULONG *copyLen,unsigned char *sig,unsigned int sigLen, |
| 1480 unsigned char *hash, unsigned int hashLen) | 1557 unsigned char *hash, unsigned int hashLen) |
| 1481 { | 1558 { |
| 1482 return (PORT_Memcmp(sig,hash,*copyLen) == 0) ? SECSuccess : SECFailure ; | 1559 return (PORT_Memcmp(sig,hash,*copyLen) == 0) ? SECSuccess : SECFailure ; |
| 1483 } | 1560 } |
| (...skipping 28 matching lines...) Expand all Loading... |
| 1512 if (context->hashInfo == NULL) { | 1589 if (context->hashInfo == NULL) { |
| 1513 if (PORT_GetError() == SEC_ERROR_INVALID_ARGS) { | 1590 if (PORT_GetError() == SEC_ERROR_INVALID_ARGS) { |
| 1514 return CKR_KEY_SIZE_RANGE; | 1591 return CKR_KEY_SIZE_RANGE; |
| 1515 } | 1592 } |
| 1516 return CKR_HOST_MEMORY; | 1593 return CKR_HOST_MEMORY; |
| 1517 } | 1594 } |
| 1518 context->hashUpdate = (SFTKHash) HMAC_Update; | 1595 context->hashUpdate = (SFTKHash) HMAC_Update; |
| 1519 context->end = (SFTKEnd) HMAC_Finish; | 1596 context->end = (SFTKEnd) HMAC_Finish; |
| 1520 | 1597 |
| 1521 context->hashdestroy = (SFTKDestroy) HMAC_Destroy; | 1598 context->hashdestroy = (SFTKDestroy) HMAC_Destroy; |
| 1522 intpointer = (CK_ULONG *) PORT_Alloc(sizeof(CK_ULONG)); | 1599 intpointer = PORT_New(CK_ULONG); |
| 1523 if (intpointer == NULL) { | 1600 if (intpointer == NULL) { |
| 1524 return CKR_HOST_MEMORY; | 1601 return CKR_HOST_MEMORY; |
| 1525 } | 1602 } |
| 1526 *intpointer = mac_size; | 1603 *intpointer = mac_size; |
| 1527 context->cipherInfo = (void *) intpointer; | 1604 context->cipherInfo = intpointer; |
| 1528 context->destroy = (SFTKDestroy) sftk_Space; | 1605 context->destroy = (SFTKDestroy) sftk_Space; |
| 1529 context->update = (SFTKCipher) sftk_HMACCopy; | 1606 context->update = (SFTKCipher) sftk_SignCopy; |
| 1530 context->verify = (SFTKVerify) sftk_HMACCmp; | 1607 context->verify = (SFTKVerify) sftk_HMACCmp; |
| 1531 context->maxLen = hashObj->length; | 1608 context->maxLen = hashObj->length; |
| 1532 HMAC_Begin(HMACcontext); | 1609 HMAC_Begin(HMACcontext); |
| 1533 return CKR_OK; | 1610 return CKR_OK; |
| 1534 } | 1611 } |
| 1535 | 1612 |
| 1536 /* | 1613 /* |
| 1537 * SSL Macing support. SSL Macs are inited, then update with the base | 1614 * SSL Macing support. SSL Macs are inited, then update with the base |
| 1538 * hashing algorithm, then finalized in sign and verify | 1615 * hashing algorithm, then finalized in sign and verify |
| 1539 */ | 1616 */ |
| (...skipping 625 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2165 crv = sftk_doSSLMACInit(context,SEC_OID_MD5,key, | 2242 crv = sftk_doSSLMACInit(context,SEC_OID_MD5,key, |
| 2166 *(CK_ULONG *)pMechanism->pParameter); | 2243 *(CK_ULONG *)pMechanism->pParameter); |
| 2167 break; | 2244 break; |
| 2168 case CKM_SSL3_SHA1_MAC: | 2245 case CKM_SSL3_SHA1_MAC: |
| 2169 crv = sftk_doSSLMACInit(context,SEC_OID_SHA1,key, | 2246 crv = sftk_doSSLMACInit(context,SEC_OID_SHA1,key, |
| 2170 *(CK_ULONG *)pMechanism->pParameter); | 2247 *(CK_ULONG *)pMechanism->pParameter); |
| 2171 break; | 2248 break; |
| 2172 case CKM_TLS_PRF_GENERAL: | 2249 case CKM_TLS_PRF_GENERAL: |
| 2173 crv = sftk_TLSPRFInit(context, key, key_type); | 2250 crv = sftk_TLSPRFInit(context, key, key_type); |
| 2174 break; | 2251 break; |
| 2252 |
| 2253 case CKM_NSS_HMAC_CONSTANT_TIME: { |
| 2254 sftk_MACConstantTimeCtx *ctx = |
| 2255 sftk_HMACConstantTime_New(pMechanism,key); |
| 2256 CK_ULONG *intpointer; |
| 2257 |
| 2258 if (ctx == NULL) { |
| 2259 crv = CKR_ARGUMENTS_BAD; |
| 2260 break; |
| 2261 } |
| 2262 intpointer = PORT_New(CK_ULONG); |
| 2263 if (intpointer == NULL) { |
| 2264 crv = CKR_HOST_MEMORY; |
| 2265 break; |
| 2266 } |
| 2267 *intpointer = ctx->hash->length; |
| 2268 |
| 2269 context->cipherInfo = intpointer; |
| 2270 context->hashInfo = ctx; |
| 2271 context->currentMech = pMechanism->mechanism; |
| 2272 context->hashUpdate = sftk_HMACConstantTime_Update; |
| 2273 context->hashdestroy = sftk_MACConstantTime_DestroyContext; |
| 2274 context->end = sftk_MACConstantTime_EndHash; |
| 2275 context->update = sftk_SignCopy; |
| 2276 context->destroy = sftk_Space; |
| 2277 context->maxLen = 64; |
| 2278 context->multi = PR_TRUE; |
| 2279 break; |
| 2280 } |
| 2281 |
| 2282 case CKM_NSS_SSL3_MAC_CONSTANT_TIME: { |
| 2283 sftk_MACConstantTimeCtx *ctx = |
| 2284 sftk_SSLv3MACConstantTime_New(pMechanism,key); |
| 2285 CK_ULONG *intpointer; |
| 2286 |
| 2287 if (ctx == NULL) { |
| 2288 crv = CKR_ARGUMENTS_BAD; |
| 2289 break; |
| 2290 } |
| 2291 intpointer = PORT_New(CK_ULONG); |
| 2292 if (intpointer == NULL) { |
| 2293 crv = CKR_HOST_MEMORY; |
| 2294 break; |
| 2295 } |
| 2296 *intpointer = ctx->hash->length; |
| 2297 |
| 2298 context->cipherInfo = intpointer; |
| 2299 context->hashInfo = ctx; |
| 2300 context->currentMech = pMechanism->mechanism; |
| 2301 context->hashUpdate = sftk_SSLv3MACConstantTime_Update; |
| 2302 context->hashdestroy = sftk_MACConstantTime_DestroyContext; |
| 2303 context->end = sftk_MACConstantTime_EndHash; |
| 2304 context->update = sftk_SignCopy; |
| 2305 context->destroy = sftk_Space; |
| 2306 context->maxLen = 64; |
| 2307 context->multi = PR_TRUE; |
| 2308 break; |
| 2309 } |
| 2310 |
| 2175 default: | 2311 default: |
| 2176 crv = CKR_MECHANISM_INVALID; | 2312 crv = CKR_MECHANISM_INVALID; |
| 2177 break; | 2313 break; |
| 2178 } | 2314 } |
| 2179 | 2315 |
| 2180 if (crv != CKR_OK) { | 2316 if (crv != CKR_OK) { |
| 2181 if (info) PORT_Free(info); | 2317 if (info) PORT_Free(info); |
| 2182 sftk_FreeContext(context); | 2318 sftk_FreeContext(context); |
| 2183 sftk_FreeSession(session); | 2319 sftk_FreeSession(session); |
| 2184 return crv; | 2320 return crv; |
| (...skipping 4601 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 6786 att = sftk_FindAttribute(key,CKA_VALUE); | 6922 att = sftk_FindAttribute(key,CKA_VALUE); |
| 6787 sftk_FreeObject(key); | 6923 sftk_FreeObject(key); |
| 6788 if (!att) { | 6924 if (!att) { |
| 6789 return CKR_KEY_HANDLE_INVALID; | 6925 return CKR_KEY_HANDLE_INVALID; |
| 6790 } | 6926 } |
| 6791 crv = NSC_DigestUpdate(hSession,(CK_BYTE_PTR)att->attrib.pValue, | 6927 crv = NSC_DigestUpdate(hSession,(CK_BYTE_PTR)att->attrib.pValue, |
| 6792 att->attrib.ulValueLen); | 6928 att->attrib.ulValueLen); |
| 6793 sftk_FreeAttribute(att); | 6929 sftk_FreeAttribute(att); |
| 6794 return crv; | 6930 return crv; |
| 6795 } | 6931 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 12207073:
Update to NSS 3.14.3 Beta 1 for the TLS CBC constant-time (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/