| Index: patches/nss-encrypt-with-sym-key.patch
|
| ===================================================================
|
| --- patches/nss-encrypt-with-sym-key.patch (revision 0)
|
| +++ patches/nss-encrypt-with-sym-key.patch (revision 0)
|
| @@ -0,0 +1,120 @@
|
| +Index: mozilla/security/nss/lib/pk11wrap/pk11obj.c
|
| +===================================================================
|
| +--- mozilla/security/nss/lib/pk11wrap/pk11obj.c (revision 182578)
|
| ++++ mozilla/security/nss/lib/pk11wrap/pk11obj.c (working copy)
|
| +@@ -822,6 +822,93 @@
|
| + return SECSuccess;
|
| + }
|
| +
|
| ++SECStatus
|
| ++PK11_EncryptWithSymKey(PK11SymKey *symKey,
|
| ++ CK_MECHANISM_TYPE mechanism, SECItem *param,
|
| ++ unsigned char *out, unsigned int *outLen,
|
| ++ unsigned int maxLen,
|
| ++ const unsigned char *data, unsigned dataLen)
|
| ++{
|
| ++ PK11SlotInfo *slot = symKey->slot;
|
| ++ CK_MECHANISM mech = {0, NULL, 0 };
|
| ++ CK_ULONG len = maxLen;
|
| ++ PRBool owner = PR_TRUE;
|
| ++ CK_SESSION_HANDLE session;
|
| ++ PRBool haslock = PR_FALSE;
|
| ++ CK_RV crv;
|
| ++
|
| ++ mech.mechanism = mechanism;
|
| ++ if (param) {
|
| ++ mech.pParameter = param->data;
|
| ++ mech.ulParameterLen = param->len;
|
| ++ }
|
| ++
|
| ++ session = pk11_GetNewSession(slot, &owner);
|
| ++ haslock = (!owner || !slot->isThreadSafe);
|
| ++ if (haslock) PK11_EnterSlotMonitor(slot);
|
| ++ crv = PK11_GETTAB(slot)->C_EncryptInit(session, &mech, symKey->objectID);
|
| ++ if (crv != CKR_OK) {
|
| ++ if (haslock) PK11_ExitSlotMonitor(slot);
|
| ++ pk11_CloseSession(slot,session,owner);
|
| ++ PORT_SetError( PK11_MapError(crv) );
|
| ++ return SECFailure;
|
| ++ }
|
| ++ crv = PK11_GETTAB(slot)->C_Encrypt(session, (unsigned char *)data,
|
| ++ dataLen, out, &len);
|
| ++ if (haslock) PK11_ExitSlotMonitor(slot);
|
| ++ pk11_CloseSession(slot,session,owner);
|
| ++ *outLen = len;
|
| ++ if (crv != CKR_OK) {
|
| ++ PORT_SetError( PK11_MapError(crv) );
|
| ++ return SECFailure;
|
| ++ }
|
| ++ return SECSuccess;
|
| ++}
|
| ++
|
| ++SECStatus
|
| ++PK11_DecryptWithSymKey(PK11SymKey *symKey,
|
| ++ CK_MECHANISM_TYPE mechanism, SECItem *param,
|
| ++ unsigned char *out, unsigned int *outLen,
|
| ++ unsigned int maxLen,
|
| ++ const unsigned char *enc, unsigned encLen)
|
| ++{
|
| ++ PK11SlotInfo *slot = symKey->slot;
|
| ++ CK_MECHANISM mech = {0, NULL, 0 };
|
| ++ CK_ULONG len = maxLen;
|
| ++ PRBool owner = PR_TRUE;
|
| ++ CK_SESSION_HANDLE session;
|
| ++ PRBool haslock = PR_FALSE;
|
| ++ CK_RV crv;
|
| ++
|
| ++ mech.mechanism = mechanism;
|
| ++ if (param) {
|
| ++ mech.pParameter = param->data;
|
| ++ mech.ulParameterLen = param->len;
|
| ++ }
|
| ++
|
| ++ session = pk11_GetNewSession(slot, &owner);
|
| ++ haslock = (!owner || !slot->isThreadSafe);
|
| ++ if (haslock) PK11_EnterSlotMonitor(slot);
|
| ++ crv = PK11_GETTAB(slot)->C_DecryptInit(session, &mech, symKey->objectID);
|
| ++ if (crv != CKR_OK) {
|
| ++ if (haslock) PK11_ExitSlotMonitor(slot);
|
| ++ pk11_CloseSession(slot, session, owner);
|
| ++ PORT_SetError( PK11_MapError(crv) );
|
| ++ return SECFailure;
|
| ++ }
|
| ++
|
| ++ crv = PK11_GETTAB(slot)->C_Decrypt(session, (unsigned char *)enc, encLen,
|
| ++ out, &len);
|
| ++ if (haslock) PK11_ExitSlotMonitor(slot);
|
| ++ pk11_CloseSession(slot, session, owner);
|
| ++ *outLen = len;
|
| ++ if (crv != CKR_OK) {
|
| ++ PORT_SetError( PK11_MapError(crv) );
|
| ++ return SECFailure;
|
| ++ }
|
| ++ return SECSuccess;
|
| ++}
|
| ++
|
| + /*
|
| + * Now SSL 2.0 uses raw RSA stuff. These next to functions *must* use
|
| + * RSA keys, or they'll fail. We do the checks up front. If anyone comes
|
| +Index: mozilla/security/nss/lib/pk11wrap/pk11pub.h
|
| +===================================================================
|
| +--- mozilla/security/nss/lib/pk11wrap/pk11pub.h (revision 182578)
|
| ++++ mozilla/security/nss/lib/pk11wrap/pk11pub.h (working copy)
|
| +@@ -508,6 +508,17 @@
|
| + void *wincx);
|
| + int PK11_GetPrivateModulusLen(SECKEYPrivateKey *key);
|
| +
|
| ++SECStatus PK11_EncryptWithSymKey(PK11SymKey *symKey,
|
| ++ CK_MECHANISM_TYPE mechanism, SECItem *param,
|
| ++ unsigned char *out, unsigned int *outLen,
|
| ++ unsigned int maxLen,
|
| ++ const unsigned char *data, unsigned dataLen);
|
| ++SECStatus PK11_DecryptWithSymKey(PK11SymKey *symkey,
|
| ++ CK_MECHANISM_TYPE mechanism, SECItem *param,
|
| ++ unsigned char *out, unsigned int *outLen,
|
| ++ unsigned int maxLen,
|
| ++ const unsigned char *enc, unsigned encLen);
|
| ++
|
| + /* note: despite the name, this function takes a private key. */
|
| + SECStatus PK11_PubDecryptRaw(SECKEYPrivateKey *key, unsigned char *data,
|
| + unsigned *outLen, unsigned int maxLen, unsigned char *enc, unsigned encLen);
|
|
|
| Property changes on: patches\nss-encrypt-with-sym-key.patch
|
| ___________________________________________________________________
|
| Added: svn:eol-style
|
| + LF
|
|
|
|
|
Chromium Code Reviews
Issue 12668022:
Make CKM_AES_GCM usable. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/