OLD | NEW |
1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
4 /* | 4 /* |
5 * This file implements PKCS 11 on top of our existing security modules | 5 * This file implements PKCS 11 on top of our existing security modules |
6 * | 6 * |
7 * For more information about PKCS 11 See PKCS 11 Token Inteface Standard. | 7 * For more information about PKCS 11 See PKCS 11 Token Inteface Standard. |
8 * This implementation has two slots: | 8 * This implementation has two slots: |
9 * slot 1 is our generic crypto support. It does not require login. | 9 * slot 1 is our generic crypto support. It does not require login. |
10 * It supports Public Key ops, and all they bulk ciphers and hashes. | 10 * It supports Public Key ops, and all they bulk ciphers and hashes. |
(...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
66 #ifndef NSS_DISABLE_ECC | 66 #ifndef NSS_DISABLE_ECC |
67 #ifdef EC_DEBUG | 67 #ifdef EC_DEBUG |
68 #define SEC_PRINT(str1, str2, num, sitem) \ | 68 #define SEC_PRINT(str1, str2, num, sitem) \ |
69 printf("pkcs11c.c:%s:%s (keytype=%d) [len=%d]\n", \ | 69 printf("pkcs11c.c:%s:%s (keytype=%d) [len=%d]\n", \ |
70 str1, str2, num, sitem->len); \ | 70 str1, str2, num, sitem->len); \ |
71 for (i = 0; i < sitem->len; i++) { \ | 71 for (i = 0; i < sitem->len; i++) { \ |
72 printf("%02x:", sitem->data[i]); \ | 72 printf("%02x:", sitem->data[i]); \ |
73 } \ | 73 } \ |
74 printf("\n") | 74 printf("\n") |
75 #else | 75 #else |
| 76 #undef EC_DEBUG |
76 #define SEC_PRINT(a, b, c, d) | 77 #define SEC_PRINT(a, b, c, d) |
77 #endif | 78 #endif |
78 #endif /* NSS_DISABLE_ECC */ | 79 #endif /* NSS_DISABLE_ECC */ |
79 | 80 |
80 /* | 81 /* |
81 * free routines.... Free local type allocated data, and convert | 82 * free routines.... Free local type allocated data, and convert |
82 * other free routines to the destroy signature. | 83 * other free routines to the destroy signature. |
83 */ | 84 */ |
84 static void | 85 static void |
85 sftk_FreePrivKey(NSSLOWKEYPrivateKey *key, PRBool freeit) | 86 sftk_FreePrivKey(NSSLOWKEYPrivateKey *key, PRBool freeit) |
(...skipping 2544 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2630 | 2631 |
2631 case CKM_SSL3_MD5_MAC: | 2632 case CKM_SSL3_MD5_MAC: |
2632 crv = sftk_doSSLMACInit(context,SEC_OID_MD5,key, | 2633 crv = sftk_doSSLMACInit(context,SEC_OID_MD5,key, |
2633 *(CK_ULONG *)pMechanism->pParameter); | 2634 *(CK_ULONG *)pMechanism->pParameter); |
2634 break; | 2635 break; |
2635 case CKM_SSL3_SHA1_MAC: | 2636 case CKM_SSL3_SHA1_MAC: |
2636 crv = sftk_doSSLMACInit(context,SEC_OID_SHA1,key, | 2637 crv = sftk_doSSLMACInit(context,SEC_OID_SHA1,key, |
2637 *(CK_ULONG *)pMechanism->pParameter); | 2638 *(CK_ULONG *)pMechanism->pParameter); |
2638 break; | 2639 break; |
2639 case CKM_TLS_PRF_GENERAL: | 2640 case CKM_TLS_PRF_GENERAL: |
2640 » crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgNULL); | 2641 » crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgNULL, 0); |
2641 break; | 2642 break; |
| 2643 case CKM_TLS_MAC: { |
| 2644 CK_TLS_MAC_PARAMS *tls12_mac_params; |
| 2645 HASH_HashType tlsPrfHash; |
| 2646 const char *label; |
| 2647 |
| 2648 if (pMechanism->ulParameterLen != sizeof(CK_TLS_MAC_PARAMS)) { |
| 2649 crv = CKR_MECHANISM_PARAM_INVALID; |
| 2650 break; |
| 2651 } |
| 2652 tls12_mac_params = (CK_TLS_MAC_PARAMS *)pMechanism->pParameter; |
| 2653 if (tls12_mac_params->prfMechanism == CKM_TLS_PRF) { |
| 2654 /* The TLS 1.0 and 1.1 PRF */ |
| 2655 tlsPrfHash = HASH_AlgNULL; |
| 2656 if (tls12_mac_params->ulMacLength != 12) { |
| 2657 crv = CKR_MECHANISM_PARAM_INVALID; |
| 2658 break; |
| 2659 } |
| 2660 } else { |
| 2661 /* The hash function for the TLS 1.2 PRF */ |
| 2662 tlsPrfHash = |
| 2663 GetHashTypeFromMechanism(tls12_mac_params->prfMechanism); |
| 2664 if (tlsPrfHash == HASH_AlgNULL || |
| 2665 tls12_mac_params->ulMacLength < 12) { |
| 2666 crv = CKR_MECHANISM_PARAM_INVALID; |
| 2667 break; |
| 2668 } |
| 2669 } |
| 2670 if (tls12_mac_params->ulServerOrClient == 1) { |
| 2671 label = "server finished"; |
| 2672 } else if (tls12_mac_params->ulServerOrClient == 2) { |
| 2673 label = "client finished"; |
| 2674 } else { |
| 2675 crv = CKR_MECHANISM_PARAM_INVALID; |
| 2676 break; |
| 2677 } |
| 2678 crv = sftk_TLSPRFInit(context, key, key_type, tlsPrfHash, |
| 2679 tls12_mac_params->ulMacLength); |
| 2680 if (crv == CKR_OK) { |
| 2681 context->hashUpdate(context->hashInfo, label, 15); |
| 2682 } |
| 2683 break; |
| 2684 } |
2642 case CKM_NSS_TLS_PRF_GENERAL_SHA256: | 2685 case CKM_NSS_TLS_PRF_GENERAL_SHA256: |
2643 » crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgSHA256); | 2686 » crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgSHA256, 0); |
2644 break; | 2687 break; |
2645 | 2688 |
2646 case CKM_NSS_HMAC_CONSTANT_TIME: { | 2689 case CKM_NSS_HMAC_CONSTANT_TIME: { |
2647 sftk_MACConstantTimeCtx *ctx = | 2690 sftk_MACConstantTimeCtx *ctx = |
2648 sftk_HMACConstantTime_New(pMechanism,key); | 2691 sftk_HMACConstantTime_New(pMechanism,key); |
2649 CK_ULONG *intpointer; | 2692 CK_ULONG *intpointer; |
2650 | 2693 |
2651 if (ctx == NULL) { | 2694 if (ctx == NULL) { |
2652 crv = CKR_ARGUMENTS_BAD; | 2695 crv = CKR_ARGUMENTS_BAD; |
2653 break; | 2696 break; |
2654 } | 2697 } |
2655 intpointer = PORT_New(CK_ULONG); | 2698 intpointer = PORT_New(CK_ULONG); |
2656 if (intpointer == NULL) { | 2699 if (intpointer == NULL) { |
| 2700 PORT_Free(ctx); |
2657 crv = CKR_HOST_MEMORY; | 2701 crv = CKR_HOST_MEMORY; |
2658 break; | 2702 break; |
2659 } | 2703 } |
2660 *intpointer = ctx->hash->length; | 2704 *intpointer = ctx->hash->length; |
2661 | 2705 |
2662 context->cipherInfo = intpointer; | 2706 context->cipherInfo = intpointer; |
2663 context->hashInfo = ctx; | 2707 context->hashInfo = ctx; |
2664 context->currentMech = pMechanism->mechanism; | 2708 context->currentMech = pMechanism->mechanism; |
2665 context->hashUpdate = sftk_HMACConstantTime_Update; | 2709 context->hashUpdate = sftk_HMACConstantTime_Update; |
2666 context->hashdestroy = sftk_MACConstantTime_DestroyContext; | 2710 context->hashdestroy = sftk_MACConstantTime_DestroyContext; |
2667 context->end = sftk_MACConstantTime_EndHash; | 2711 context->end = sftk_MACConstantTime_EndHash; |
2668 context->update = (SFTKCipher) sftk_SignCopy; | 2712 context->update = (SFTKCipher) sftk_SignCopy; |
2669 context->destroy = sftk_Space; | 2713 context->destroy = sftk_Space; |
2670 context->maxLen = 64; | 2714 context->maxLen = 64; |
2671 context->multi = PR_TRUE; | 2715 context->multi = PR_TRUE; |
2672 break; | 2716 break; |
2673 } | 2717 } |
2674 | 2718 |
2675 case CKM_NSS_SSL3_MAC_CONSTANT_TIME: { | 2719 case CKM_NSS_SSL3_MAC_CONSTANT_TIME: { |
2676 sftk_MACConstantTimeCtx *ctx = | 2720 sftk_MACConstantTimeCtx *ctx = |
2677 sftk_SSLv3MACConstantTime_New(pMechanism,key); | 2721 sftk_SSLv3MACConstantTime_New(pMechanism,key); |
2678 CK_ULONG *intpointer; | 2722 CK_ULONG *intpointer; |
2679 | 2723 |
2680 if (ctx == NULL) { | 2724 if (ctx == NULL) { |
2681 crv = CKR_ARGUMENTS_BAD; | 2725 crv = CKR_ARGUMENTS_BAD; |
2682 break; | 2726 break; |
2683 } | 2727 } |
2684 intpointer = PORT_New(CK_ULONG); | 2728 intpointer = PORT_New(CK_ULONG); |
2685 if (intpointer == NULL) { | 2729 if (intpointer == NULL) { |
| 2730 PORT_Free(ctx); |
2686 crv = CKR_HOST_MEMORY; | 2731 crv = CKR_HOST_MEMORY; |
2687 break; | 2732 break; |
2688 } | 2733 } |
2689 *intpointer = ctx->hash->length; | 2734 *intpointer = ctx->hash->length; |
2690 | 2735 |
2691 context->cipherInfo = intpointer; | 2736 context->cipherInfo = intpointer; |
2692 context->hashInfo = ctx; | 2737 context->hashInfo = ctx; |
2693 context->currentMech = pMechanism->mechanism; | 2738 context->currentMech = pMechanism->mechanism; |
2694 context->hashUpdate = sftk_SSLv3MACConstantTime_Update; | 2739 context->hashUpdate = sftk_SSLv3MACConstantTime_Update; |
2695 context->hashdestroy = sftk_MACConstantTime_DestroyContext; | 2740 context->hashdestroy = sftk_MACConstantTime_DestroyContext; |
(...skipping 531 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3227 | 3272 |
3228 case CKM_SSL3_MD5_MAC: | 3273 case CKM_SSL3_MD5_MAC: |
3229 crv = sftk_doSSLMACInit(context,SEC_OID_MD5,key, | 3274 crv = sftk_doSSLMACInit(context,SEC_OID_MD5,key, |
3230 *(CK_ULONG *)pMechanism->pParameter); | 3275 *(CK_ULONG *)pMechanism->pParameter); |
3231 break; | 3276 break; |
3232 case CKM_SSL3_SHA1_MAC: | 3277 case CKM_SSL3_SHA1_MAC: |
3233 crv = sftk_doSSLMACInit(context,SEC_OID_SHA1,key, | 3278 crv = sftk_doSSLMACInit(context,SEC_OID_SHA1,key, |
3234 *(CK_ULONG *)pMechanism->pParameter); | 3279 *(CK_ULONG *)pMechanism->pParameter); |
3235 break; | 3280 break; |
3236 case CKM_TLS_PRF_GENERAL: | 3281 case CKM_TLS_PRF_GENERAL: |
3237 » crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgNULL); | 3282 » crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgNULL, 0); |
3238 break; | 3283 break; |
3239 case CKM_NSS_TLS_PRF_GENERAL_SHA256: | 3284 case CKM_NSS_TLS_PRF_GENERAL_SHA256: |
3240 » crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgSHA256); | 3285 » crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgSHA256, 0); |
3241 break; | 3286 break; |
3242 | 3287 |
3243 default: | 3288 default: |
3244 crv = CKR_MECHANISM_INVALID; | 3289 crv = CKR_MECHANISM_INVALID; |
3245 break; | 3290 break; |
3246 } | 3291 } |
3247 | 3292 |
3248 if (crv != CKR_OK) { | 3293 if (crv != CKR_OK) { |
3249 if (info) PORT_Free(info); | 3294 if (info) PORT_Free(info); |
3250 sftk_FreeContext(context); | 3295 sftk_FreeContext(context); |
(...skipping 519 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3770 params->pbeType = NSSPKCS5_PKCS12_V2; | 3815 params->pbeType = NSSPKCS5_PKCS12_V2; |
3771 params->hashType = HASH_AlgSHA1; | 3816 params->hashType = HASH_AlgSHA1; |
3772 params->encAlg = SEC_OID_SHA1; /* any invalid value */ | 3817 params->encAlg = SEC_OID_SHA1; /* any invalid value */ |
3773 params->is2KeyDES = PR_FALSE; | 3818 params->is2KeyDES = PR_FALSE; |
3774 params->keyID = pbeBitGenIntegrityKey; | 3819 params->keyID = pbeBitGenIntegrityKey; |
3775 pbe_params = (CK_PBE_PARAMS *)pMechanism->pParameter; | 3820 pbe_params = (CK_PBE_PARAMS *)pMechanism->pParameter; |
3776 params->iter = pbe_params->ulIteration; | 3821 params->iter = pbe_params->ulIteration; |
3777 | 3822 |
3778 salt.data = (unsigned char *)pbe_params->pSalt; | 3823 salt.data = (unsigned char *)pbe_params->pSalt; |
3779 salt.len = (unsigned int)pbe_params->ulSaltLen; | 3824 salt.len = (unsigned int)pbe_params->ulSaltLen; |
| 3825 salt.type = siBuffer; |
3780 rv = SECITEM_CopyItem(arena,¶ms->salt,&salt); | 3826 rv = SECITEM_CopyItem(arena,¶ms->salt,&salt); |
3781 if (rv != SECSuccess) { | 3827 if (rv != SECSuccess) { |
3782 PORT_FreeArena(arena,PR_TRUE); | 3828 PORT_FreeArena(arena,PR_TRUE); |
3783 return CKR_HOST_MEMORY; | 3829 return CKR_HOST_MEMORY; |
3784 } | 3830 } |
3785 switch (pMechanism->mechanism) { | 3831 switch (pMechanism->mechanism) { |
3786 case CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN: | 3832 case CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN: |
3787 case CKM_PBA_SHA1_WITH_SHA1_HMAC: | 3833 case CKM_PBA_SHA1_WITH_SHA1_HMAC: |
3788 params->hashType = HASH_AlgSHA1; | 3834 params->hashType = HASH_AlgSHA1; |
3789 params->keyLen = 20; | 3835 params->keyLen = 20; |
(...skipping 124 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3914 unsigned char buf[MAX_KEY_LEN]; | 3960 unsigned char buf[MAX_KEY_LEN]; |
3915 enum {nsc_pbe, nsc_ssl, nsc_bulk, nsc_param, nsc_jpake} key_gen_type; | 3961 enum {nsc_pbe, nsc_ssl, nsc_bulk, nsc_param, nsc_jpake} key_gen_type; |
3916 NSSPKCS5PBEParameter *pbe_param; | 3962 NSSPKCS5PBEParameter *pbe_param; |
3917 SSL3RSAPreMasterSecret *rsa_pms; | 3963 SSL3RSAPreMasterSecret *rsa_pms; |
3918 CK_VERSION *version; | 3964 CK_VERSION *version; |
3919 /* in very old versions of NSS, there were implementation errors with key | 3965 /* in very old versions of NSS, there were implementation errors with key |
3920 * generation methods. We want to beable to read these, but not | 3966 * generation methods. We want to beable to read these, but not |
3921 * produce them any more. The affected algorithm was 3DES. | 3967 * produce them any more. The affected algorithm was 3DES. |
3922 */ | 3968 */ |
3923 PRBool faultyPBE3DES = PR_FALSE; | 3969 PRBool faultyPBE3DES = PR_FALSE; |
3924 HASH_HashType hashType; | 3970 HASH_HashType hashType = HASH_AlgNULL; |
3925 | 3971 |
3926 CHECK_FORK(); | 3972 CHECK_FORK(); |
3927 | 3973 |
3928 if (!slot) { | 3974 if (!slot) { |
3929 return CKR_SESSION_HANDLE_INVALID; | 3975 return CKR_SESSION_HANDLE_INVALID; |
3930 } | 3976 } |
3931 /* | 3977 /* |
3932 * now lets create an object to hang the attributes off of | 3978 * now lets create an object to hang the attributes off of |
3933 */ | 3979 */ |
3934 key = sftk_NewObject(slot); /* fill in the handle later */ | 3980 key = sftk_NewObject(slot); /* fill in the handle later */ |
(...skipping 221 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
4156 * | 4202 * |
4157 * For sign/verify: CKK_RSA => CKM_RSA_PKCS | 4203 * For sign/verify: CKK_RSA => CKM_RSA_PKCS |
4158 * CKK_DSA => CKM_DSA | 4204 * CKK_DSA => CKM_DSA |
4159 * CKK_EC => CKM_ECDSA | 4205 * CKK_EC => CKM_ECDSA |
4160 * others => CKM_INVALID_MECHANISM | 4206 * others => CKM_INVALID_MECHANISM |
4161 * | 4207 * |
4162 * None of these mechanisms has a parameter. | 4208 * None of these mechanisms has a parameter. |
4163 */ | 4209 */ |
4164 CK_MECHANISM mech = {0, NULL, 0}; | 4210 CK_MECHANISM mech = {0, NULL, 0}; |
4165 | 4211 |
4166 CK_ULONG modulusLen; | 4212 CK_ULONG modulusLen = 0; |
4167 CK_ULONG subPrimeLen; | 4213 CK_ULONG subPrimeLen = 0; |
4168 PRBool isEncryptable = PR_FALSE; | 4214 PRBool isEncryptable = PR_FALSE; |
4169 PRBool canSignVerify = PR_FALSE; | 4215 PRBool canSignVerify = PR_FALSE; |
4170 PRBool isDerivable = PR_FALSE; | 4216 PRBool isDerivable = PR_FALSE; |
4171 CK_RV crv; | 4217 CK_RV crv; |
4172 | 4218 |
4173 /* Variables used for Encrypt/Decrypt functions. */ | 4219 /* Variables used for Encrypt/Decrypt functions. */ |
4174 unsigned char *known_message = (unsigned char *)"Known Crypto Message"; | 4220 unsigned char *known_message = (unsigned char *)"Known Crypto Message"; |
4175 unsigned char plaintext[PAIRWISE_MESSAGE_LENGTH]; | 4221 unsigned char plaintext[PAIRWISE_MESSAGE_LENGTH]; |
4176 CK_ULONG bytes_decrypted; | 4222 CK_ULONG bytes_decrypted; |
4177 unsigned char *ciphertext; | 4223 unsigned char *ciphertext; |
(...skipping 277 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
4455 int public_modulus_bits = 0; | 4501 int public_modulus_bits = 0; |
4456 SECItem pubExp; | 4502 SECItem pubExp; |
4457 RSAPrivateKey * rsaPriv; | 4503 RSAPrivateKey * rsaPriv; |
4458 | 4504 |
4459 /* DSA */ | 4505 /* DSA */ |
4460 PQGParams pqgParam; | 4506 PQGParams pqgParam; |
4461 DHParams dhParam; | 4507 DHParams dhParam; |
4462 DSAPrivateKey * dsaPriv; | 4508 DSAPrivateKey * dsaPriv; |
4463 | 4509 |
4464 /* Diffie Hellman */ | 4510 /* Diffie Hellman */ |
4465 int private_value_bits = 0; | |
4466 DHPrivateKey * dhPriv; | 4511 DHPrivateKey * dhPriv; |
4467 | 4512 |
4468 #ifndef NSS_DISABLE_ECC | 4513 #ifndef NSS_DISABLE_ECC |
4469 /* Elliptic Curve Cryptography */ | 4514 /* Elliptic Curve Cryptography */ |
4470 SECItem ecEncodedParams; /* DER Encoded parameters */ | 4515 SECItem ecEncodedParams; /* DER Encoded parameters */ |
4471 ECPrivateKey * ecPriv; | 4516 ECPrivateKey * ecPriv; |
4472 ECParams * ecParams; | 4517 ECParams * ecParams; |
4473 #endif /* NSS_DISABLE_ECC */ | 4518 #endif /* NSS_DISABLE_ECC */ |
4474 | 4519 |
4475 CHECK_FORK(); | 4520 CHECK_FORK(); |
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
4507 privateKey = sftk_NewObject(slot); /* fill in the handle later */ | 4552 privateKey = sftk_NewObject(slot); /* fill in the handle later */ |
4508 if (privateKey == NULL) { | 4553 if (privateKey == NULL) { |
4509 sftk_FreeObject(publicKey); | 4554 sftk_FreeObject(publicKey); |
4510 return CKR_HOST_MEMORY; | 4555 return CKR_HOST_MEMORY; |
4511 } | 4556 } |
4512 /* | 4557 /* |
4513 * now load the private key template | 4558 * now load the private key template |
4514 */ | 4559 */ |
4515 for (i=0; i < (int) ulPrivateKeyAttributeCount; i++) { | 4560 for (i=0; i < (int) ulPrivateKeyAttributeCount; i++) { |
4516 if (pPrivateKeyTemplate[i].type == CKA_VALUE_BITS) { | 4561 if (pPrivateKeyTemplate[i].type == CKA_VALUE_BITS) { |
4517 private_value_bits = *(CK_ULONG *)pPrivateKeyTemplate[i].pValue; | |
4518 continue; | 4562 continue; |
4519 } | 4563 } |
4520 | 4564 |
4521 crv = sftk_AddAttributeType(privateKey, | 4565 crv = sftk_AddAttributeType(privateKey, |
4522 sftk_attr_expand(&pPrivateKeyTemplate[i])); | 4566 sftk_attr_expand(&pPrivateKeyTemplate[i])); |
4523 if (crv != CKR_OK) break; | 4567 if (crv != CKR_OK) break; |
4524 } | 4568 } |
4525 | 4569 |
4526 if (crv != CKR_OK) { | 4570 if (crv != CKR_OK) { |
4527 sftk_FreeObject(publicKey); | 4571 sftk_FreeObject(publicKey); |
(...skipping 449 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
4977 { | 5021 { |
4978 NSSLOWKEYPrivateKey *lk = NULL; | 5022 NSSLOWKEYPrivateKey *lk = NULL; |
4979 NSSLOWKEYPrivateKeyInfo *pki = NULL; | 5023 NSSLOWKEYPrivateKeyInfo *pki = NULL; |
4980 SFTKAttribute *attribute = NULL; | 5024 SFTKAttribute *attribute = NULL; |
4981 PLArenaPool *arena = NULL; | 5025 PLArenaPool *arena = NULL; |
4982 SECOidTag algorithm = SEC_OID_UNKNOWN; | 5026 SECOidTag algorithm = SEC_OID_UNKNOWN; |
4983 void *dummy, *param = NULL; | 5027 void *dummy, *param = NULL; |
4984 SECStatus rv = SECSuccess; | 5028 SECStatus rv = SECSuccess; |
4985 SECItem *encodedKey = NULL; | 5029 SECItem *encodedKey = NULL; |
4986 #ifndef NSS_DISABLE_ECC | 5030 #ifndef NSS_DISABLE_ECC |
| 5031 #ifdef EC_DEBUG |
4987 SECItem *fordebug; | 5032 SECItem *fordebug; |
| 5033 #endif |
4988 int savelen; | 5034 int savelen; |
4989 #endif | 5035 #endif |
4990 | 5036 |
4991 if(!key) { | 5037 if(!key) { |
4992 *crvp = CKR_KEY_HANDLE_INVALID; /* really can't happen */ | 5038 *crvp = CKR_KEY_HANDLE_INVALID; /* really can't happen */ |
4993 return NULL; | 5039 return NULL; |
4994 } | 5040 } |
4995 | 5041 |
4996 attribute = sftk_FindAttribute(key, CKA_KEY_TYPE); | 5042 attribute = sftk_FindAttribute(key, CKA_KEY_TYPE); |
4997 if(!attribute) { | 5043 if(!attribute) { |
(...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
5050 * length before encoding and restore it later. | 5096 * length before encoding and restore it later. |
5051 */ | 5097 */ |
5052 lk->u.ec.publicValue.len <<= 3; | 5098 lk->u.ec.publicValue.len <<= 3; |
5053 savelen = lk->u.ec.ecParams.curveOID.len; | 5099 savelen = lk->u.ec.ecParams.curveOID.len; |
5054 lk->u.ec.ecParams.curveOID.len = 0; | 5100 lk->u.ec.ecParams.curveOID.len = 0; |
5055 dummy = SEC_ASN1EncodeItem(arena, &pki->privateKey, lk, | 5101 dummy = SEC_ASN1EncodeItem(arena, &pki->privateKey, lk, |
5056 nsslowkey_ECPrivateKeyTemplate); | 5102 nsslowkey_ECPrivateKeyTemplate); |
5057 lk->u.ec.ecParams.curveOID.len = savelen; | 5103 lk->u.ec.ecParams.curveOID.len = savelen; |
5058 lk->u.ec.publicValue.len >>= 3; | 5104 lk->u.ec.publicValue.len >>= 3; |
5059 | 5105 |
| 5106 #ifdef EC_DEBUG |
5060 fordebug = &pki->privateKey; | 5107 fordebug = &pki->privateKey; |
5061 SEC_PRINT("sftk_PackagePrivateKey()", "PrivateKey", lk->keyType, | 5108 SEC_PRINT("sftk_PackagePrivateKey()", "PrivateKey", lk->keyType, |
5062 fordebug); | 5109 fordebug); |
| 5110 #endif |
5063 | 5111 |
5064 param = SECITEM_DupItem(&lk->u.ec.ecParams.DEREncoding); | 5112 param = SECITEM_DupItem(&lk->u.ec.ecParams.DEREncoding); |
5065 | 5113 |
5066 algorithm = SEC_OID_ANSIX962_EC_PUBLIC_KEY; | 5114 algorithm = SEC_OID_ANSIX962_EC_PUBLIC_KEY; |
5067 break; | 5115 break; |
5068 #endif /* NSS_DISABLE_ECC */ | 5116 #endif /* NSS_DISABLE_ECC */ |
5069 case NSSLOWKEYDHKey: | 5117 case NSSLOWKEYDHKey: |
5070 default: | 5118 default: |
5071 dummy = NULL; | 5119 dummy = NULL; |
5072 break; | 5120 break; |
(...skipping 18 matching lines...) Expand all Loading... |
5091 if(!dummy) { | 5139 if(!dummy) { |
5092 *crvp = CKR_DEVICE_ERROR; /* should map NSS SECError */ | 5140 *crvp = CKR_DEVICE_ERROR; /* should map NSS SECError */ |
5093 rv = SECFailure; | 5141 rv = SECFailure; |
5094 goto loser; | 5142 goto loser; |
5095 } | 5143 } |
5096 | 5144 |
5097 encodedKey = SEC_ASN1EncodeItem(NULL, NULL, pki, | 5145 encodedKey = SEC_ASN1EncodeItem(NULL, NULL, pki, |
5098 nsslowkey_PrivateKeyInfoTemplate); | 5146 nsslowkey_PrivateKeyInfoTemplate); |
5099 *crvp = encodedKey ? CKR_OK : CKR_DEVICE_ERROR; | 5147 *crvp = encodedKey ? CKR_OK : CKR_DEVICE_ERROR; |
5100 | 5148 |
5101 #ifndef NSS_DISABLE_ECC | 5149 #ifdef EC_DEBUG |
5102 fordebug = encodedKey; | 5150 fordebug = encodedKey; |
5103 SEC_PRINT("sftk_PackagePrivateKey()", "PrivateKeyInfo", lk->keyType, | 5151 SEC_PRINT("sftk_PackagePrivateKey()", "PrivateKeyInfo", lk->keyType, |
5104 fordebug); | 5152 fordebug); |
5105 #endif | 5153 #endif |
5106 loser: | 5154 loser: |
5107 if(arena) { | 5155 if(arena) { |
5108 PORT_FreeArena(arena, PR_TRUE); | 5156 PORT_FreeArena(arena, PR_TRUE); |
5109 } | 5157 } |
5110 | 5158 |
5111 if(lk && (lk != key->objectInfo)) { | 5159 if(lk && (lk != key->objectInfo)) { |
(...skipping 828 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
5940 MD2Context * md2; | 5988 MD2Context * md2; |
5941 CK_ULONG macSize; | 5989 CK_ULONG macSize; |
5942 CK_ULONG tmpKeySize; | 5990 CK_ULONG tmpKeySize; |
5943 CK_ULONG IVSize; | 5991 CK_ULONG IVSize; |
5944 CK_ULONG keySize = 0; | 5992 CK_ULONG keySize = 0; |
5945 CK_RV crv = CKR_OK; | 5993 CK_RV crv = CKR_OK; |
5946 CK_BBOOL cktrue = CK_TRUE; | 5994 CK_BBOOL cktrue = CK_TRUE; |
5947 CK_KEY_TYPE keyType = CKK_GENERIC_SECRET; | 5995 CK_KEY_TYPE keyType = CKK_GENERIC_SECRET; |
5948 CK_OBJECT_CLASS classType = CKO_SECRET_KEY; | 5996 CK_OBJECT_CLASS classType = CKO_SECRET_KEY; |
5949 CK_KEY_DERIVATION_STRING_DATA *stringPtr; | 5997 CK_KEY_DERIVATION_STRING_DATA *stringPtr; |
| 5998 CK_MECHANISM_TYPE mechanism = pMechanism->mechanism; |
5950 PRBool isTLS = PR_FALSE; | 5999 PRBool isTLS = PR_FALSE; |
5951 PRBool isSHA256 = PR_FALSE; | |
5952 PRBool isDH = PR_FALSE; | 6000 PRBool isDH = PR_FALSE; |
| 6001 HASH_HashType tlsPrfHash = HASH_AlgNULL; |
5953 SECStatus rv; | 6002 SECStatus rv; |
5954 int i; | 6003 int i; |
5955 unsigned int outLen; | 6004 unsigned int outLen; |
5956 unsigned char sha_out[SHA1_LENGTH]; | 6005 unsigned char sha_out[SHA1_LENGTH]; |
5957 unsigned char key_block[NUM_MIXERS * MD5_LENGTH]; | 6006 unsigned char key_block[NUM_MIXERS * MD5_LENGTH]; |
5958 unsigned char key_block2[MD5_LENGTH]; | 6007 unsigned char key_block2[MD5_LENGTH]; |
5959 PRBool isFIPS; | 6008 PRBool isFIPS; |
5960 HASH_HashType hashType; | 6009 HASH_HashType hashType; |
5961 PRBool extractValue = PR_TRUE; | 6010 PRBool extractValue = PR_TRUE; |
5962 | 6011 |
(...skipping 26 matching lines...) Expand all Loading... |
5989 if (pTemplate[i].type == CKA_VALUE_LEN) { | 6038 if (pTemplate[i].type == CKA_VALUE_LEN) { |
5990 keySize = *(CK_ULONG *)pTemplate[i].pValue; | 6039 keySize = *(CK_ULONG *)pTemplate[i].pValue; |
5991 } | 6040 } |
5992 } | 6041 } |
5993 if (crv != CKR_OK) { sftk_FreeObject(key); return crv; } | 6042 if (crv != CKR_OK) { sftk_FreeObject(key); return crv; } |
5994 | 6043 |
5995 if (keySize == 0) { | 6044 if (keySize == 0) { |
5996 keySize = sftk_MapKeySize(keyType); | 6045 keySize = sftk_MapKeySize(keyType); |
5997 } | 6046 } |
5998 | 6047 |
5999 switch (pMechanism->mechanism) { | 6048 switch (mechanism) { |
6000 case CKM_NSS_JPAKE_ROUND2_SHA1: /* fall through */ | 6049 case CKM_NSS_JPAKE_ROUND2_SHA1: /* fall through */ |
6001 case CKM_NSS_JPAKE_ROUND2_SHA256: /* fall through */ | 6050 case CKM_NSS_JPAKE_ROUND2_SHA256: /* fall through */ |
6002 case CKM_NSS_JPAKE_ROUND2_SHA384: /* fall through */ | 6051 case CKM_NSS_JPAKE_ROUND2_SHA384: /* fall through */ |
6003 case CKM_NSS_JPAKE_ROUND2_SHA512: | 6052 case CKM_NSS_JPAKE_ROUND2_SHA512: |
6004 extractValue = PR_FALSE; | 6053 extractValue = PR_FALSE; |
6005 classType = CKO_PRIVATE_KEY; | 6054 classType = CKO_PRIVATE_KEY; |
6006 break; | 6055 break; |
6007 case CKM_NSS_JPAKE_FINAL_SHA1: /* fall through */ | 6056 case CKM_NSS_JPAKE_FINAL_SHA1: /* fall through */ |
6008 case CKM_NSS_JPAKE_FINAL_SHA256: /* fall through */ | 6057 case CKM_NSS_JPAKE_FINAL_SHA256: /* fall through */ |
6009 case CKM_NSS_JPAKE_FINAL_SHA384: /* fall through */ | 6058 case CKM_NSS_JPAKE_FINAL_SHA384: /* fall through */ |
(...skipping 27 matching lines...) Expand all Loading... |
6037 if (extractValue) { | 6086 if (extractValue) { |
6038 /* get the value of the base key */ | 6087 /* get the value of the base key */ |
6039 att = sftk_FindAttribute(sourceKey,CKA_VALUE); | 6088 att = sftk_FindAttribute(sourceKey,CKA_VALUE); |
6040 if (att == NULL) { | 6089 if (att == NULL) { |
6041 sftk_FreeObject(key); | 6090 sftk_FreeObject(key); |
6042 sftk_FreeObject(sourceKey); | 6091 sftk_FreeObject(sourceKey); |
6043 return CKR_KEY_HANDLE_INVALID; | 6092 return CKR_KEY_HANDLE_INVALID; |
6044 } | 6093 } |
6045 } | 6094 } |
6046 | 6095 |
6047 switch (pMechanism->mechanism) { | 6096 switch (mechanism) { |
6048 /* | 6097 /* |
6049 * generate the master secret | 6098 * generate the master secret |
6050 */ | 6099 */ |
| 6100 case CKM_TLS12_MASTER_KEY_DERIVE: |
| 6101 case CKM_TLS12_MASTER_KEY_DERIVE_DH: |
6051 case CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256: | 6102 case CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256: |
6052 case CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256: | 6103 case CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256: |
6053 isSHA256 = PR_TRUE; | |
6054 /* fall thru */ | |
6055 case CKM_TLS_MASTER_KEY_DERIVE: | 6104 case CKM_TLS_MASTER_KEY_DERIVE: |
6056 case CKM_TLS_MASTER_KEY_DERIVE_DH: | 6105 case CKM_TLS_MASTER_KEY_DERIVE_DH: |
6057 isTLS = PR_TRUE; | |
6058 /* fall thru */ | |
6059 case CKM_SSL3_MASTER_KEY_DERIVE: | 6106 case CKM_SSL3_MASTER_KEY_DERIVE: |
6060 case CKM_SSL3_MASTER_KEY_DERIVE_DH: | 6107 case CKM_SSL3_MASTER_KEY_DERIVE_DH: |
6061 { | 6108 { |
6062 CK_SSL3_MASTER_KEY_DERIVE_PARAMS *ssl3_master; | 6109 CK_SSL3_MASTER_KEY_DERIVE_PARAMS *ssl3_master; |
6063 SSL3RSAPreMasterSecret * rsa_pms; | 6110 SSL3RSAPreMasterSecret * rsa_pms; |
6064 unsigned char crsrdata[SSL3_RANDOM_LENGTH * 2]; | 6111 unsigned char crsrdata[SSL3_RANDOM_LENGTH * 2]; |
6065 | 6112 |
6066 if ((pMechanism->mechanism == CKM_SSL3_MASTER_KEY_DERIVE_DH) || | 6113 » if ((mechanism == CKM_TLS12_MASTER_KEY_DERIVE) || |
6067 (pMechanism->mechanism == CKM_TLS_MASTER_KEY_DERIVE_DH) || | 6114 » (mechanism == CKM_TLS12_MASTER_KEY_DERIVE_DH)) { |
6068 (pMechanism->mechanism == CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256)) | 6115 » CK_TLS12_MASTER_KEY_DERIVE_PARAMS *tls12_master = |
6069 » » isDH = PR_TRUE; | 6116 » » (CK_TLS12_MASTER_KEY_DERIVE_PARAMS *) pMechanism->pParameter; |
| 6117 » tlsPrfHash = GetHashTypeFromMechanism(tls12_master->prfHashMechanism
); |
| 6118 » if (tlsPrfHash == HASH_AlgNULL) { |
| 6119 » » crv = CKR_MECHANISM_PARAM_INVALID; |
| 6120 » » break; |
| 6121 » } |
| 6122 » } else if ((mechanism == CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256) || |
| 6123 » » (mechanism == CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256)) { |
| 6124 » tlsPrfHash = HASH_AlgSHA256; |
| 6125 » } |
6070 | 6126 |
6071 » /* first do the consistancy checks */ | 6127 » if ((mechanism != CKM_SSL3_MASTER_KEY_DERIVE) && |
| 6128 » (mechanism != CKM_SSL3_MASTER_KEY_DERIVE_DH)) { |
| 6129 » isTLS = PR_TRUE; |
| 6130 » } |
| 6131 » if ((mechanism == CKM_SSL3_MASTER_KEY_DERIVE_DH) || |
| 6132 » (mechanism == CKM_TLS_MASTER_KEY_DERIVE_DH) || |
| 6133 » (mechanism == CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256) || |
| 6134 » (mechanism == CKM_TLS12_MASTER_KEY_DERIVE_DH)) { |
| 6135 » isDH = PR_TRUE; |
| 6136 » } |
| 6137 |
| 6138 » /* first do the consistency checks */ |
6072 if (!isDH && (att->attrib.ulValueLen != SSL3_PMS_LENGTH)) { | 6139 if (!isDH && (att->attrib.ulValueLen != SSL3_PMS_LENGTH)) { |
6073 crv = CKR_KEY_TYPE_INCONSISTENT; | 6140 crv = CKR_KEY_TYPE_INCONSISTENT; |
6074 break; | 6141 break; |
6075 } | 6142 } |
6076 att2 = sftk_FindAttribute(sourceKey,CKA_KEY_TYPE); | 6143 att2 = sftk_FindAttribute(sourceKey,CKA_KEY_TYPE); |
6077 if ((att2 == NULL) || (*(CK_KEY_TYPE *)att2->attrib.pValue != | 6144 if ((att2 == NULL) || (*(CK_KEY_TYPE *)att2->attrib.pValue != |
6078 CKK_GENERIC_SECRET)) { | 6145 CKK_GENERIC_SECRET)) { |
6079 if (att2) sftk_FreeAttribute(att2); | 6146 if (att2) sftk_FreeAttribute(att2); |
6080 crv = CKR_KEY_FUNCTION_NOT_PERMITTED; | 6147 crv = CKR_KEY_FUNCTION_NOT_PERMITTED; |
6081 break; | 6148 break; |
(...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
6126 SECItem master = { siBuffer, NULL, 0 }; | 6193 SECItem master = { siBuffer, NULL, 0 }; |
6127 SECItem pms = { siBuffer, NULL, 0 }; | 6194 SECItem pms = { siBuffer, NULL, 0 }; |
6128 | 6195 |
6129 crsr.data = crsrdata; | 6196 crsr.data = crsrdata; |
6130 crsr.len = sizeof crsrdata; | 6197 crsr.len = sizeof crsrdata; |
6131 master.data = key_block; | 6198 master.data = key_block; |
6132 master.len = SSL3_MASTER_SECRET_LENGTH; | 6199 master.len = SSL3_MASTER_SECRET_LENGTH; |
6133 pms.data = (unsigned char*)att->attrib.pValue; | 6200 pms.data = (unsigned char*)att->attrib.pValue; |
6134 pms.len = att->attrib.ulValueLen; | 6201 pms.len = att->attrib.ulValueLen; |
6135 | 6202 |
6136 » if (isSHA256) { | 6203 » if (tlsPrfHash != HASH_AlgNULL) { |
6137 » » status = TLS_P_hash(HASH_AlgSHA256, &pms, "master secret", | 6204 » » status = TLS_P_hash(tlsPrfHash, &pms, "master secret", |
6138 &crsr, &master, isFIPS); | 6205 &crsr, &master, isFIPS); |
6139 } else { | 6206 } else { |
6140 status = TLS_PRF(&pms, "master secret", &crsr, &master, isFIPS); | 6207 status = TLS_PRF(&pms, "master secret", &crsr, &master, isFIPS); |
6141 } | 6208 } |
6142 if (status != SECSuccess) { | 6209 if (status != SECSuccess) { |
6143 crv = CKR_FUNCTION_FAILED; | 6210 crv = CKR_FUNCTION_FAILED; |
6144 break; | 6211 break; |
6145 } | 6212 } |
6146 } else { | 6213 } else { |
6147 /* now allocate the hash contexts */ | 6214 /* now allocate the hash contexts */ |
(...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
6190 if (crv != CKR_OK) break; | 6257 if (crv != CKR_OK) break; |
6191 crv = sftk_forceAttribute(key,CKA_VERIFY,&cktrue,sizeof(CK_BBOOL)); | 6258 crv = sftk_forceAttribute(key,CKA_VERIFY,&cktrue,sizeof(CK_BBOOL)); |
6192 if (crv != CKR_OK) break; | 6259 if (crv != CKR_OK) break; |
6193 /* While we're here, we might as well force this, too. */ | 6260 /* While we're here, we might as well force this, too. */ |
6194 crv = sftk_forceAttribute(key,CKA_DERIVE,&cktrue,sizeof(CK_BBOOL)); | 6261 crv = sftk_forceAttribute(key,CKA_DERIVE,&cktrue,sizeof(CK_BBOOL)); |
6195 if (crv != CKR_OK) break; | 6262 if (crv != CKR_OK) break; |
6196 } | 6263 } |
6197 break; | 6264 break; |
6198 } | 6265 } |
6199 | 6266 |
| 6267 /* Extended master key derivation [draft-ietf-tls-session-hash] */ |
| 6268 case CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE: |
| 6269 case CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH: |
| 6270 { |
| 6271 CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS *ems_params; |
| 6272 SSL3RSAPreMasterSecret *rsa_pms; |
| 6273 SECStatus status; |
| 6274 SECItem pms = { siBuffer, NULL, 0 }; |
| 6275 SECItem seed = { siBuffer, NULL, 0 }; |
| 6276 SECItem master = { siBuffer, NULL, 0 }; |
| 6277 |
| 6278 ems_params = (CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS*) |
| 6279 pMechanism->pParameter; |
| 6280 |
| 6281 /* First do the consistency checks */ |
| 6282 if ((mechanism == CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE) && |
| 6283 (att->attrib.ulValueLen != SSL3_PMS_LENGTH)) { |
| 6284 crv = CKR_KEY_TYPE_INCONSISTENT; |
| 6285 break; |
| 6286 } |
| 6287 att2 = sftk_FindAttribute(sourceKey,CKA_KEY_TYPE); |
| 6288 if ((att2 == NULL) || |
| 6289 (*(CK_KEY_TYPE *)att2->attrib.pValue != CKK_GENERIC_SECRET)) { |
| 6290 if (att2) sftk_FreeAttribute(att2); |
| 6291 crv = CKR_KEY_FUNCTION_NOT_PERMITTED; |
| 6292 break; |
| 6293 } |
| 6294 sftk_FreeAttribute(att2); |
| 6295 if (keyType != CKK_GENERIC_SECRET) { |
| 6296 crv = CKR_KEY_FUNCTION_NOT_PERMITTED; |
| 6297 break; |
| 6298 } |
| 6299 if ((keySize != 0) && (keySize != SSL3_MASTER_SECRET_LENGTH)) { |
| 6300 crv = CKR_KEY_FUNCTION_NOT_PERMITTED; |
| 6301 break; |
| 6302 } |
| 6303 |
| 6304 /* Do the key derivation */ |
| 6305 pms.data = (unsigned char*) att->attrib.pValue; |
| 6306 pms.len = att->attrib.ulValueLen; |
| 6307 seed.data = ems_params->pSessionHash; |
| 6308 seed.len = ems_params->ulSessionHashLen; |
| 6309 master.data = key_block; |
| 6310 master.len = SSL3_MASTER_SECRET_LENGTH; |
| 6311 if (ems_params-> prfHashMechanism == CKM_TLS_PRF) { |
| 6312 /* |
| 6313 * In this case, the session hash is the concatenation of SHA-1 |
| 6314 * and MD5, so it should be 36 bytes long. |
| 6315 */ |
| 6316 if (seed.len != MD5_LENGTH + SHA1_LENGTH) { |
| 6317 crv = CKR_TEMPLATE_INCONSISTENT; |
| 6318 break; |
| 6319 } |
| 6320 |
| 6321 status = TLS_PRF(&pms, "extended master secret", |
| 6322 &seed, &master, isFIPS); |
| 6323 } else { |
| 6324 const SECHashObject *hashObj; |
| 6325 |
| 6326 tlsPrfHash = GetHashTypeFromMechanism(ems_params->prfHashMechanism); |
| 6327 if (tlsPrfHash == HASH_AlgNULL) { |
| 6328 crv = CKR_MECHANISM_PARAM_INVALID; |
| 6329 break; |
| 6330 } |
| 6331 |
| 6332 hashObj = HASH_GetRawHashObject(tlsPrfHash); |
| 6333 if (seed.len != hashObj->length) { |
| 6334 crv = CKR_TEMPLATE_INCONSISTENT; |
| 6335 break; |
| 6336 } |
| 6337 |
| 6338 status = TLS_P_hash(tlsPrfHash, &pms, "extended master secret", |
| 6339 &seed, &master, isFIPS); |
| 6340 } |
| 6341 if (status != SECSuccess) { |
| 6342 crv = CKR_FUNCTION_FAILED; |
| 6343 break; |
| 6344 } |
| 6345 |
| 6346 /* Reflect the version if required */ |
| 6347 if (ems_params->pVersion) { |
| 6348 SFTKSessionObject *sessKey = sftk_narrowToSessionObject(key); |
| 6349 rsa_pms = (SSL3RSAPreMasterSecret *) att->attrib.pValue; |
| 6350 /* don't leak more key material than necessary for SSL to work */ |
| 6351 if ((sessKey == NULL) || sessKey->wasDerived) { |
| 6352 ems_params->pVersion->major = 0xff; |
| 6353 ems_params->pVersion->minor = 0xff; |
| 6354 } else { |
| 6355 ems_params->pVersion->major = rsa_pms->client_version[0]; |
| 6356 ems_params->pVersion->minor = rsa_pms->client_version[1]; |
| 6357 } |
| 6358 } |
| 6359 |
| 6360 /* Store the results */ |
| 6361 crv = sftk_forceAttribute(key, CKA_VALUE, key_block, |
| 6362 SSL3_MASTER_SECRET_LENGTH); |
| 6363 break; |
| 6364 } |
| 6365 |
| 6366 case CKM_TLS12_KEY_AND_MAC_DERIVE: |
6200 case CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256: | 6367 case CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256: |
6201 isSHA256 = PR_TRUE; | |
6202 /* fall thru */ | |
6203 case CKM_TLS_KEY_AND_MAC_DERIVE: | 6368 case CKM_TLS_KEY_AND_MAC_DERIVE: |
6204 isTLS = PR_TRUE; | |
6205 /* fall thru */ | |
6206 case CKM_SSL3_KEY_AND_MAC_DERIVE: | 6369 case CKM_SSL3_KEY_AND_MAC_DERIVE: |
6207 { | 6370 { |
6208 CK_SSL3_KEY_MAT_PARAMS *ssl3_keys; | 6371 CK_SSL3_KEY_MAT_PARAMS *ssl3_keys; |
6209 CK_SSL3_KEY_MAT_OUT * ssl3_keys_out; | 6372 CK_SSL3_KEY_MAT_OUT * ssl3_keys_out; |
6210 CK_ULONG effKeySize; | 6373 CK_ULONG effKeySize; |
6211 unsigned int block_needed; | 6374 unsigned int block_needed; |
6212 unsigned char srcrdata[SSL3_RANDOM_LENGTH * 2]; | 6375 unsigned char srcrdata[SSL3_RANDOM_LENGTH * 2]; |
6213 unsigned char crsrdata[SSL3_RANDOM_LENGTH * 2]; | 6376 unsigned char crsrdata[SSL3_RANDOM_LENGTH * 2]; |
6214 | 6377 |
| 6378 if (mechanism == CKM_TLS12_KEY_AND_MAC_DERIVE) { |
| 6379 CK_TLS12_KEY_MAT_PARAMS *tls12_keys = |
| 6380 (CK_TLS12_KEY_MAT_PARAMS *) pMechanism->pParameter; |
| 6381 tlsPrfHash = GetHashTypeFromMechanism(tls12_keys->prfHashMechanism); |
| 6382 if (tlsPrfHash == HASH_AlgNULL) { |
| 6383 crv = CKR_MECHANISM_PARAM_INVALID; |
| 6384 break; |
| 6385 } |
| 6386 } else if (mechanism == CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256) { |
| 6387 tlsPrfHash = HASH_AlgSHA256; |
| 6388 } |
| 6389 |
| 6390 if (mechanism != CKM_SSL3_KEY_AND_MAC_DERIVE) { |
| 6391 isTLS = PR_TRUE; |
| 6392 } |
| 6393 |
6215 crv = sftk_DeriveSensitiveCheck(sourceKey,key); | 6394 crv = sftk_DeriveSensitiveCheck(sourceKey,key); |
6216 if (crv != CKR_OK) break; | 6395 if (crv != CKR_OK) break; |
6217 | 6396 |
6218 if (att->attrib.ulValueLen != SSL3_MASTER_SECRET_LENGTH) { | 6397 if (att->attrib.ulValueLen != SSL3_MASTER_SECRET_LENGTH) { |
6219 crv = CKR_KEY_FUNCTION_NOT_PERMITTED; | 6398 crv = CKR_KEY_FUNCTION_NOT_PERMITTED; |
6220 break; | 6399 break; |
6221 } | 6400 } |
6222 att2 = sftk_FindAttribute(sourceKey,CKA_KEY_TYPE); | 6401 att2 = sftk_FindAttribute(sourceKey,CKA_KEY_TYPE); |
6223 if ((att2 == NULL) || (*(CK_KEY_TYPE *)att2->attrib.pValue != | 6402 if ((att2 == NULL) || (*(CK_KEY_TYPE *)att2->attrib.pValue != |
6224 CKK_GENERIC_SECRET)) { | 6403 CKK_GENERIC_SECRET)) { |
(...skipping 59 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
6284 SECItem keyblk = { siBuffer, NULL, 0 }; | 6463 SECItem keyblk = { siBuffer, NULL, 0 }; |
6285 SECItem master = { siBuffer, NULL, 0 }; | 6464 SECItem master = { siBuffer, NULL, 0 }; |
6286 | 6465 |
6287 srcr.data = srcrdata; | 6466 srcr.data = srcrdata; |
6288 srcr.len = sizeof srcrdata; | 6467 srcr.len = sizeof srcrdata; |
6289 keyblk.data = key_block; | 6468 keyblk.data = key_block; |
6290 keyblk.len = block_needed; | 6469 keyblk.len = block_needed; |
6291 master.data = (unsigned char*)att->attrib.pValue; | 6470 master.data = (unsigned char*)att->attrib.pValue; |
6292 master.len = att->attrib.ulValueLen; | 6471 master.len = att->attrib.ulValueLen; |
6293 | 6472 |
6294 » if (isSHA256) { | 6473 » if (tlsPrfHash != HASH_AlgNULL) { |
6295 » » status = TLS_P_hash(HASH_AlgSHA256, &master, "key expansion", | 6474 » » status = TLS_P_hash(tlsPrfHash, &master, "key expansion", |
6296 &srcr, &keyblk, isFIPS); | 6475 &srcr, &keyblk, isFIPS); |
6297 } else { | 6476 } else { |
6298 status = TLS_PRF(&master, "key expansion", &srcr, &keyblk, | 6477 status = TLS_PRF(&master, "key expansion", &srcr, &keyblk, |
6299 isFIPS); | 6478 isFIPS); |
6300 } | 6479 } |
6301 if (status != SECSuccess) { | 6480 if (status != SECSuccess) { |
6302 goto key_and_mac_derive_fail; | 6481 goto key_and_mac_derive_fail; |
6303 } | 6482 } |
6304 } else { | 6483 } else { |
6305 unsigned int block_bytes = 0; | 6484 unsigned int block_bytes = 0; |
(...skipping 543 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
6849 | 7028 |
6850 #ifndef NSS_DISABLE_ECC | 7029 #ifndef NSS_DISABLE_ECC |
6851 case CKM_ECDH1_DERIVE: | 7030 case CKM_ECDH1_DERIVE: |
6852 case CKM_ECDH1_COFACTOR_DERIVE: | 7031 case CKM_ECDH1_COFACTOR_DERIVE: |
6853 { | 7032 { |
6854 SECItem ecScalar, ecPoint; | 7033 SECItem ecScalar, ecPoint; |
6855 SECItem tmp; | 7034 SECItem tmp; |
6856 PRBool withCofactor = PR_FALSE; | 7035 PRBool withCofactor = PR_FALSE; |
6857 unsigned char *secret; | 7036 unsigned char *secret; |
6858 unsigned char *keyData = NULL; | 7037 unsigned char *keyData = NULL; |
6859 » int secretlen, curveLen, pubKeyLen; | 7038 » unsigned int secretlen, curveLen, pubKeyLen; |
6860 CK_ECDH1_DERIVE_PARAMS *mechParams; | 7039 CK_ECDH1_DERIVE_PARAMS *mechParams; |
6861 NSSLOWKEYPrivateKey *privKey; | 7040 NSSLOWKEYPrivateKey *privKey; |
6862 PLArenaPool *arena = NULL; | 7041 PLArenaPool *arena = NULL; |
6863 | 7042 |
6864 /* Check mechanism parameters */ | 7043 /* Check mechanism parameters */ |
6865 mechParams = (CK_ECDH1_DERIVE_PARAMS *) pMechanism->pParameter; | 7044 mechParams = (CK_ECDH1_DERIVE_PARAMS *) pMechanism->pParameter; |
6866 if ((pMechanism->ulParameterLen != sizeof(CK_ECDH1_DERIVE_PARAMS)) || | 7045 if ((pMechanism->ulParameterLen != sizeof(CK_ECDH1_DERIVE_PARAMS)) || |
6867 ((mechParams->kdf == CKD_NULL) && | 7046 ((mechParams->kdf == CKD_NULL) && |
6868 ((mechParams->ulSharedDataLen != 0) || | 7047 ((mechParams->ulSharedDataLen != 0) || |
6869 (mechParams->pSharedData != NULL)))) { | 7048 (mechParams->pSharedData != NULL)))) { |
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
6901 | 7080 |
6902 rv = SEC_QuickDERDecodeItem(arena, &newPoint, | 7081 rv = SEC_QuickDERDecodeItem(arena, &newPoint, |
6903 SEC_ASN1_GET(SEC_OctetStringTemplate), | 7082 SEC_ASN1_GET(SEC_OctetStringTemplate), |
6904 &ecPoint); | 7083 &ecPoint); |
6905 if (rv != SECSuccess) { | 7084 if (rv != SECSuccess) { |
6906 goto ec_loser; | 7085 goto ec_loser; |
6907 } | 7086 } |
6908 ecPoint = newPoint; | 7087 ecPoint = newPoint; |
6909 } | 7088 } |
6910 | 7089 |
6911 » if (pMechanism->mechanism == CKM_ECDH1_COFACTOR_DERIVE) { | 7090 » if (mechanism == CKM_ECDH1_COFACTOR_DERIVE) { |
6912 withCofactor = PR_TRUE; | 7091 withCofactor = PR_TRUE; |
6913 } else { | 7092 } else { |
6914 /* When not using cofactor derivation, one should | 7093 /* When not using cofactor derivation, one should |
6915 * validate the public key to avoid small subgroup | 7094 * validate the public key to avoid small subgroup |
6916 * attacks. | 7095 * attacks. |
6917 */ | 7096 */ |
6918 if (EC_ValidatePublicKey(&privKey->u.ec.ecParams, &ecPoint) | 7097 if (EC_ValidatePublicKey(&privKey->u.ec.ecParams, &ecPoint) |
6919 != SECSuccess) { | 7098 != SECSuccess) { |
6920 goto ec_loser; | 7099 goto ec_loser; |
6921 } | 7100 } |
(...skipping 495 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
7417 att = sftk_FindAttribute(key,CKA_VALUE); | 7596 att = sftk_FindAttribute(key,CKA_VALUE); |
7418 sftk_FreeObject(key); | 7597 sftk_FreeObject(key); |
7419 if (!att) { | 7598 if (!att) { |
7420 return CKR_KEY_HANDLE_INVALID; | 7599 return CKR_KEY_HANDLE_INVALID; |
7421 } | 7600 } |
7422 crv = NSC_DigestUpdate(hSession,(CK_BYTE_PTR)att->attrib.pValue, | 7601 crv = NSC_DigestUpdate(hSession,(CK_BYTE_PTR)att->attrib.pValue, |
7423 att->attrib.ulValueLen); | 7602 att->attrib.ulValueLen); |
7424 sftk_FreeAttribute(att); | 7603 sftk_FreeAttribute(att); |
7425 return crv; | 7604 return crv; |
7426 } | 7605 } |
OLD | NEW |