| OLD | NEW |
|---|
| 1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
| 2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
| 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| 4 | 4 |
| 5 #include "plarena.h" | 5 #include "plarena.h" |
| 6 | 6 |
| 7 #include "seccomon.h" | 7 #include "seccomon.h" |
| 8 #include "secitem.h" | 8 #include "secitem.h" |
| 9 #include "secport.h" | 9 #include "secport.h" |
| 10 #include "hasht.h" | 10 #include "hasht.h" |
| (...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 46 | 46 |
| 47 | 47 |
| 48 /* PKCS5 v2 */ | 48 /* PKCS5 v2 */ |
| 49 | 49 |
| 50 struct nsspkcs5V2PBEParameterStr { | 50 struct nsspkcs5V2PBEParameterStr { |
| 51 SECAlgorithmID keyParams; /* parameters of the key generation */ | 51 SECAlgorithmID keyParams; /* parameters of the key generation */ |
| 52 SECAlgorithmID algParams; /* parameters for the encryption or mac op */ | 52 SECAlgorithmID algParams; /* parameters for the encryption or mac op */ |
| 53 }; | 53 }; |
| 54 | 54 |
| 55 typedef struct nsspkcs5V2PBEParameterStr nsspkcs5V2PBEParameter; | 55 typedef struct nsspkcs5V2PBEParameterStr nsspkcs5V2PBEParameter; |
| 56 #define PBKDF2 | |
| 57 | 56 |
| 58 #ifdef PBKDF2 | |
| 59 static const SEC_ASN1Template NSSPKCS5V2PBES2ParameterTemplate[] = | 57 static const SEC_ASN1Template NSSPKCS5V2PBES2ParameterTemplate[] = |
| 60 { | 58 { |
| 61 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(nsspkcs5V2PBEParameter) }, | 59 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(nsspkcs5V2PBEParameter) }, |
| 62 { SEC_ASN1_INLINE | SEC_ASN1_XTRN, | 60 { SEC_ASN1_INLINE | SEC_ASN1_XTRN, |
| 63 offsetof(nsspkcs5V2PBEParameter, keyParams), | 61 offsetof(nsspkcs5V2PBEParameter, keyParams), |
| 64 SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, | 62 SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, |
| 65 { SEC_ASN1_INLINE | SEC_ASN1_XTRN, | 63 { SEC_ASN1_INLINE | SEC_ASN1_XTRN, |
| 66 offsetof(nsspkcs5V2PBEParameter, algParams), | 64 offsetof(nsspkcs5V2PBEParameter, algParams), |
| 67 SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, | 65 SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, |
| 68 { 0 } | 66 { 0 } |
| 69 }; | 67 }; |
| 70 | 68 |
| 71 static const SEC_ASN1Template NSSPKCS5V2PBEParameterTemplate[] = | 69 static const SEC_ASN1Template NSSPKCS5V2PBEParameterTemplate[] = |
| 72 { | 70 { |
| 73 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSSPKCS5PBEParameter) }, | 71 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSSPKCS5PBEParameter) }, |
| 74 /* this is really a choice, but since we don't understand any other | 72 /* this is really a choice, but since we don't understand any other |
| 75 *choice, just inline it. */ | 73 *choice, just inline it. */ |
| 76 { SEC_ASN1_OCTET_STRING, offsetof(NSSPKCS5PBEParameter, salt) }, | 74 { SEC_ASN1_OCTET_STRING, offsetof(NSSPKCS5PBEParameter, salt) }, |
| 77 { SEC_ASN1_INTEGER, offsetof(NSSPKCS5PBEParameter, iteration) }, | 75 { SEC_ASN1_INTEGER, offsetof(NSSPKCS5PBEParameter, iteration) }, |
| 78 { SEC_ASN1_INTEGER, offsetof(NSSPKCS5PBEParameter, keyLength) }, | 76 { SEC_ASN1_INTEGER, offsetof(NSSPKCS5PBEParameter, keyLength) }, |
| 79 { SEC_ASN1_INLINE | SEC_ASN1_XTRN, | 77 { SEC_ASN1_INLINE | SEC_ASN1_XTRN, |
| 80 offsetof(NSSPKCS5PBEParameter, prfAlg), | 78 offsetof(NSSPKCS5PBEParameter, prfAlg), |
| 81 SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, | 79 SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, |
| 82 { 0 } | 80 { 0 } |
| 83 }; | 81 }; |
| 84 #endif | |
| 85 | 82 |
| 86 SECStatus | 83 SECStatus |
| 87 nsspkcs5_HashBuf(const SECHashObject *hashObj, unsigned char *dest, | 84 nsspkcs5_HashBuf(const SECHashObject *hashObj, unsigned char *dest, |
| 88 unsigned char *src, int len) | 85 unsigned char *src, int len) |
| 89 { | 86 { |
| 90 void *ctx; | 87 void *ctx; |
| 91 unsigned int retLen; | 88 unsigned int retLen; |
| 92 | 89 |
| 93 ctx = hashObj->create(); | 90 ctx = hashObj->create(); |
| 94 if(ctx == NULL) { | 91 if(ctx == NULL) { |
| (...skipping 199 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 294 if(bytes_needed <= bytes_available) { | 291 if(bytes_needed <= bytes_available) { |
| 295 return hash; | 292 return hash; |
| 296 } | 293 } |
| 297 | 294 |
| 298 newHash = nsspkcs5_PFXPBE(hashObj, pbe_param, hash, bytes_needed); | 295 newHash = nsspkcs5_PFXPBE(hashObj, pbe_param, hash, bytes_needed); |
| 299 if (hash != newHash) | 296 if (hash != newHash) |
| 300 SECITEM_FreeItem(hash, PR_TRUE); | 297 SECITEM_FreeItem(hash, PR_TRUE); |
| 301 return newHash; | 298 return newHash; |
| 302 } | 299 } |
| 303 | 300 |
| 304 #ifdef PBKDF2 | |
| 305 | |
| 306 /* | 301 /* |
| 307 * PBDKDF2 is PKCS #5 v2.0 it's currently not used by NSS | 302 * PBDKDF2 is PKCS #5 v2.0 it's currently not used by NSS |
| 308 */ | 303 */ |
| 309 static void | 304 static void |
| 310 do_xor(unsigned char *dest, unsigned char *src, int len) | 305 do_xor(unsigned char *dest, unsigned char *src, int len) |
| 311 { | 306 { |
| 312 /* use byt xor, not all platforms are happy about inaligned | 307 /* use byt xor, not all platforms are happy about inaligned |
| 313 * integer fetches */ | 308 * integer fetches */ |
| 314 while (len--) { | 309 while (len--) { |
| 315 *dest = *dest ^ *src; | 310 *dest = *dest ^ *src; |
| (...skipping 90 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 406 } | 401 } |
| 407 if (rv != SECSuccess) { | 402 if (rv != SECSuccess) { |
| 408 SECITEM_FreeItem(result,PR_TRUE); | 403 SECITEM_FreeItem(result,PR_TRUE); |
| 409 result = NULL; | 404 result = NULL; |
| 410 } else { | 405 } else { |
| 411 result->len = dkLen; | 406 result->len = dkLen; |
| 412 } | 407 } |
| 413 | 408 |
| 414 return result; | 409 return result; |
| 415 } | 410 } |
| 416 #endif | |
| 417 | 411 |
| 418 #define HMAC_BUFFER 64 | 412 #define HMAC_BUFFER 64 |
| 419 #define NSSPBE_ROUNDUP(x,y) ((((x)+((y)-1))/(y))*(y)) | 413 #define NSSPBE_ROUNDUP(x,y) ((((x)+((y)-1))/(y))*(y)) |
| 420 #define NSSPBE_MIN(x,y) ((x) < (y) ? (x) : (y)) | 414 #define NSSPBE_MIN(x,y) ((x) < (y) ? (x) : (y)) |
| 421 /* | 415 /* |
| 422 * This is the extended PBE function defined by the final PKCS #12 spec. | 416 * This is the extended PBE function defined by the final PKCS #12 spec. |
| 423 */ | 417 */ |
| 424 static SECItem * | 418 static SECItem * |
| 425 nsspkcs5_PKCS12PBE(const SECHashObject *hashObject, | 419 nsspkcs5_PKCS12PBE(const SECHashObject *hashObject, |
| 426 NSSPKCS5PBEParameter *pbe_param, SECItem *pwitem, | 420 NSSPKCS5PBEParameter *pbe_param, SECItem *pwitem, |
| (...skipping 166 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 593 hash = nsspkcs5_PBKDF1Extended(hashObj,pbe_param,pwitem,faulty3DES); | 587 hash = nsspkcs5_PBKDF1Extended(hashObj,pbe_param,pwitem,faulty3DES); |
| 594 if (hash == NULL) { | 588 if (hash == NULL) { |
| 595 goto loser; | 589 goto loser; |
| 596 } | 590 } |
| 597 PORT_Assert(hash->len >= key->len+(getIV ? iv->len : 0)); | 591 PORT_Assert(hash->len >= key->len+(getIV ? iv->len : 0)); |
| 598 if (getIV) { | 592 if (getIV) { |
| 599 PORT_Memcpy(iv->data, hash->data+(hash->len - iv->len),iv->len); | 593 PORT_Memcpy(iv->data, hash->data+(hash->len - iv->len),iv->len); |
| 600 } | 594 } |
| 601 | 595 |
| 602 break; | 596 break; |
| 603 #ifdef PBKDF2 | |
| 604 case NSSPKCS5_PBKDF2: | 597 case NSSPKCS5_PBKDF2: |
| 605 hash = nsspkcs5_PBKDF2(hashObj,pbe_param,pwitem); | 598 hash = nsspkcs5_PBKDF2(hashObj,pbe_param,pwitem); |
| 606 if (getIV) { | 599 if (getIV) { |
| 607 PORT_Memcpy(iv->data, pbe_param->ivData, iv->len); | 600 PORT_Memcpy(iv->data, pbe_param->ivData, iv->len); |
| 608 } | 601 } |
| 609 break; | 602 break; |
| 610 #endif | |
| 611 case NSSPKCS5_PKCS12_V2: | 603 case NSSPKCS5_PKCS12_V2: |
| 612 if (getIV) { | 604 if (getIV) { |
| 613 hash = nsspkcs5_PKCS12PBE(hashObj,pbe_param,pwitem, | 605 hash = nsspkcs5_PKCS12PBE(hashObj,pbe_param,pwitem, |
| 614 pbeBitGenCipherIV,iv->len); | 606 pbeBitGenCipherIV,iv->len); |
| 615 if (hash == NULL) { | 607 if (hash == NULL) { |
| 616 goto loser; | 608 goto loser; |
| 617 } | 609 } |
| 618 PORT_Memcpy(iv->data,hash->data,iv->len); | 610 PORT_Memcpy(iv->data,hash->data,iv->len); |
| 619 SECITEM_ZfreeItem(hash,PR_TRUE); | 611 SECITEM_ZfreeItem(hash,PR_TRUE); |
| 620 hash = NULL; | 612 hash = NULL; |
| (...skipping 23 matching lines...) Expand all Loading... |
| 644 if (getIV && iv->data) { | 636 if (getIV && iv->data) { |
| 645 PORT_ZFree(iv->data,iv->len); | 637 PORT_ZFree(iv->data,iv->len); |
| 646 iv->data = NULL; | 638 iv->data = NULL; |
| 647 } | 639 } |
| 648 | 640 |
| 649 SECITEM_ZfreeItem(key, PR_TRUE); | 641 SECITEM_ZfreeItem(key, PR_TRUE); |
| 650 return NULL; | 642 return NULL; |
| 651 } | 643 } |
| 652 | 644 |
| 653 static SECStatus | 645 static SECStatus |
| 654 nsspkcs5_FillInParam(SECOidTag algorithm, NSSPKCS5PBEParameter *pbe_param) | 646 nsspkcs5_FillInParam(SECOidTag algorithm, HASH_HashType hashType, |
| 647 NSSPKCS5PBEParameter *pbe_param) |
| 655 { | 648 { |
| 656 PRBool skipType = PR_FALSE; | 649 PRBool skipType = PR_FALSE; |
| 657 | 650 |
| 658 pbe_param->keyLen = 5; | 651 pbe_param->keyLen = 5; |
| 659 pbe_param->ivLen = 8; | 652 pbe_param->ivLen = 8; |
| 660 pbe_param->hashType = HASH_AlgSHA1; | 653 pbe_param->hashType = hashType; |
| 661 pbe_param->pbeType = NSSPKCS5_PBKDF1; | 654 pbe_param->pbeType = NSSPKCS5_PBKDF1; |
| 662 pbe_param->encAlg = SEC_OID_RC2_CBC; | 655 pbe_param->encAlg = SEC_OID_RC2_CBC; |
| 663 pbe_param->is2KeyDES = PR_FALSE; | 656 pbe_param->is2KeyDES = PR_FALSE; |
| 664 switch(algorithm) { | 657 switch(algorithm) { |
| 665 /* DES3 Algorithms */ | 658 /* DES3 Algorithms */ |
| 666 case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_2KEY_TRIPLE_DES_CBC: | 659 case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_2KEY_TRIPLE_DES_CBC: |
| 667 pbe_param->is2KeyDES = PR_TRUE; | 660 pbe_param->is2KeyDES = PR_TRUE; |
| 668 /* fall through */ | 661 /* fall through */ |
| 669 case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC: | 662 case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC: |
| 670 pbe_param->pbeType = NSSPKCS5_PKCS12_V2; | 663 pbe_param->pbeType = NSSPKCS5_PKCS12_V2; |
| (...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 710 case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4: | 703 case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4: |
| 711 if (!skipType) { | 704 if (!skipType) { |
| 712 pbe_param->pbeType = NSSPKCS5_PKCS12_V2; | 705 pbe_param->pbeType = NSSPKCS5_PKCS12_V2; |
| 713 } | 706 } |
| 714 /* fall through */ | 707 /* fall through */ |
| 715 case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC4: | 708 case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC4: |
| 716 pbe_param->ivLen = 0; | 709 pbe_param->ivLen = 0; |
| 717 pbe_param->encAlg = SEC_OID_RC4; | 710 pbe_param->encAlg = SEC_OID_RC4; |
| 718 break; | 711 break; |
| 719 | 712 |
| 720 #ifdef PBKDF2 | |
| 721 case SEC_OID_PKCS5_PBKDF2: | 713 case SEC_OID_PKCS5_PBKDF2: |
| 722 case SEC_OID_PKCS5_PBES2: | 714 case SEC_OID_PKCS5_PBES2: |
| 723 case SEC_OID_PKCS5_PBMAC1: | 715 case SEC_OID_PKCS5_PBMAC1: |
| 724 /* everything else will be filled in by the template */ | 716 /* everything else will be filled in by the template */ |
| 725 pbe_param->ivLen = 0; | 717 pbe_param->ivLen = 0; |
| 726 pbe_param->pbeType = NSSPKCS5_PBKDF2; | 718 pbe_param->pbeType = NSSPKCS5_PBKDF2; |
| 727 pbe_param->encAlg = SEC_OID_PKCS5_PBKDF2; | 719 pbe_param->encAlg = SEC_OID_PKCS5_PBKDF2; |
| 728 pbe_param->keyLen = 0; /* needs to be set by caller after return */ | 720 pbe_param->keyLen = 0; /* needs to be set by caller after return */ |
| 729 break; | 721 break; |
| 730 #endif | |
| 731 | 722 |
| 732 default: | 723 default: |
| 733 return SECFailure; | 724 return SECFailure; |
| 734 } | 725 } |
| 735 | 726 |
| 736 return SECSuccess; | 727 return SECSuccess; |
| 737 } | 728 } |
| 738 | 729 |
| 739 /* decode the algid and generate a PKCS 5 parameter from it | 730 /* decode the algid and generate a PKCS 5 parameter from it |
| 740 */ | 731 */ |
| 741 NSSPKCS5PBEParameter * | 732 NSSPKCS5PBEParameter * |
| 742 nsspkcs5_NewParam(SECOidTag alg, SECItem *salt, int iterator) | 733 nsspkcs5_NewParam(SECOidTag alg, HASH_HashType hashType, SECItem *salt, |
| 734 int iterationCount) |
| 743 { | 735 { |
| 744 PLArenaPool *arena = NULL; | 736 PLArenaPool *arena = NULL; |
| 745 NSSPKCS5PBEParameter *pbe_param = NULL; | 737 NSSPKCS5PBEParameter *pbe_param = NULL; |
| 746 SECStatus rv = SECFailure; | 738 SECStatus rv = SECFailure; |
| 747 | 739 |
| 748 arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE); | 740 arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE); |
| 749 if (arena == NULL) | 741 if (arena == NULL) |
| 750 return NULL; | 742 return NULL; |
| 751 | 743 |
| 752 /* allocate memory for the parameter */ | 744 /* allocate memory for the parameter */ |
| 753 pbe_param = (NSSPKCS5PBEParameter *)PORT_ArenaZAlloc(arena, | 745 pbe_param = (NSSPKCS5PBEParameter *)PORT_ArenaZAlloc(arena, |
| 754 sizeof(NSSPKCS5PBEParameter)); | 746 sizeof(NSSPKCS5PBEParameter)); |
| 755 | 747 |
| 756 if (pbe_param == NULL) { | 748 if (pbe_param == NULL) { |
| 757 goto loser; | 749 goto loser; |
| 758 } | 750 } |
| 759 | 751 |
| 760 pbe_param->poolp = arena; | 752 pbe_param->poolp = arena; |
| 761 | 753 |
| 762 rv = nsspkcs5_FillInParam(alg, pbe_param); | 754 rv = nsspkcs5_FillInParam(alg, hashType, pbe_param); |
| 763 if (rv != SECSuccess) { | 755 if (rv != SECSuccess) { |
| 764 goto loser; | 756 goto loser; |
| 765 } | 757 } |
| 766 | 758 |
| 767 pbe_param->iter = iterator; | 759 pbe_param->iter = iterationCount; |
| 768 if (salt) { | 760 if (salt) { |
| 769 rv = SECITEM_CopyItem(arena,&pbe_param->salt,salt); | 761 rv = SECITEM_CopyItem(arena,&pbe_param->salt,salt); |
| 770 } | 762 } |
| 771 | 763 |
| 772 /* default key gen */ | 764 /* default key gen */ |
| 773 pbe_param->keyID = pbeBitGenCipherKey; | 765 pbe_param->keyID = pbeBitGenCipherKey; |
| 774 | 766 |
| 775 loser: | 767 loser: |
| 776 if (rv != SECSuccess) { | 768 if (rv != SECSuccess) { |
| 777 PORT_FreeArena(arena, PR_TRUE); | 769 PORT_FreeArena(arena, PR_TRUE); |
| (...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 816 | 808 |
| 817 if (algid == NULL) { | 809 if (algid == NULL) { |
| 818 return NULL; | 810 return NULL; |
| 819 } | 811 } |
| 820 | 812 |
| 821 algorithm = SECOID_GetAlgorithmTag(algid); | 813 algorithm = SECOID_GetAlgorithmTag(algid); |
| 822 if (algorithm == SEC_OID_UNKNOWN) { | 814 if (algorithm == SEC_OID_UNKNOWN) { |
| 823 goto loser; | 815 goto loser; |
| 824 } | 816 } |
| 825 | 817 |
| 826 pbe_param = nsspkcs5_NewParam(algorithm, NULL, 1); | 818 pbe_param = nsspkcs5_NewParam(algorithm, HASH_AlgSHA1, NULL, 1); |
| 827 if (pbe_param == NULL) { | 819 if (pbe_param == NULL) { |
| 828 goto loser; | 820 goto loser; |
| 829 } | 821 } |
| 830 | 822 |
| 831 /* decode parameter */ | 823 /* decode parameter */ |
| 832 rv = SECFailure; | 824 rv = SECFailure; |
| 833 switch (pbe_param->pbeType) { | 825 switch (pbe_param->pbeType) { |
| 834 case NSSPKCS5_PBKDF1: | 826 case NSSPKCS5_PBKDF1: |
| 835 rv = SEC_ASN1DecodeItem(pbe_param->poolp, pbe_param, | 827 rv = SEC_ASN1DecodeItem(pbe_param->poolp, pbe_param, |
| 836 NSSPKCS5PBEParameterTemplate, &algid->parameters); | 828 NSSPKCS5PBEParameterTemplate, &algid->parameters); |
| 837 break; | 829 break; |
| 838 case NSSPKCS5_PKCS12_V2: | 830 case NSSPKCS5_PKCS12_V2: |
| 839 rv = SEC_ASN1DecodeItem(pbe_param->poolp, pbe_param, | 831 rv = SEC_ASN1DecodeItem(pbe_param->poolp, pbe_param, |
| 840 NSSPKCS5PKCS12V2PBEParameterTemplate, &algid->parameters); | 832 NSSPKCS5PKCS12V2PBEParameterTemplate, &algid->parameters); |
| 841 break; | 833 break; |
| 842 #ifdef PBKDF2 | |
| 843 case NSSPKCS5_PBKDF2: | 834 case NSSPKCS5_PBKDF2: |
| 844 PORT_Memset(&pbev2_param,0, sizeof(pbev2_param)); | 835 PORT_Memset(&pbev2_param,0, sizeof(pbev2_param)); |
| 845 /* just the PBE */ | 836 /* just the PBE */ |
| 846 if (algorithm == SEC_OID_PKCS5_PBKDF2) { | 837 if (algorithm == SEC_OID_PKCS5_PBKDF2) { |
| 847 rv = SEC_ASN1DecodeItem(pbe_param->poolp, pbe_param, | 838 rv = SEC_ASN1DecodeItem(pbe_param->poolp, pbe_param, |
| 848 NSSPKCS5V2PBEParameterTemplate, &algid->parameters); | 839 NSSPKCS5V2PBEParameterTemplate, &algid->parameters); |
| 849 } else { | 840 } else { |
| 850 /* PBE data an others */ | 841 /* PBE data an others */ |
| 851 rv = SEC_ASN1DecodeItem(pbe_param->poolp, &pbev2_param, | 842 rv = SEC_ASN1DecodeItem(pbe_param->poolp, &pbev2_param, |
| 852 NSSPKCS5V2PBES2ParameterTemplate, &algid->parameters); | 843 NSSPKCS5V2PBES2ParameterTemplate, &algid->parameters); |
| (...skipping 14 matching lines...) Expand all Loading... |
| 867 pbe_param->ivLen = pbev2_param.algParams.parameters.len; | 858 pbe_param->ivLen = pbev2_param.algParams.parameters.len; |
| 868 pbe_param->ivData = pbev2_param.algParams.parameters.data; | 859 pbe_param->ivData = pbev2_param.algParams.parameters.data; |
| 869 } | 860 } |
| 870 pbe_param->hashType = | 861 pbe_param->hashType = |
| 871 HASH_FromHMACOid(SECOID_GetAlgorithmTag(&pbe_param->prfAlg)); | 862 HASH_FromHMACOid(SECOID_GetAlgorithmTag(&pbe_param->prfAlg)); |
| 872 if (pbe_param->hashType == HASH_AlgNULL) { | 863 if (pbe_param->hashType == HASH_AlgNULL) { |
| 873 PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); | 864 PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); |
| 874 rv = SECFailure; | 865 rv = SECFailure; |
| 875 } | 866 } |
| 876 break; | 867 break; |
| 877 #endif | |
| 878 } | 868 } |
| 879 | 869 |
| 880 loser: | 870 loser: |
| 881 if (rv == SECSuccess) { | 871 if (rv == SECSuccess) { |
| 882 pbe_param->iter = DER_GetInteger(&pbe_param->iteration); | 872 pbe_param->iter = DER_GetInteger(&pbe_param->iteration); |
| 883 } else { | 873 } else { |
| 884 nsspkcs5_DestroyPBEParameter(pbe_param); | 874 nsspkcs5_DestroyPBEParameter(pbe_param); |
| 885 pbe_param = NULL; | 875 pbe_param = NULL; |
| 886 } | 876 } |
| 887 | 877 |
| (...skipping 421 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1309 } | 1299 } |
| 1310 switch (pbe_param->pbeType) { | 1300 switch (pbe_param->pbeType) { |
| 1311 case NSSPKCS5_PBKDF1: | 1301 case NSSPKCS5_PBKDF1: |
| 1312 dummy = SEC_ASN1EncodeItem(arena, &der_param, pbe_param, | 1302 dummy = SEC_ASN1EncodeItem(arena, &der_param, pbe_param, |
| 1313 NSSPKCS5PBEParameterTemplate); | 1303 NSSPKCS5PBEParameterTemplate); |
| 1314 break; | 1304 break; |
| 1315 case NSSPKCS5_PKCS12_V2: | 1305 case NSSPKCS5_PKCS12_V2: |
| 1316 dummy = SEC_ASN1EncodeItem(arena, &der_param, pbe_param, | 1306 dummy = SEC_ASN1EncodeItem(arena, &der_param, pbe_param, |
| 1317 NSSPKCS5PKCS12V2PBEParameterTemplate); | 1307 NSSPKCS5PKCS12V2PBEParameterTemplate); |
| 1318 break; | 1308 break; |
| 1319 #ifdef PBKDF2 | |
| 1320 case NSSPKCS5_PBKDF2: | 1309 case NSSPKCS5_PBKDF2: |
| 1321 if (pbe_param->keyLength.data == NULL) { | 1310 if (pbe_param->keyLength.data == NULL) { |
| 1322 dummy = SEC_ASN1EncodeInteger(pbe_param->poolp, | 1311 dummy = SEC_ASN1EncodeInteger(pbe_param->poolp, |
| 1323 &pbe_param->keyLength, pbe_param->keyLen); | 1312 &pbe_param->keyLength, pbe_param->keyLen); |
| 1324 if (dummy == NULL) { | 1313 if (dummy == NULL) { |
| 1325 goto loser; | 1314 goto loser; |
| 1326 } | 1315 } |
| 1327 } | 1316 } |
| 1328 PORT_Memset(&pkcs5v2_param, 0, sizeof(pkcs5v2_param)); | 1317 PORT_Memset(&pkcs5v2_param, 0, sizeof(pkcs5v2_param)); |
| 1329 dummy = SEC_ASN1EncodeItem(arena, &der_param, pbe_param, | 1318 dummy = SEC_ASN1EncodeItem(arena, &der_param, pbe_param, |
| (...skipping 10 matching lines...) Expand all Loading... |
| 1340 der_param.data = pbe_param->ivData; | 1329 der_param.data = pbe_param->ivData; |
| 1341 der_param.len = pbe_param->ivLen; | 1330 der_param.len = pbe_param->ivLen; |
| 1342 rv = SECOID_SetAlgorithmID(arena, &pkcs5v2_param.algParams, | 1331 rv = SECOID_SetAlgorithmID(arena, &pkcs5v2_param.algParams, |
| 1343 pbe_param->encAlg, pbe_param->ivLen ? &der_param : NULL); | 1332 pbe_param->encAlg, pbe_param->ivLen ? &der_param : NULL); |
| 1344 if (rv != SECSuccess) { | 1333 if (rv != SECSuccess) { |
| 1345 break; | 1334 break; |
| 1346 } | 1335 } |
| 1347 dummy = SEC_ASN1EncodeItem(arena, &der_param, &pkcs5v2_param, | 1336 dummy = SEC_ASN1EncodeItem(arena, &der_param, &pkcs5v2_param, |
| 1348 NSSPKCS5V2PBES2ParameterTemplate); | 1337 NSSPKCS5V2PBES2ParameterTemplate); |
| 1349 break; | 1338 break; |
| 1350 #endif | |
| 1351 default: | 1339 default: |
| 1352 break; | 1340 break; |
| 1353 } | 1341 } |
| 1354 | 1342 |
| 1355 if (dummy == NULL) { | 1343 if (dummy == NULL) { |
| 1356 goto loser; | 1344 goto loser; |
| 1357 } | 1345 } |
| 1358 | 1346 |
| 1359 rv = SECOID_SetAlgorithmID(arena, algid, algorithm, &der_param); | 1347 rv = SECOID_SetAlgorithmID(arena, algid, algorithm, &der_param); |
| 1360 if (rv != SECSuccess) { | 1348 if (rv != SECSuccess) { |
| 1361 goto loser; | 1349 goto loser; |
| 1362 } | 1350 } |
| 1363 | 1351 |
| 1364 ret_algid = (SECAlgorithmID *)PORT_ZAlloc(sizeof(SECAlgorithmID)); | 1352 ret_algid = (SECAlgorithmID *)PORT_ZAlloc(sizeof(SECAlgorithmID)); |
| 1365 if (ret_algid == NULL) { | 1353 if (ret_algid == NULL) { |
| 1366 goto loser; | 1354 goto loser; |
| 1367 } | 1355 } |
| 1368 | 1356 |
| 1369 rv = SECOID_CopyAlgorithmID(NULL, ret_algid, algid); | 1357 rv = SECOID_CopyAlgorithmID(NULL, ret_algid, algid); |
| 1370 if (rv != SECSuccess) { | 1358 if (rv != SECSuccess) { |
| 1371 SECOID_DestroyAlgorithmID(ret_algid, PR_TRUE); | 1359 SECOID_DestroyAlgorithmID(ret_algid, PR_TRUE); |
| 1372 ret_algid = NULL; | 1360 ret_algid = NULL; |
| 1373 } | 1361 } |
| 1374 | 1362 |
| 1375 loser: | 1363 loser: |
| 1376 | 1364 |
| 1377 return ret_algid; | 1365 return ret_algid; |
| 1378 } | 1366 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1843333003:
Update NSPR to 4.12 and NSS to 3.23 on iOS (Closed)
Base URL: https://chromium.googlesource.com/chromium/deps/nss.git@master