Update NSPR to 4.12 and NSS to 3.23 on iOS

nss/lib/softoken/pkcs11c.c

 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 /*
  * This file implements PKCS 11 on top of our existing security modules
  *
  * For more information about PKCS 11 See PKCS 11 Token Inteface Standard.
  *   This implementation has two slots:
  *      slot 1 is our generic crypto support. It does not require login.
  *   It supports Public Key ops, and all they bulk ciphers and hashes. 
@@ skipping 18 matching lines @@
 #include "secdig.h"
 #include "lowpbe.h"     /* We do PBE below */
 #include "pkcs11t.h"
 #include "secoid.h"
 #include "alghmac.h"
 #include "softoken.h"
 #include "secasn1.h"
 #include "secerr.h"
 
 #include "prprf.h"
+#include "prenv.h"
 
 #define __PASTE(x,y)    x##y
 
 /*
  * we renamed all our internal functions, get the correct
  * definitions for them...
  */ 
 #undef CK_PKCS11_FUNCTION_INFO
 #undef CK_NEED_ARG_LIST
 
@@ skipping 610 matching lines @@
                          info->params->ulSourceDataLen,
                          output, outputLen, maxLen, input, inputLen);
      if (rv != SECSuccess && PORT_GetError() == SEC_ERROR_LIBRARY_FAILURE) {
         sftk_fatalError = PR_TRUE;
     }
     return rv;
 }
 
 static SFTKChaCha20Poly1305Info *
 sftk_ChaCha20Poly1305_CreateContext(const unsigned char *key,
-                                    unsigned int keyLen,
-                                    const CK_NSS_AEAD_PARAMS* params)
+                                    unsigned int keyLen,
+                                    const CK_NSS_AEAD_PARAMS *params)
 {
     SFTKChaCha20Poly1305Info *ctx;
 
-    if (params->ulIvLen != sizeof(ctx->nonce)) {
-        PORT_SetError(SEC_ERROR_INPUT_LEN);
-        return NULL;
+    if (params->ulNonceLen != sizeof(ctx->nonce)) {
+        PORT_SetError(SEC_ERROR_INPUT_LEN);
+        return NULL;
     }
 
     ctx = PORT_New(SFTKChaCha20Poly1305Info);
     if (ctx == NULL) {
-        return NULL;
+        return NULL;
     }
 
     if (ChaCha20Poly1305_InitContext(&ctx->freeblCtx, key, keyLen,
-                                     params->ulTagLen) != SECSuccess) {
-        PORT_Free(ctx);
-        return NULL;
+                                     params->ulTagLen) != SECSuccess) {
+        PORT_Free(ctx);
+        return NULL;
     }
 
-    memcpy(ctx->nonce, params->pIv, sizeof(ctx->nonce));
+    PORT_Memcpy(ctx->nonce, params->pNonce, sizeof(ctx->nonce));
 
     if (params->ulAADLen > sizeof(ctx->ad)) {
-        /* Need to allocate an overflow buffer for the additional data. */
-        ctx->adOverflow = (unsigned char *)PORT_Alloc(params->ulAADLen);
-        if (!ctx->adOverflow) {
-            PORT_Free(ctx);
-            return NULL;
-        }
-        memcpy(ctx->adOverflow, params->pAAD, params->ulAADLen);
+        /* Need to allocate an overflow buffer for the additional data. */
+        ctx->adOverflow = (unsigned char *)PORT_Alloc(params->ulAADLen);
+        if (!ctx->adOverflow) {
+            PORT_Free(ctx);
+            return NULL;
+        }
+        PORT_Memcpy(ctx->adOverflow, params->pAAD, params->ulAADLen);
     } else {
-        ctx->adOverflow = NULL;
-        memcpy(ctx->ad, params->pAAD, params->ulAADLen);
+        ctx->adOverflow = NULL;
+        PORT_Memcpy(ctx->ad, params->pAAD, params->ulAADLen);
     }
     ctx->adLen = params->ulAADLen;
 
     return ctx;
 }
 
 static void
 sftk_ChaCha20Poly1305_DestroyContext(SFTKChaCha20Poly1305Info *ctx,
-                                     PRBool freeit)
+                                     PRBool freeit)
 {
     ChaCha20Poly1305_DestroyContext(&ctx->freeblCtx, PR_FALSE);
     if (ctx->adOverflow != NULL) {
-        PORT_Free(ctx->adOverflow);
-        ctx->adOverflow = NULL;
+        PORT_Free(ctx->adOverflow);
+        ctx->adOverflow = NULL;
     }
     ctx->adLen = 0;
     if (freeit) {
-        PORT_Free(ctx);
+        PORT_Free(ctx);
     }
 }
 
 static SECStatus
 sftk_ChaCha20Poly1305_Encrypt(const SFTKChaCha20Poly1305Info *ctx,
-                              unsigned char *output, unsigned int *outputLen,
-                              unsigned int maxOutputLen,
-                              const unsigned char *input, unsigned int inputLen)
+                              unsigned char *output, unsigned int *outputLen,
+                              unsigned int maxOutputLen,
+                              const unsigned char *input, unsigned int inputLen)
 {
     const unsigned char *ad = ctx->adOverflow;
 
     if (ad == NULL) {
-        ad = ctx->ad;
+        ad = ctx->ad;
     }
 
     return ChaCha20Poly1305_Seal(&ctx->freeblCtx, output, outputLen,
-                                 maxOutputLen, input, inputLen, ctx->nonce,
-                                 sizeof(ctx->nonce), ad, ctx->adLen);
+                                 maxOutputLen, input, inputLen, ctx->nonce,
+                                 sizeof(ctx->nonce), ad, ctx->adLen);
 }
 
 static SECStatus
 sftk_ChaCha20Poly1305_Decrypt(const SFTKChaCha20Poly1305Info *ctx,
-                              unsigned char *output, unsigned int *outputLen,
-                              unsigned int maxOutputLen,
-                              const unsigned char *input, unsigned int inputLen)
+                              unsigned char *output, unsigned int *outputLen,
+                              unsigned int maxOutputLen,
+                              const unsigned char *input, unsigned int inputLen)
 {
     const unsigned char *ad = ctx->adOverflow;
 
     if (ad == NULL) {
-        ad = ctx->ad;
+        ad = ctx->ad;
     }
 
     return ChaCha20Poly1305_Open(&ctx->freeblCtx, output, outputLen,
-                                 maxOutputLen, input, inputLen, ctx->nonce,
-                                 sizeof(ctx->nonce), ad, ctx->adLen);
+                                 maxOutputLen, input, inputLen, ctx->nonce,
+                                 sizeof(ctx->nonce), ad, ctx->adLen);
 }
 
 /** NSC_CryptInit initializes an encryption/Decryption operation.
  *
  * Always called by NSC_EncryptInit, NSC_DecryptInit, NSC_WrapKey,NSC_UnwrapKey.
  * Called by NSC_SignInit, NSC_VerifyInit (via sftk_InitCBCMac) only for block
  *  ciphers MAC'ing.
  */
 static CK_RV
 sftk_CryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
@@ skipping 199 matching lines @@
     case CKM_CDMF_CBC_PAD:
         context->doPad = PR_TRUE;
         /* fall thru */
     case CKM_CDMF_ECB:
     case CKM_CDMF_CBC:
         if (key_type != CKK_CDMF) {
             crv = CKR_KEY_TYPE_INCONSISTENT;
             break;
         }
         t = (pMechanism->mechanism == CKM_CDMF_ECB) ? NSS_DES : NSS_DES_CBC;
-        if (crv != CKR_OK) break;
         goto finish_des;
     case CKM_DES_ECB:
         if (key_type != CKK_DES) {
             crv = CKR_KEY_TYPE_INCONSISTENT;
             break;
         }
         t = NSS_DES;
         goto finish_des;
     case CKM_DES_CBC_PAD:
         context->doPad = PR_TRUE;
@@ skipping 178 matching lines @@
             break;
         }
         context->cipherInfo = sftk_ChaCha20Poly1305_CreateContext(
                 (unsigned char*) att->attrib.pValue, att->attrib.ulValueLen,
                 (CK_NSS_AEAD_PARAMS*) pMechanism->pParameter);
         sftk_FreeAttribute(att);
         if (context->cipherInfo == NULL) {
             crv = sftk_MapCryptError(PORT_GetError());
             break;
         }
-        context->update = (SFTKCipher) (isEncrypt ?
-                                        sftk_ChaCha20Poly1305_Encrypt :
+        context->update = (SFTKCipher) (isEncrypt ? sftk_ChaCha20Poly1305_Encrypt :
                                         sftk_ChaCha20Poly1305_Decrypt);
         context->destroy = (SFTKDestroy) sftk_ChaCha20Poly1305_DestroyContext;
         break;
 
     case CKM_NETSCAPE_AES_KEY_WRAP_PAD:
         context->doPad = PR_TRUE;
         /* fall thru */
     case CKM_NETSCAPE_AES_KEY_WRAP:
         context->multi = PR_FALSE;
         context->blockSize = 8;
@@ skipping 1023 matching lines @@
 
     return RSA_HashSign(info->hashOid, info->key, sig, sigLen, maxLen,
                         hash, hashLen);
 }
 
 /* XXX Old template; want to expunge it eventually. */
 static DERTemplate SECAlgorithmIDTemplate[] = {
     { DER_SEQUENCE,
           0, NULL, sizeof(SECAlgorithmID) },
     { DER_OBJECT_ID,
-          offsetof(SECAlgorithmID,algorithm), },
+          offsetof(SECAlgorithmID,algorithm) },
     { DER_OPTIONAL | DER_ANY,
-          offsetof(SECAlgorithmID,parameters), },
-    { 0, }
+          offsetof(SECAlgorithmID,parameters) },
+    { 0 }
 };
 
 /*
  * XXX OLD Template.  Once all uses have been switched over to new one,
  * remove this.
  */
 static DERTemplate SGNDigestInfoTemplate[] = {
     { DER_SEQUENCE,
           0, NULL, sizeof(SGNDigestInfo) },
     { DER_INLINE,
           offsetof(SGNDigestInfo,digestAlgorithm),
-          SECAlgorithmIDTemplate, },
+          SECAlgorithmIDTemplate },
     { DER_OCTET_STRING,
-          offsetof(SGNDigestInfo,digest), },
-    { 0, }
+          offsetof(SGNDigestInfo,digest) },
+    { 0 }
 };
 
 /*
  * encode RSA PKCS #1 Signature data before signing... 
  */
 SECStatus
 RSA_HashSign(SECOidTag hashOid, NSSLOWKEYPrivateKey *key,
              unsigned char *sig, unsigned int *sigLen, unsigned int maxLen,
              const unsigned char *hash, unsigned int hashLen)
 {
@@ skipping 1604 matching lines @@
 
 /* maybe this should be table driven? */
 static CK_RV
 nsc_SetupPBEKeyGen(CK_MECHANISM_PTR pMechanism, NSSPKCS5PBEParameter  **pbe,
                                 CK_KEY_TYPE *key_type, CK_ULONG *key_length)
 {
     CK_RV crv = CKR_OK;
     SECOidData *oid;
     CK_PBE_PARAMS *pbe_params = NULL;
     NSSPKCS5PBEParameter *params = NULL;
+    HASH_HashType hashType = HASH_AlgSHA1;
     CK_PKCS5_PBKD2_PARAMS *pbkd2_params = NULL;
     SECItem salt;
     CK_ULONG iteration = 0;
 
     *pbe = NULL;
 
     oid = SECOID_FindOIDByMechanism(pMechanism->mechanism);
     if (oid == NULL) {
         return CKR_MECHANISM_INVALID;
     }
 
     if (pMechanism->mechanism == CKM_PKCS5_PBKD2) {
         pbkd2_params = (CK_PKCS5_PBKD2_PARAMS *)pMechanism->pParameter;
+        if (pbkd2_params == NULL) {
+            return CKR_MECHANISM_PARAM_INVALID;
+        }
+        switch (pbkd2_params->prf) {
+        case CKP_PKCS5_PBKD2_HMAC_SHA1:
+            hashType = HASH_AlgSHA1;
+            break;
+        case CKP_PKCS5_PBKD2_HMAC_SHA224:
+            hashType = HASH_AlgSHA224;
+            break;
+        case CKP_PKCS5_PBKD2_HMAC_SHA256:
+            hashType = HASH_AlgSHA256;
+            break;
+        case CKP_PKCS5_PBKD2_HMAC_SHA384:
+            hashType = HASH_AlgSHA384;
+            break;
+        case CKP_PKCS5_PBKD2_HMAC_SHA512:
+            hashType = HASH_AlgSHA512;
+            break;
+        default:
+            return CKR_MECHANISM_PARAM_INVALID;
+        }
         if (pbkd2_params->saltSource != CKZ_SALT_SPECIFIED) {
             return CKR_MECHANISM_PARAM_INVALID;
         }
         salt.data = (unsigned char *)pbkd2_params->pSaltSourceData;
         salt.len = (unsigned int)pbkd2_params->ulSaltSourceDataLen;
         iteration = pbkd2_params->iterations;
     } else {
         pbe_params = (CK_PBE_PARAMS *)pMechanism->pParameter;
         salt.data = (unsigned char *)pbe_params->pSalt;
         salt.len = (unsigned int)pbe_params->ulSaltLen;
         iteration = pbe_params->ulIteration;
     }
-    params=nsspkcs5_NewParam(oid->offset, &salt, iteration);
+    params=nsspkcs5_NewParam(oid->offset, hashType, &salt, iteration);
     if (params == NULL) {
         return CKR_MECHANISM_INVALID;
     }
 
     switch (params->encAlg) {
     case SEC_OID_DES_CBC:
         *key_type = CKK_DES;
         *key_length = params->keyLen;
         break;
     case SEC_OID_DES_EDE3_CBC:
         *key_type = params->is2KeyDES ? CKK_DES2 : CKK_DES3;
         *key_length = params->keyLen;
         break;
     case SEC_OID_RC2_CBC:
         *key_type = CKK_RC2;
         *key_length = params->keyLen;
         break;
     case SEC_OID_RC4:
         *key_type = CKK_RC4;
         *key_length = params->keyLen;
         break;
     case SEC_OID_PKCS5_PBKDF2:
-        /* sigh, PKCS #11 currently only defines SHA1 for the KDF hash type. 
-         * we do the check here because this where we would handle multiple
-         * hash types in the future */
-        if (pbkd2_params == NULL || 
-                pbkd2_params->prf != CKP_PKCS5_PBKD2_HMAC_SHA1) {
-            crv = CKR_MECHANISM_PARAM_INVALID;
-            break;
-        }
         /* key type must already be set */
         if (*key_type == CKK_INVALID_KEY_TYPE) {
             crv = CKR_TEMPLATE_INCOMPLETE;
             break;
         }
         /* PBKDF2 needs to calculate the key length from the other parameters
          */
         if (*key_length == 0) {
             *key_length = sftk_MapKeySize(*key_type);
         }
@@ skipping 231 matching lines @@
     if (session == NULL) {
         sftk_FreeObject(key);
         return CKR_SESSION_HANDLE_INVALID;
     }
 
     /*
      * handle the base object stuff
      */
     crv = sftk_handleObject(key,session);
     sftk_FreeSession(session);
-    if (sftk_isTrue(key,CKA_SENSITIVE)) {
-        sftk_forceAttribute(key,CKA_ALWAYS_SENSITIVE,&cktrue,sizeof(CK_BBOOL));
+    if (crv == CKR_OK && sftk_isTrue(key,CKA_SENSITIVE)) {
+        crv = sftk_forceAttribute(key,CKA_ALWAYS_SENSITIVE,&cktrue,sizeof(CK_BBOOL));
     }
-    if (!sftk_isTrue(key,CKA_EXTRACTABLE)) {
-        sftk_forceAttribute(key,CKA_NEVER_EXTRACTABLE,&cktrue,sizeof(CK_BBOOL));
+    if (crv == CKR_OK && !sftk_isTrue(key,CKA_EXTRACTABLE)) {
+        crv = sftk_forceAttribute(key,CKA_NEVER_EXTRACTABLE,&cktrue,sizeof(CK_BBOOL));
     }
-
-    *phKey = key->handle;
+    if (crv == CKR_OK) {
+        *phKey = key->handle;
+    }
     sftk_FreeObject(key);
     return crv;
 }
 
 #define PAIRWISE_DIGEST_LENGTH                  SHA1_LENGTH /* 160-bits */
 #define PAIRWISE_MESSAGE_LENGTH                 20          /* 160-bits */
 
 /*
  * FIPS 140-2 pairwise consistency check utilized to validate key pair.
  *
@@ skipping 686 matching lines @@
         rv = EC_NewKey(ecParams, &ecPriv);
         PORT_FreeArena(ecParams->arena, PR_TRUE);
         if (rv != SECSuccess) { 
             if (PORT_GetError() == SEC_ERROR_LIBRARY_FAILURE) {
                 sftk_fatalError = PR_TRUE;
             }
             crv = sftk_MapCryptError(PORT_GetError());
             break;
         }
 
-        if (getenv("NSS_USE_DECODED_CKA_EC_POINT")) {
+        if (PR_GetEnvSecure("NSS_USE_DECODED_CKA_EC_POINT")) {
             crv = sftk_AddAttributeType(publicKey, CKA_EC_POINT, 
                                 sftk_item_expand(&ecPriv->publicValue));
         } else {
             SECItem *pubValue = SEC_ASN1EncodeItem(NULL, NULL, 
                                         &ecPriv->publicValue, 
                                         SEC_ASN1_GET(SEC_OctetStringTemplate));
             if (!pubValue) {
                 crv = CKR_ARGUMENTS_BAD;
                 goto ecgn_done;
             }
@@ skipping 71 matching lines @@
      */
     crv = sftk_handleObject(publicKey,session);
     sftk_FreeSession(session);
     if (crv != CKR_OK) {
         sftk_FreeObject(publicKey);
         NSC_DestroyObject(hSession,privateKey->handle);
         sftk_FreeObject(privateKey);
         return crv;
     }
     if (sftk_isTrue(privateKey,CKA_SENSITIVE)) {
-        sftk_forceAttribute(privateKey,CKA_ALWAYS_SENSITIVE,
+        crv = sftk_forceAttribute(privateKey,CKA_ALWAYS_SENSITIVE,
                                                 &cktrue,sizeof(CK_BBOOL));
     }
-    if (sftk_isTrue(publicKey,CKA_SENSITIVE)) {
-        sftk_forceAttribute(publicKey,CKA_ALWAYS_SENSITIVE,
+    if (crv == CKR_OK && sftk_isTrue(publicKey,CKA_SENSITIVE)) {
+        crv = sftk_forceAttribute(publicKey,CKA_ALWAYS_SENSITIVE,
                                                 &cktrue,sizeof(CK_BBOOL));
     }
-    if (!sftk_isTrue(privateKey,CKA_EXTRACTABLE)) {
-        sftk_forceAttribute(privateKey,CKA_NEVER_EXTRACTABLE,
+    if (crv == CKR_OK && !sftk_isTrue(privateKey,CKA_EXTRACTABLE)) {
+        crv = sftk_forceAttribute(privateKey,CKA_NEVER_EXTRACTABLE,
                                                 &cktrue,sizeof(CK_BBOOL));
     }
-    if (!sftk_isTrue(publicKey,CKA_EXTRACTABLE)) {
-        sftk_forceAttribute(publicKey,CKA_NEVER_EXTRACTABLE,
+    if (crv == CKR_OK && !sftk_isTrue(publicKey,CKA_EXTRACTABLE)) {
+        crv = sftk_forceAttribute(publicKey,CKA_NEVER_EXTRACTABLE,
                                                 &cktrue,sizeof(CK_BBOOL));
     }
 
-    /* Perform FIPS 140-2 pairwise consistency check. */
-    crv = sftk_PairwiseConsistencyCheck(hSession,
-                                        publicKey, privateKey, key_type);
+    if (crv == CKR_OK) {
+        /* Perform FIPS 140-2 pairwise consistency check. */
+        crv = sftk_PairwiseConsistencyCheck(hSession,
+                                            publicKey, privateKey, key_type);
+        if (crv != CKR_OK) {
+            if (sftk_audit_enabled) {
+                char msg[128];
+                PR_snprintf(msg,sizeof msg,
+                            "C_GenerateKeyPair(hSession=0x%08lX, "
+                            "pMechanism->mechanism=0x%08lX)=0x%08lX "
+                            "self-test: pair-wise consistency test failed",
+                            (PRUint32)hSession,(PRUint32)pMechanism->mechanism,
+                            (PRUint32)crv);
+                sftk_LogAuditMessage(NSS_AUDIT_ERROR, NSS_AUDIT_SELF_TEST, msg);
+            }
+            return crv;
+        }
+    }
+
     if (crv != CKR_OK) {
         NSC_DestroyObject(hSession,publicKey->handle);
         sftk_FreeObject(publicKey);
         NSC_DestroyObject(hSession,privateKey->handle);
         sftk_FreeObject(privateKey);
-        if (sftk_audit_enabled) {
-            char msg[128];
-            PR_snprintf(msg,sizeof msg,
-                        "C_GenerateKeyPair(hSession=0x%08lX, "
-                        "pMechanism->mechanism=0x%08lX)=0x%08lX "
-                        "self-test: pair-wise consistency test failed",
-                        (PRUint32)hSession,(PRUint32)pMechanism->mechanism,
-                        (PRUint32)crv);
-            sftk_LogAuditMessage(NSS_AUDIT_ERROR, NSS_AUDIT_SELF_TEST, msg);
-        }
-        return crv;
     }
 
     *phPrivateKey = privateKey->handle;
     *phPublicKey = publicKey->handle;
     sftk_FreeObject(publicKey);
     sftk_FreeObject(privateKey);
 
     return CKR_OK;
 }
 
@@ skipping 2576 matching lines @@
     att = sftk_FindAttribute(key,CKA_VALUE);
     sftk_FreeObject(key);
     if (!att) {
         return CKR_KEY_HANDLE_INVALID;        
     }
     crv = NSC_DigestUpdate(hSession,(CK_BYTE_PTR)att->attrib.pValue,
                            att->attrib.ulValueLen);
     sftk_FreeAttribute(att);
     return crv;
 }