| OLD | NEW |
|---|
| 1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
| 2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
| 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| 4 /* | 4 /* |
| 5 * This file implements PKCS 11 on top of our existing security modules | 5 * This file implements PKCS 11 on top of our existing security modules |
| 6 * | 6 * |
| 7 * For more information about PKCS 11 See PKCS 11 Token Inteface Standard. | 7 * For more information about PKCS 11 See PKCS 11 Token Inteface Standard. |
| 8 * This implementation has two slots: | 8 * This implementation has two slots: |
| 9 * slot 1 is our generic crypto support. It does not require login. | 9 * slot 1 is our generic crypto support. It does not require login. |
| 10 * It supports Public Key ops, and all they bulk ciphers and hashes. | 10 * It supports Public Key ops, and all they bulk ciphers and hashes. |
| (...skipping 284 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 295 {CKM_DSA_PARAMETER_GEN, {DSA_MIN_P_BITS, DSA_MAX_P_BITS, | 295 {CKM_DSA_PARAMETER_GEN, {DSA_MIN_P_BITS, DSA_MAX_P_BITS, |
| 296 CKF_GENERATE}, PR_TRUE}, | 296 CKF_GENERATE}, PR_TRUE}, |
| 297 {CKM_DSA_SHA1, {DSA_MIN_P_BITS, DSA_MAX_P_BITS, | 297 {CKM_DSA_SHA1, {DSA_MIN_P_BITS, DSA_MAX_P_BITS, |
| 298 CKF_SN_VR}, PR_TRUE}, | 298 CKF_SN_VR}, PR_TRUE}, |
| 299 /* -------------------- Diffie Hellman Operations --------------------- */ | 299 /* -------------------- Diffie Hellman Operations --------------------- */ |
| 300 /* no diffie hellman yet */ | 300 /* no diffie hellman yet */ |
| 301 {CKM_DH_PKCS_KEY_PAIR_GEN, {DH_MIN_P_BITS, DH_MAX_P_BITS, | 301 {CKM_DH_PKCS_KEY_PAIR_GEN, {DH_MIN_P_BITS, DH_MAX_P_BITS, |
| 302 CKF_GENERATE_KEY_PAIR}, PR_TRUE}, | 302 CKF_GENERATE_KEY_PAIR}, PR_TRUE}, |
| 303 {CKM_DH_PKCS_DERIVE, {DH_MIN_P_BITS, DH_MAX_P_BITS, | 303 {CKM_DH_PKCS_DERIVE, {DH_MIN_P_BITS, DH_MAX_P_BITS, |
| 304 CKF_DERIVE}, PR_TRUE}, | 304 CKF_DERIVE}, PR_TRUE}, |
| 305 #ifdef NSS_ENABLE_ECC | 305 #ifndef NSS_DISABLE_ECC |
| 306 /* -------------------- Elliptic Curve Operations --------------------- */ | 306 /* -------------------- Elliptic Curve Operations --------------------- */ |
| 307 {CKM_EC_KEY_PAIR_GEN, {EC_MIN_KEY_BITS, EC_MAX_KEY_BITS, | 307 {CKM_EC_KEY_PAIR_GEN, {EC_MIN_KEY_BITS, EC_MAX_KEY_BITS, |
| 308 CKF_GENERATE_KEY_PAIR|CKF_EC_BPNU}, PR_TRUE}, | 308 CKF_GENERATE_KEY_PAIR|CKF_EC_BPNU}, PR_TRUE}, |
| 309 {CKM_ECDH1_DERIVE, {EC_MIN_KEY_BITS, EC_MAX_KEY_BITS, | 309 {CKM_ECDH1_DERIVE, {EC_MIN_KEY_BITS, EC_MAX_KEY_BITS, |
| 310 CKF_DERIVE|CKF_EC_BPNU}, PR_TRUE}, | 310 CKF_DERIVE|CKF_EC_BPNU}, PR_TRUE}, |
| 311 {CKM_ECDSA, {EC_MIN_KEY_BITS, EC_MAX_KEY_BITS, | 311 {CKM_ECDSA, {EC_MIN_KEY_BITS, EC_MAX_KEY_BITS, |
| 312 CKF_SN_VR|CKF_EC_BPNU}, PR_TRUE}, | 312 CKF_SN_VR|CKF_EC_BPNU}, PR_TRUE}, |
| 313 {CKM_ECDSA_SHA1, {EC_MIN_KEY_BITS, EC_MAX_KEY_BITS, | 313 {CKM_ECDSA_SHA1, {EC_MIN_KEY_BITS, EC_MAX_KEY_BITS, |
| 314 CKF_SN_VR|CKF_EC_BPNU}, PR_TRUE}, | 314 CKF_SN_VR|CKF_EC_BPNU}, PR_TRUE}, |
| 315 #endif /* NSS_ENABLE_ECC */ | 315 #endif /* NSS_DISABLE_ECC */ |
| 316 /* ------------------------- RC2 Operations --------------------------- */ | 316 /* ------------------------- RC2 Operations --------------------------- */ |
| 317 {CKM_RC2_KEY_GEN, {1, 128, CKF_GENERATE}, PR_TRUE}, | 317 {CKM_RC2_KEY_GEN, {1, 128, CKF_GENERATE}, PR_TRUE}, |
| 318 {CKM_RC2_ECB, {1, 128, CKF_EN_DE_WR_UN}, PR_TRUE}, | 318 {CKM_RC2_ECB, {1, 128, CKF_EN_DE_WR_UN}, PR_TRUE}, |
| 319 {CKM_RC2_CBC, {1, 128, CKF_EN_DE_WR_UN}, PR_TRUE}, | 319 {CKM_RC2_CBC, {1, 128, CKF_EN_DE_WR_UN}, PR_TRUE}, |
| 320 {CKM_RC2_MAC, {1, 128, CKF_SN_VR}, PR_TRUE}, | 320 {CKM_RC2_MAC, {1, 128, CKF_SN_VR}, PR_TRUE}, |
| 321 {CKM_RC2_MAC_GENERAL, {1, 128, CKF_SN_VR}, PR_TRUE}, | 321 {CKM_RC2_MAC_GENERAL, {1, 128, CKF_SN_VR}, PR_TRUE}, |
| 322 {CKM_RC2_CBC_PAD, {1, 128, CKF_EN_DE_WR_UN}, PR_TRUE}, | 322 {CKM_RC2_CBC_PAD, {1, 128, CKF_EN_DE_WR_UN}, PR_TRUE}, |
| 323 /* ------------------------- RC4 Operations --------------------------- */ | 323 /* ------------------------- RC4 Operations --------------------------- */ |
| 324 {CKM_RC4_KEY_GEN, {1, 256, CKF_GENERATE}, PR_FALSE}, | 324 {CKM_RC4_KEY_GEN, {1, 256, CKF_GENERATE}, PR_FALSE}, |
| 325 {CKM_RC4, {1, 256, CKF_EN_DE_WR_UN}, PR_FALSE}, | 325 {CKM_RC4, {1, 256, CKF_EN_DE_WR_UN}, PR_FALSE}, |
| (...skipping 597 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 923 crv = sftk_ConstrainAttribute(object, CKA_VALUE, 2, DH_MAX_P_BITS, 0); | 923 crv = sftk_ConstrainAttribute(object, CKA_VALUE, 2, DH_MAX_P_BITS, 0); |
| 924 if (crv != CKR_OK) { | 924 if (crv != CKR_OK) { |
| 925 return crv; | 925 return crv; |
| 926 } | 926 } |
| 927 verify = CK_FALSE; | 927 verify = CK_FALSE; |
| 928 derive = CK_TRUE; | 928 derive = CK_TRUE; |
| 929 encrypt = CK_FALSE; | 929 encrypt = CK_FALSE; |
| 930 recover = CK_FALSE; | 930 recover = CK_FALSE; |
| 931 wrap = CK_FALSE; | 931 wrap = CK_FALSE; |
| 932 break; | 932 break; |
| 933 #ifdef NSS_ENABLE_ECC | 933 #ifndef NSS_DISABLE_ECC |
| 934 case CKK_EC: | 934 case CKK_EC: |
| 935 if ( !sftk_hasAttribute(object, CKA_EC_PARAMS)) { | 935 if ( !sftk_hasAttribute(object, CKA_EC_PARAMS)) { |
| 936 return CKR_TEMPLATE_INCOMPLETE; | 936 return CKR_TEMPLATE_INCOMPLETE; |
| 937 } | 937 } |
| 938 if ( !sftk_hasAttribute(object, CKA_EC_POINT)) { | 938 if ( !sftk_hasAttribute(object, CKA_EC_POINT)) { |
| 939 return CKR_TEMPLATE_INCOMPLETE; | 939 return CKR_TEMPLATE_INCOMPLETE; |
| 940 } | 940 } |
| 941 derive = CK_TRUE; /* for ECDH */ | 941 derive = CK_TRUE; /* for ECDH */ |
| 942 verify = CK_TRUE; /* for ECDSA */ | 942 verify = CK_TRUE; /* for ECDSA */ |
| 943 encrypt = CK_FALSE; | 943 encrypt = CK_FALSE; |
| 944 recover = CK_FALSE; | 944 recover = CK_FALSE; |
| 945 wrap = CK_FALSE; | 945 wrap = CK_FALSE; |
| 946 break; | 946 break; |
| 947 #endif /* NSS_ENABLE_ECC */ | 947 #endif /* NSS_DISABLE_ECC */ |
| 948 default: | 948 default: |
| 949 return CKR_ATTRIBUTE_VALUE_INVALID; | 949 return CKR_ATTRIBUTE_VALUE_INVALID; |
| 950 } | 950 } |
| 951 | 951 |
| 952 /* make sure the required fields exist */ | 952 /* make sure the required fields exist */ |
| 953 crv = sftk_defaultAttribute(object,CKA_SUBJECT,NULL,0); | 953 crv = sftk_defaultAttribute(object,CKA_SUBJECT,NULL,0); |
| 954 if (crv != CKR_OK) return crv; | 954 if (crv != CKR_OK) return crv; |
| 955 crv = sftk_defaultAttribute(object,CKA_ENCRYPT,&encrypt,sizeof(CK_BBOOL)); | 955 crv = sftk_defaultAttribute(object,CKA_ENCRYPT,&encrypt,sizeof(CK_BBOOL)); |
| 956 if (crv != CKR_OK) return crv; | 956 if (crv != CKR_OK) return crv; |
| 957 crv = sftk_defaultAttribute(object,CKA_VERIFY,&verify,sizeof(CK_BBOOL)); | 957 crv = sftk_defaultAttribute(object,CKA_VERIFY,&verify,sizeof(CK_BBOOL)); |
| (...skipping 126 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1084 if ( !sftk_hasAttribute(object, CKA_BASE)) { | 1084 if ( !sftk_hasAttribute(object, CKA_BASE)) { |
| 1085 return CKR_TEMPLATE_INCOMPLETE; | 1085 return CKR_TEMPLATE_INCOMPLETE; |
| 1086 } | 1086 } |
| 1087 if ( !sftk_hasAttribute(object, CKA_VALUE)) { | 1087 if ( !sftk_hasAttribute(object, CKA_VALUE)) { |
| 1088 return CKR_TEMPLATE_INCOMPLETE; | 1088 return CKR_TEMPLATE_INCOMPLETE; |
| 1089 } | 1089 } |
| 1090 encrypt = CK_FALSE; | 1090 encrypt = CK_FALSE; |
| 1091 recover = CK_FALSE; | 1091 recover = CK_FALSE; |
| 1092 wrap = CK_FALSE; | 1092 wrap = CK_FALSE; |
| 1093 break; | 1093 break; |
| 1094 #ifdef NSS_ENABLE_ECC | 1094 #ifndef NSS_DISABLE_ECC |
| 1095 case CKK_EC: | 1095 case CKK_EC: |
| 1096 if ( !sftk_hasAttribute(object, CKA_EC_PARAMS)) { | 1096 if ( !sftk_hasAttribute(object, CKA_EC_PARAMS)) { |
| 1097 return CKR_TEMPLATE_INCOMPLETE; | 1097 return CKR_TEMPLATE_INCOMPLETE; |
| 1098 } | 1098 } |
| 1099 if ( !sftk_hasAttribute(object, CKA_VALUE)) { | 1099 if ( !sftk_hasAttribute(object, CKA_VALUE)) { |
| 1100 return CKR_TEMPLATE_INCOMPLETE; | 1100 return CKR_TEMPLATE_INCOMPLETE; |
| 1101 } | 1101 } |
| 1102 encrypt = CK_FALSE; | 1102 encrypt = CK_FALSE; |
| 1103 sign = CK_TRUE; | 1103 sign = CK_TRUE; |
| 1104 recover = CK_FALSE; | 1104 recover = CK_FALSE; |
| 1105 wrap = CK_FALSE; | 1105 wrap = CK_FALSE; |
| 1106 break; | 1106 break; |
| 1107 #endif /* NSS_ENABLE_ECC */ | 1107 #endif /* NSS_DISABLE_ECC */ |
| 1108 case CKK_NSS_JPAKE_ROUND1: | 1108 case CKK_NSS_JPAKE_ROUND1: |
| 1109 if (!sftk_hasAttribute(object, CKA_PRIME) || | 1109 if (!sftk_hasAttribute(object, CKA_PRIME) || |
| 1110 !sftk_hasAttribute(object, CKA_SUBPRIME) || | 1110 !sftk_hasAttribute(object, CKA_SUBPRIME) || |
| 1111 !sftk_hasAttribute(object, CKA_BASE)) { | 1111 !sftk_hasAttribute(object, CKA_BASE)) { |
| 1112 return CKR_TEMPLATE_INCOMPLETE; | 1112 return CKR_TEMPLATE_INCOMPLETE; |
| 1113 } | 1113 } |
| 1114 /* fall through */ | 1114 /* fall through */ |
| 1115 case CKK_NSS_JPAKE_ROUND2: | 1115 case CKK_NSS_JPAKE_ROUND2: |
| 1116 /* CKA_NSS_JPAKE_SIGNERID and CKA_NSS_JPAKE_PEERID are checked in | 1116 /* CKA_NSS_JPAKE_SIGNERID and CKA_NSS_JPAKE_PEERID are checked in |
| 1117 the J-PAKE code. */ | 1117 the J-PAKE code. */ |
| (...skipping 586 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1704 pubKey->keyType = NSSLOWKEYDHKey; | 1704 pubKey->keyType = NSSLOWKEYDHKey; |
| 1705 crv = sftk_Attribute2SSecItem(arena,&pubKey->u.dh.prime, | 1705 crv = sftk_Attribute2SSecItem(arena,&pubKey->u.dh.prime, |
| 1706 object,CKA_PRIME); | 1706 object,CKA_PRIME); |
| 1707 if (crv != CKR_OK) break; | 1707 if (crv != CKR_OK) break; |
| 1708 crv = sftk_Attribute2SSecItem(arena,&pubKey->u.dh.base, | 1708 crv = sftk_Attribute2SSecItem(arena,&pubKey->u.dh.base, |
| 1709 object,CKA_BASE); | 1709 object,CKA_BASE); |
| 1710 if (crv != CKR_OK) break; | 1710 if (crv != CKR_OK) break; |
| 1711 crv = sftk_Attribute2SSecItem(arena,&pubKey->u.dh.publicValue, | 1711 crv = sftk_Attribute2SSecItem(arena,&pubKey->u.dh.publicValue, |
| 1712 object,CKA_VALUE); | 1712 object,CKA_VALUE); |
| 1713 break; | 1713 break; |
| 1714 #ifdef NSS_ENABLE_ECC | 1714 #ifndef NSS_DISABLE_ECC |
| 1715 case CKK_EC: | 1715 case CKK_EC: |
| 1716 pubKey->keyType = NSSLOWKEYECKey; | 1716 pubKey->keyType = NSSLOWKEYECKey; |
| 1717 crv = sftk_Attribute2SSecItem(arena, | 1717 crv = sftk_Attribute2SSecItem(arena, |
| 1718 &pubKey->u.ec.ecParams.DEREncoding, | 1718 &pubKey->u.ec.ecParams.DEREncoding, |
| 1719 object,CKA_EC_PARAMS); | 1719 object,CKA_EC_PARAMS); |
| 1720 if (crv != CKR_OK) break; | 1720 if (crv != CKR_OK) break; |
| 1721 | 1721 |
| 1722 /* Fill out the rest of the ecParams structure | 1722 /* Fill out the rest of the ecParams structure |
| 1723 * based on the encoded params | 1723 * based on the encoded params |
| 1724 */ | 1724 */ |
| (...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1764 crv = CKR_ATTRIBUTE_VALUE_INVALID; | 1764 crv = CKR_ATTRIBUTE_VALUE_INVALID; |
| 1765 break; | 1765 break; |
| 1766 } | 1766 } |
| 1767 /* replace our previous with the decoded key */ | 1767 /* replace our previous with the decoded key */ |
| 1768 pubKey->u.ec.publicValue = publicValue; | 1768 pubKey->u.ec.publicValue = publicValue; |
| 1769 break; | 1769 break; |
| 1770 } | 1770 } |
| 1771 crv = CKR_ATTRIBUTE_VALUE_INVALID; | 1771 crv = CKR_ATTRIBUTE_VALUE_INVALID; |
| 1772 } | 1772 } |
| 1773 break; | 1773 break; |
| 1774 #endif /* NSS_ENABLE_ECC */ | 1774 #endif /* NSS_DISABLE_ECC */ |
| 1775 default: | 1775 default: |
| 1776 crv = CKR_KEY_TYPE_INCONSISTENT; | 1776 crv = CKR_KEY_TYPE_INCONSISTENT; |
| 1777 break; | 1777 break; |
| 1778 } | 1778 } |
| 1779 *crvp = crv; | 1779 *crvp = crv; |
| 1780 if (crv != CKR_OK) { | 1780 if (crv != CKR_OK) { |
| 1781 PORT_FreeArena(arena,PR_FALSE); | 1781 PORT_FreeArena(arena,PR_FALSE); |
| 1782 return NULL; | 1782 return NULL; |
| 1783 } | 1783 } |
| 1784 | 1784 |
| (...skipping 88 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1873 SFTK_SET_ITEM_TEMPLATE(itemTemplate, itemTemplateCount, | 1873 SFTK_SET_ITEM_TEMPLATE(itemTemplate, itemTemplateCount, |
| 1874 &privKey->u.dh.base, CKA_BASE); | 1874 &privKey->u.dh.base, CKA_BASE); |
| 1875 itemTemplateCount++; | 1875 itemTemplateCount++; |
| 1876 SFTK_SET_ITEM_TEMPLATE(itemTemplate, itemTemplateCount, | 1876 SFTK_SET_ITEM_TEMPLATE(itemTemplate, itemTemplateCount, |
| 1877 &privKey->u.dh.privateValue, CKA_VALUE); | 1877 &privKey->u.dh.privateValue, CKA_VALUE); |
| 1878 itemTemplateCount++; | 1878 itemTemplateCount++; |
| 1879 /* privKey was zero'd so public value is already set to NULL, 0 | 1879 /* privKey was zero'd so public value is already set to NULL, 0 |
| 1880 * if we don't set it explicitly */ | 1880 * if we don't set it explicitly */ |
| 1881 break; | 1881 break; |
| 1882 | 1882 |
| 1883 #ifdef NSS_ENABLE_ECC | 1883 #ifndef NSS_DISABLE_ECC |
| 1884 case CKK_EC: | 1884 case CKK_EC: |
| 1885 privKey->keyType = NSSLOWKEYECKey; | 1885 privKey->keyType = NSSLOWKEYECKey; |
| 1886 crv = sftk_Attribute2SSecItem(arena, | 1886 crv = sftk_Attribute2SSecItem(arena, |
| 1887 &privKey->u.ec.ecParams.DEREncoding, | 1887 &privKey->u.ec.ecParams.DEREncoding, |
| 1888 object,CKA_EC_PARAMS); | 1888 object,CKA_EC_PARAMS); |
| 1889 if (crv != CKR_OK) break; | 1889 if (crv != CKR_OK) break; |
| 1890 | 1890 |
| 1891 /* Fill out the rest of the ecParams structure | 1891 /* Fill out the rest of the ecParams structure |
| 1892 * based on the encoded params | 1892 * based on the encoded params |
| 1893 */ | 1893 */ |
| (...skipping 21 matching lines...) Expand all Loading... |
| 1915 * Android as gcc 4.6 has a bug when targeting arm (but not | 1915 * Android as gcc 4.6 has a bug when targeting arm (but not |
| 1916 * thumb). The bug has been fixed in gcc 4.7. | 1916 * thumb). The bug has been fixed in gcc 4.7. |
| 1917 * http://gcc.gnu.org/bugzilla/show_bug.cgi?id=56561 | 1917 * http://gcc.gnu.org/bugzilla/show_bug.cgi?id=56561 |
| 1918 */ | 1918 */ |
| 1919 #if defined (__arm__) && !defined(__thumb__) && defined (__GNUC__) | 1919 #if defined (__arm__) && !defined(__thumb__) && defined (__GNUC__) |
| 1920 *crvp = CKR_HOST_MEMORY; | 1920 *crvp = CKR_HOST_MEMORY; |
| 1921 break; | 1921 break; |
| 1922 #endif | 1922 #endif |
| 1923 } | 1923 } |
| 1924 break; | 1924 break; |
| 1925 #endif /* NSS_ENABLE_ECC */ | 1925 #endif /* NSS_DISABLE_ECC */ |
| 1926 | 1926 |
| 1927 default: | 1927 default: |
| 1928 crv = CKR_KEY_TYPE_INCONSISTENT; | 1928 crv = CKR_KEY_TYPE_INCONSISTENT; |
| 1929 break; | 1929 break; |
| 1930 } | 1930 } |
| 1931 if (crv == CKR_OK && itemTemplateCount != 0) { | 1931 if (crv == CKR_OK && itemTemplateCount != 0) { |
| 1932 PORT_Assert(itemTemplateCount > 0); | 1932 PORT_Assert(itemTemplateCount > 0); |
| 1933 PORT_Assert(itemTemplateCount <= SFTK_MAX_ITEM_TEMPLATE); | 1933 PORT_Assert(itemTemplateCount <= SFTK_MAX_ITEM_TEMPLATE); |
| 1934 crv = sftk_MultipleAttribute2SecItem(arena, object, itemTemplate, | 1934 crv = sftk_MultipleAttribute2SecItem(arena, object, itemTemplate, |
| 1935 itemTemplateCount); | 1935 itemTemplateCount); |
| (...skipping 2789 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 4725 | 4725 |
| 4726 | 4726 |
| 4727 CK_RV NSC_WaitForSlotEvent(CK_FLAGS flags, CK_SLOT_ID_PTR pSlot, | 4727 CK_RV NSC_WaitForSlotEvent(CK_FLAGS flags, CK_SLOT_ID_PTR pSlot, |
| 4728 CK_VOID_PTR pReserved) | 4728 CK_VOID_PTR pReserved) |
| 4729 { | 4729 { |
| 4730 CHECK_FORK(); | 4730 CHECK_FORK(); |
| 4731 | 4731 |
| 4732 return CKR_FUNCTION_NOT_SUPPORTED; | 4732 return CKR_FUNCTION_NOT_SUPPORTED; |
| 4733 } | 4733 } |
| 4734 | 4734 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 195763027:
Update NSS to NSS_3_16_RC0. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/