| OLD | NEW |
|---|
| 1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
| 2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
| 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| 4 /* | 4 /* |
| 5 * This file implements PKCS 11 on top of our existing security modules | 5 * This file implements PKCS 11 on top of our existing security modules |
| 6 * | 6 * |
| 7 * For more information about PKCS 11 See PKCS 11 Token Inteface Standard. | 7 * For more information about PKCS 11 See PKCS 11 Token Inteface Standard. |
| 8 * This implementation has two slots: | 8 * This implementation has two slots: |
| 9 * slot 1 is our generic crypto support. It does not require login. | 9 * slot 1 is our generic crypto support. It does not require login. |
| 10 * It supports Public Key ops, and all they bulk ciphers and hashes. | 10 * It supports Public Key ops, and all they bulk ciphers and hashes. |
| (...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 55 typedef struct { | 55 typedef struct { |
| 56 PRUint8 client_version[2]; | 56 PRUint8 client_version[2]; |
| 57 PRUint8 random[46]; | 57 PRUint8 random[46]; |
| 58 } SSL3RSAPreMasterSecret; | 58 } SSL3RSAPreMasterSecret; |
| 59 | 59 |
| 60 static void sftk_Null(void *data, PRBool freeit) | 60 static void sftk_Null(void *data, PRBool freeit) |
| 61 { | 61 { |
| 62 return; | 62 return; |
| 63 } | 63 } |
| 64 | 64 |
| 65 #ifdef NSS_ENABLE_ECC | 65 #ifndef NSS_DISABLE_ECC |
| 66 #ifdef EC_DEBUG | 66 #ifdef EC_DEBUG |
| 67 #define SEC_PRINT(str1, str2, num, sitem) \ | 67 #define SEC_PRINT(str1, str2, num, sitem) \ |
| 68 printf("pkcs11c.c:%s:%s (keytype=%d) [len=%d]\n", \ | 68 printf("pkcs11c.c:%s:%s (keytype=%d) [len=%d]\n", \ |
| 69 str1, str2, num, sitem->len); \ | 69 str1, str2, num, sitem->len); \ |
| 70 for (i = 0; i < sitem->len; i++) { \ | 70 for (i = 0; i < sitem->len; i++) { \ |
| 71 printf("%02x:", sitem->data[i]); \ | 71 printf("%02x:", sitem->data[i]); \ |
| 72 } \ | 72 } \ |
| 73 printf("\n") | 73 printf("\n") |
| 74 #else | 74 #else |
| 75 #define SEC_PRINT(a, b, c, d) | 75 #define SEC_PRINT(a, b, c, d) |
| 76 #endif | 76 #endif |
| 77 #endif /* NSS_ENABLE_ECC */ | 77 #endif /* NSS_DISABLE_ECC */ |
| 78 | 78 |
| 79 /* | 79 /* |
| 80 * free routines.... Free local type allocated data, and convert | 80 * free routines.... Free local type allocated data, and convert |
| 81 * other free routines to the destroy signature. | 81 * other free routines to the destroy signature. |
| 82 */ | 82 */ |
| 83 static void | 83 static void |
| 84 sftk_FreePrivKey(NSSLOWKEYPrivateKey *key, PRBool freeit) | 84 sftk_FreePrivKey(NSSLOWKEYPrivateKey *key, PRBool freeit) |
| 85 { | 85 { |
| 86 nsslowkey_DestroyPrivateKey(key); | 86 nsslowkey_DestroyPrivateKey(key); |
| 87 } | 87 } |
| (...skipping 25 matching lines...) Expand all Loading... |
| 113 case SEC_ERROR_NO_MEMORY: | 113 case SEC_ERROR_NO_MEMORY: |
| 114 return CKR_HOST_MEMORY; | 114 return CKR_HOST_MEMORY; |
| 115 case SEC_ERROR_BAD_SIGNATURE: | 115 case SEC_ERROR_BAD_SIGNATURE: |
| 116 return CKR_SIGNATURE_INVALID; | 116 return CKR_SIGNATURE_INVALID; |
| 117 case SEC_ERROR_INVALID_KEY: | 117 case SEC_ERROR_INVALID_KEY: |
| 118 return CKR_KEY_SIZE_RANGE; | 118 return CKR_KEY_SIZE_RANGE; |
| 119 case SEC_ERROR_BAD_KEY: /* an EC public key that fails validation */ | 119 case SEC_ERROR_BAD_KEY: /* an EC public key that fails validation */ |
| 120 return CKR_KEY_SIZE_RANGE; /* the closest error code */ | 120 return CKR_KEY_SIZE_RANGE; /* the closest error code */ |
| 121 case SEC_ERROR_UNSUPPORTED_EC_POINT_FORM: | 121 case SEC_ERROR_UNSUPPORTED_EC_POINT_FORM: |
| 122 return CKR_TEMPLATE_INCONSISTENT; | 122 return CKR_TEMPLATE_INCONSISTENT; |
| 123 » /* EC functions set this error if NSS_ENABLE_ECC is not defined */ | 123 » /* EC functions set this error if NSS_DISABLE_ECC is defined */ |
| 124 case SEC_ERROR_UNSUPPORTED_KEYALG: | 124 case SEC_ERROR_UNSUPPORTED_KEYALG: |
| 125 return CKR_MECHANISM_INVALID; | 125 return CKR_MECHANISM_INVALID; |
| 126 case SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE: | 126 case SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE: |
| 127 return CKR_DOMAIN_PARAMS_INVALID; | 127 return CKR_DOMAIN_PARAMS_INVALID; |
| 128 /* key pair generation failed after max number of attempts */ | 128 /* key pair generation failed after max number of attempts */ |
| 129 case SEC_ERROR_NEED_RANDOM: | 129 case SEC_ERROR_NEED_RANDOM: |
| 130 return CKR_FUNCTION_FAILED; | 130 return CKR_FUNCTION_FAILED; |
| 131 } | 131 } |
| 132 return CKR_DEVICE_ERROR; | 132 return CKR_DEVICE_ERROR; |
| 133 } | 133 } |
| (...skipping 2221 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2355 digest.data = (unsigned char *)dataBuf; | 2355 digest.data = (unsigned char *)dataBuf; |
| 2356 digest.len = dataLen; | 2356 digest.len = dataLen; |
| 2357 rv = DSA_SignDigest(&(key->u.dsa), &signature, &digest); | 2357 rv = DSA_SignDigest(&(key->u.dsa), &signature, &digest); |
| 2358 if (rv != SECSuccess && PORT_GetError() == SEC_ERROR_LIBRARY_FAILURE) { | 2358 if (rv != SECSuccess && PORT_GetError() == SEC_ERROR_LIBRARY_FAILURE) { |
| 2359 sftk_fatalError = PR_TRUE; | 2359 sftk_fatalError = PR_TRUE; |
| 2360 } | 2360 } |
| 2361 *sigLen = signature.len; | 2361 *sigLen = signature.len; |
| 2362 return rv; | 2362 return rv; |
| 2363 } | 2363 } |
| 2364 | 2364 |
| 2365 #ifdef NSS_ENABLE_ECC | 2365 #ifndef NSS_DISABLE_ECC |
| 2366 static SECStatus | 2366 static SECStatus |
| 2367 nsc_ECDSAVerifyStub(void *ctx, void *sigBuf, unsigned int sigLen, | 2367 nsc_ECDSAVerifyStub(void *ctx, void *sigBuf, unsigned int sigLen, |
| 2368 void *dataBuf, unsigned int dataLen) | 2368 void *dataBuf, unsigned int dataLen) |
| 2369 { | 2369 { |
| 2370 SECItem signature, digest; | 2370 SECItem signature, digest; |
| 2371 NSSLOWKEYPublicKey *key = (NSSLOWKEYPublicKey *)ctx; | 2371 NSSLOWKEYPublicKey *key = (NSSLOWKEYPublicKey *)ctx; |
| 2372 | 2372 |
| 2373 signature.data = (unsigned char *)sigBuf; | 2373 signature.data = (unsigned char *)sigBuf; |
| 2374 signature.len = sigLen; | 2374 signature.len = sigLen; |
| 2375 digest.data = (unsigned char *)dataBuf; | 2375 digest.data = (unsigned char *)dataBuf; |
| (...skipping 14 matching lines...) Expand all Loading... |
| 2390 signature.len = maxSigLen; | 2390 signature.len = maxSigLen; |
| 2391 digest.data = (unsigned char *)dataBuf; | 2391 digest.data = (unsigned char *)dataBuf; |
| 2392 digest.len = dataLen; | 2392 digest.len = dataLen; |
| 2393 rv = ECDSA_SignDigest(&(key->u.ec), &signature, &digest); | 2393 rv = ECDSA_SignDigest(&(key->u.ec), &signature, &digest); |
| 2394 if (rv != SECSuccess && PORT_GetError() == SEC_ERROR_LIBRARY_FAILURE) { | 2394 if (rv != SECSuccess && PORT_GetError() == SEC_ERROR_LIBRARY_FAILURE) { |
| 2395 sftk_fatalError = PR_TRUE; | 2395 sftk_fatalError = PR_TRUE; |
| 2396 } | 2396 } |
| 2397 *sigLen = signature.len; | 2397 *sigLen = signature.len; |
| 2398 return rv; | 2398 return rv; |
| 2399 } | 2399 } |
| 2400 #endif /* NSS_ENABLE_ECC */ | 2400 #endif /* NSS_DISABLE_ECC */ |
| 2401 | 2401 |
| 2402 /* NSC_SignInit setups up the signing operations. There are three basic | 2402 /* NSC_SignInit setups up the signing operations. There are three basic |
| 2403 * types of signing: | 2403 * types of signing: |
| 2404 * (1) the tradition single part, where "Raw RSA" or "Raw DSA" is applied | 2404 * (1) the tradition single part, where "Raw RSA" or "Raw DSA" is applied |
| 2405 * to data in a single Sign operation (which often looks a lot like an | 2405 * to data in a single Sign operation (which often looks a lot like an |
| 2406 * encrypt, with data coming in and data going out). | 2406 * encrypt, with data coming in and data going out). |
| 2407 * (2) Hash based signing, where we continually hash the data, then apply | 2407 * (2) Hash based signing, where we continually hash the data, then apply |
| 2408 * some sort of signature to the end. | 2408 * some sort of signature to the end. |
| 2409 * (3) Block Encryption CBC MAC's, where the Data is encrypted with a key, | 2409 * (3) Block Encryption CBC MAC's, where the Data is encrypted with a key, |
| 2410 * and only the final block is part of the mac. | 2410 * and only the final block is part of the mac. |
| (...skipping 131 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2542 break; | 2542 break; |
| 2543 } | 2543 } |
| 2544 context->cipherInfo = privKey; | 2544 context->cipherInfo = privKey; |
| 2545 context->update = (SFTKCipher) nsc_DSA_Sign_Stub; | 2545 context->update = (SFTKCipher) nsc_DSA_Sign_Stub; |
| 2546 context->destroy = (privKey == key->objectInfo) ? | 2546 context->destroy = (privKey == key->objectInfo) ? |
| 2547 (SFTKDestroy) sftk_Null:(SFTKDestroy)sftk_FreePrivKey; | 2547 (SFTKDestroy) sftk_Null:(SFTKDestroy)sftk_FreePrivKey; |
| 2548 context->maxLen = DSA_MAX_SIGNATURE_LEN; | 2548 context->maxLen = DSA_MAX_SIGNATURE_LEN; |
| 2549 | 2549 |
| 2550 break; | 2550 break; |
| 2551 | 2551 |
| 2552 #ifdef NSS_ENABLE_ECC | 2552 #ifndef NSS_DISABLE_ECC |
| 2553 case CKM_ECDSA_SHA1: | 2553 case CKM_ECDSA_SHA1: |
| 2554 context->multi = PR_TRUE; | 2554 context->multi = PR_TRUE; |
| 2555 crv = sftk_doSubSHA1(context); | 2555 crv = sftk_doSubSHA1(context); |
| 2556 if (crv != CKR_OK) break; | 2556 if (crv != CKR_OK) break; |
| 2557 /* fall through */ | 2557 /* fall through */ |
| 2558 case CKM_ECDSA: | 2558 case CKM_ECDSA: |
| 2559 if (key_type != CKK_EC) { | 2559 if (key_type != CKK_EC) { |
| 2560 crv = CKR_KEY_TYPE_INCONSISTENT; | 2560 crv = CKR_KEY_TYPE_INCONSISTENT; |
| 2561 break; | 2561 break; |
| 2562 } | 2562 } |
| 2563 privKey = sftk_GetPrivKey(key,CKK_EC,&crv); | 2563 privKey = sftk_GetPrivKey(key,CKK_EC,&crv); |
| 2564 if (privKey == NULL) { | 2564 if (privKey == NULL) { |
| 2565 crv = CKR_HOST_MEMORY; | 2565 crv = CKR_HOST_MEMORY; |
| 2566 break; | 2566 break; |
| 2567 } | 2567 } |
| 2568 context->cipherInfo = privKey; | 2568 context->cipherInfo = privKey; |
| 2569 context->update = (SFTKCipher) nsc_ECDSASignStub; | 2569 context->update = (SFTKCipher) nsc_ECDSASignStub; |
| 2570 context->destroy = (privKey == key->objectInfo) ? | 2570 context->destroy = (privKey == key->objectInfo) ? |
| 2571 (SFTKDestroy) sftk_Null:(SFTKDestroy)sftk_FreePrivKey; | 2571 (SFTKDestroy) sftk_Null:(SFTKDestroy)sftk_FreePrivKey; |
| 2572 context->maxLen = MAX_ECKEY_LEN * 2; | 2572 context->maxLen = MAX_ECKEY_LEN * 2; |
| 2573 | 2573 |
| 2574 break; | 2574 break; |
| 2575 #endif /* NSS_ENABLE_ECC */ | 2575 #endif /* NSS_DISABLE_ECC */ |
| 2576 | 2576 |
| 2577 #define INIT_HMAC_MECH(mmm) \ | 2577 #define INIT_HMAC_MECH(mmm) \ |
| 2578 case CKM_ ## mmm ## _HMAC_GENERAL: \ | 2578 case CKM_ ## mmm ## _HMAC_GENERAL: \ |
| 2579 crv = sftk_doHMACInit(context, HASH_Alg ## mmm ,key, \ | 2579 crv = sftk_doHMACInit(context, HASH_Alg ## mmm ,key, \ |
| 2580 *(CK_ULONG *)pMechanism->pParameter); \ | 2580 *(CK_ULONG *)pMechanism->pParameter); \ |
| 2581 break; \ | 2581 break; \ |
| 2582 case CKM_ ## mmm ## _HMAC: \ | 2582 case CKM_ ## mmm ## _HMAC: \ |
| 2583 crv = sftk_doHMACInit(context, HASH_Alg ## mmm ,key, mmm ## _LENGTH); \ | 2583 crv = sftk_doHMACInit(context, HASH_Alg ## mmm ,key, mmm ## _LENGTH); \ |
| 2584 break; | 2584 break; |
| 2585 | 2585 |
| (...skipping 587 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3173 break; | 3173 break; |
| 3174 } | 3174 } |
| 3175 pubKey = sftk_GetPubKey(key,CKK_DSA,&crv); | 3175 pubKey = sftk_GetPubKey(key,CKK_DSA,&crv); |
| 3176 if (pubKey == NULL) { | 3176 if (pubKey == NULL) { |
| 3177 break; | 3177 break; |
| 3178 } | 3178 } |
| 3179 context->cipherInfo = pubKey; | 3179 context->cipherInfo = pubKey; |
| 3180 context->verify = (SFTKVerify) nsc_DSA_Verify_Stub; | 3180 context->verify = (SFTKVerify) nsc_DSA_Verify_Stub; |
| 3181 context->destroy = sftk_Null; | 3181 context->destroy = sftk_Null; |
| 3182 break; | 3182 break; |
| 3183 #ifdef NSS_ENABLE_ECC | 3183 #ifndef NSS_DISABLE_ECC |
| 3184 case CKM_ECDSA_SHA1: | 3184 case CKM_ECDSA_SHA1: |
| 3185 context->multi = PR_TRUE; | 3185 context->multi = PR_TRUE; |
| 3186 crv = sftk_doSubSHA1(context); | 3186 crv = sftk_doSubSHA1(context); |
| 3187 if (crv != CKR_OK) break; | 3187 if (crv != CKR_OK) break; |
| 3188 /* fall through */ | 3188 /* fall through */ |
| 3189 case CKM_ECDSA: | 3189 case CKM_ECDSA: |
| 3190 if (key_type != CKK_EC) { | 3190 if (key_type != CKK_EC) { |
| 3191 crv = CKR_KEY_TYPE_INCONSISTENT; | 3191 crv = CKR_KEY_TYPE_INCONSISTENT; |
| 3192 break; | 3192 break; |
| 3193 } | 3193 } |
| 3194 pubKey = sftk_GetPubKey(key,CKK_EC,&crv); | 3194 pubKey = sftk_GetPubKey(key,CKK_EC,&crv); |
| 3195 if (pubKey == NULL) { | 3195 if (pubKey == NULL) { |
| 3196 crv = CKR_HOST_MEMORY; | 3196 crv = CKR_HOST_MEMORY; |
| 3197 break; | 3197 break; |
| 3198 } | 3198 } |
| 3199 context->cipherInfo = pubKey; | 3199 context->cipherInfo = pubKey; |
| 3200 context->verify = (SFTKVerify) nsc_ECDSAVerifyStub; | 3200 context->verify = (SFTKVerify) nsc_ECDSAVerifyStub; |
| 3201 context->destroy = sftk_Null; | 3201 context->destroy = sftk_Null; |
| 3202 break; | 3202 break; |
| 3203 #endif /* NSS_ENABLE_ECC */ | 3203 #endif /* NSS_DISABLE_ECC */ |
| 3204 | 3204 |
| 3205 INIT_HMAC_MECH(MD2) | 3205 INIT_HMAC_MECH(MD2) |
| 3206 INIT_HMAC_MECH(MD5) | 3206 INIT_HMAC_MECH(MD5) |
| 3207 INIT_HMAC_MECH(SHA224) | 3207 INIT_HMAC_MECH(SHA224) |
| 3208 INIT_HMAC_MECH(SHA256) | 3208 INIT_HMAC_MECH(SHA256) |
| 3209 INIT_HMAC_MECH(SHA384) | 3209 INIT_HMAC_MECH(SHA384) |
| 3210 INIT_HMAC_MECH(SHA512) | 3210 INIT_HMAC_MECH(SHA512) |
| 3211 | 3211 |
| 3212 case CKM_SHA_1_HMAC_GENERAL: | 3212 case CKM_SHA_1_HMAC_GENERAL: |
| 3213 crv = sftk_doHMACInit(context,HASH_AlgSHA1,key, | 3213 crv = sftk_doHMACInit(context,HASH_AlgSHA1,key, |
| (...skipping 1113 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 4327 switch (keyType) { | 4327 switch (keyType) { |
| 4328 case CKK_RSA: | 4328 case CKK_RSA: |
| 4329 signature_length = modulusLen; | 4329 signature_length = modulusLen; |
| 4330 mech.mechanism = CKM_RSA_PKCS; | 4330 mech.mechanism = CKM_RSA_PKCS; |
| 4331 break; | 4331 break; |
| 4332 case CKK_DSA: | 4332 case CKK_DSA: |
| 4333 signature_length = DSA_MAX_SIGNATURE_LEN; | 4333 signature_length = DSA_MAX_SIGNATURE_LEN; |
| 4334 pairwise_digest_length = subPrimeLen; | 4334 pairwise_digest_length = subPrimeLen; |
| 4335 mech.mechanism = CKM_DSA; | 4335 mech.mechanism = CKM_DSA; |
| 4336 break; | 4336 break; |
| 4337 #ifdef NSS_ENABLE_ECC | 4337 #ifndef NSS_DISABLE_ECC |
| 4338 case CKK_EC: | 4338 case CKK_EC: |
| 4339 signature_length = MAX_ECKEY_LEN * 2; | 4339 signature_length = MAX_ECKEY_LEN * 2; |
| 4340 mech.mechanism = CKM_ECDSA; | 4340 mech.mechanism = CKM_ECDSA; |
| 4341 break; | 4341 break; |
| 4342 #endif | 4342 #endif |
| 4343 default: | 4343 default: |
| 4344 return CKR_DEVICE_ERROR; | 4344 return CKR_DEVICE_ERROR; |
| 4345 } | 4345 } |
| 4346 | 4346 |
| 4347 /* Allocate space for signature data. */ | 4347 /* Allocate space for signature data. */ |
| (...skipping 102 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 4450 | 4450 |
| 4451 /* DSA */ | 4451 /* DSA */ |
| 4452 PQGParams pqgParam; | 4452 PQGParams pqgParam; |
| 4453 DHParams dhParam; | 4453 DHParams dhParam; |
| 4454 DSAPrivateKey * dsaPriv; | 4454 DSAPrivateKey * dsaPriv; |
| 4455 | 4455 |
| 4456 /* Diffie Hellman */ | 4456 /* Diffie Hellman */ |
| 4457 int private_value_bits = 0; | 4457 int private_value_bits = 0; |
| 4458 DHPrivateKey * dhPriv; | 4458 DHPrivateKey * dhPriv; |
| 4459 | 4459 |
| 4460 #ifdef NSS_ENABLE_ECC | 4460 #ifndef NSS_DISABLE_ECC |
| 4461 /* Elliptic Curve Cryptography */ | 4461 /* Elliptic Curve Cryptography */ |
| 4462 SECItem ecEncodedParams; /* DER Encoded parameters */ | 4462 SECItem ecEncodedParams; /* DER Encoded parameters */ |
| 4463 ECPrivateKey * ecPriv; | 4463 ECPrivateKey * ecPriv; |
| 4464 ECParams * ecParams; | 4464 ECParams * ecParams; |
| 4465 #endif /* NSS_ENABLE_ECC */ | 4465 #endif /* NSS_DISABLE_ECC */ |
| 4466 | 4466 |
| 4467 CHECK_FORK(); | 4467 CHECK_FORK(); |
| 4468 | 4468 |
| 4469 if (!slot) { | 4469 if (!slot) { |
| 4470 return CKR_SESSION_HANDLE_INVALID; | 4470 return CKR_SESSION_HANDLE_INVALID; |
| 4471 } | 4471 } |
| 4472 /* | 4472 /* |
| 4473 * now lets create an object to hang the attributes off of | 4473 * now lets create an object to hang the attributes off of |
| 4474 */ | 4474 */ |
| 4475 publicKey = sftk_NewObject(slot); /* fill in the handle later */ | 4475 publicKey = sftk_NewObject(slot); /* fill in the handle later */ |
| (...skipping 309 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 4785 if (crv != CKR_OK) goto dhgn_done; | 4785 if (crv != CKR_OK) goto dhgn_done; |
| 4786 | 4786 |
| 4787 crv=sftk_AddAttributeType(privateKey, CKA_VALUE, | 4787 crv=sftk_AddAttributeType(privateKey, CKA_VALUE, |
| 4788 sftk_item_expand(&dhPriv->privateValue)); | 4788 sftk_item_expand(&dhPriv->privateValue)); |
| 4789 | 4789 |
| 4790 dhgn_done: | 4790 dhgn_done: |
| 4791 /* should zeroize, since this function doesn't. */ | 4791 /* should zeroize, since this function doesn't. */ |
| 4792 PORT_FreeArena(dhPriv->arena, PR_TRUE); | 4792 PORT_FreeArena(dhPriv->arena, PR_TRUE); |
| 4793 break; | 4793 break; |
| 4794 | 4794 |
| 4795 #ifdef NSS_ENABLE_ECC | 4795 #ifndef NSS_DISABLE_ECC |
| 4796 case CKM_EC_KEY_PAIR_GEN: | 4796 case CKM_EC_KEY_PAIR_GEN: |
| 4797 sftk_DeleteAttributeType(privateKey,CKA_EC_PARAMS); | 4797 sftk_DeleteAttributeType(privateKey,CKA_EC_PARAMS); |
| 4798 sftk_DeleteAttributeType(privateKey,CKA_VALUE); | 4798 sftk_DeleteAttributeType(privateKey,CKA_VALUE); |
| 4799 sftk_DeleteAttributeType(privateKey,CKA_NETSCAPE_DB); | 4799 sftk_DeleteAttributeType(privateKey,CKA_NETSCAPE_DB); |
| 4800 key_type = CKK_EC; | 4800 key_type = CKK_EC; |
| 4801 | 4801 |
| 4802 /* extract the necessary parameters and copy them to private keys */ | 4802 /* extract the necessary parameters and copy them to private keys */ |
| 4803 crv = sftk_Attribute2SSecItem(NULL, &ecEncodedParams, publicKey, | 4803 crv = sftk_Attribute2SSecItem(NULL, &ecEncodedParams, publicKey, |
| 4804 CKA_EC_PARAMS); | 4804 CKA_EC_PARAMS); |
| 4805 if (crv != CKR_OK) break; | 4805 if (crv != CKR_OK) break; |
| (...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 4848 crv = sftk_AddAttributeType(privateKey, CKA_VALUE, | 4848 crv = sftk_AddAttributeType(privateKey, CKA_VALUE, |
| 4849 sftk_item_expand(&ecPriv->privateValue)); | 4849 sftk_item_expand(&ecPriv->privateValue)); |
| 4850 if (crv != CKR_OK) goto ecgn_done; | 4850 if (crv != CKR_OK) goto ecgn_done; |
| 4851 | 4851 |
| 4852 crv = sftk_AddAttributeType(privateKey,CKA_NETSCAPE_DB, | 4852 crv = sftk_AddAttributeType(privateKey,CKA_NETSCAPE_DB, |
| 4853 sftk_item_expand(&ecPriv->publicValue)); | 4853 sftk_item_expand(&ecPriv->publicValue)); |
| 4854 ecgn_done: | 4854 ecgn_done: |
| 4855 /* should zeroize, since this function doesn't. */ | 4855 /* should zeroize, since this function doesn't. */ |
| 4856 PORT_FreeArena(ecPriv->ecParams.arena, PR_TRUE); | 4856 PORT_FreeArena(ecPriv->ecParams.arena, PR_TRUE); |
| 4857 break; | 4857 break; |
| 4858 #endif /* NSS_ENABLE_ECC */ | 4858 #endif /* NSS_DISABLE_ECC */ |
| 4859 | 4859 |
| 4860 default: | 4860 default: |
| 4861 crv = CKR_MECHANISM_INVALID; | 4861 crv = CKR_MECHANISM_INVALID; |
| 4862 } | 4862 } |
| 4863 | 4863 |
| 4864 if (crv != CKR_OK) { | 4864 if (crv != CKR_OK) { |
| 4865 sftk_FreeObject(privateKey); | 4865 sftk_FreeObject(privateKey); |
| 4866 sftk_FreeObject(publicKey); | 4866 sftk_FreeObject(publicKey); |
| 4867 return crv; | 4867 return crv; |
| 4868 } | 4868 } |
| (...skipping 99 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 4968 static SECItem *sftk_PackagePrivateKey(SFTKObject *key, CK_RV *crvp) | 4968 static SECItem *sftk_PackagePrivateKey(SFTKObject *key, CK_RV *crvp) |
| 4969 { | 4969 { |
| 4970 NSSLOWKEYPrivateKey *lk = NULL; | 4970 NSSLOWKEYPrivateKey *lk = NULL; |
| 4971 NSSLOWKEYPrivateKeyInfo *pki = NULL; | 4971 NSSLOWKEYPrivateKeyInfo *pki = NULL; |
| 4972 SFTKAttribute *attribute = NULL; | 4972 SFTKAttribute *attribute = NULL; |
| 4973 PLArenaPool *arena = NULL; | 4973 PLArenaPool *arena = NULL; |
| 4974 SECOidTag algorithm = SEC_OID_UNKNOWN; | 4974 SECOidTag algorithm = SEC_OID_UNKNOWN; |
| 4975 void *dummy, *param = NULL; | 4975 void *dummy, *param = NULL; |
| 4976 SECStatus rv = SECSuccess; | 4976 SECStatus rv = SECSuccess; |
| 4977 SECItem *encodedKey = NULL; | 4977 SECItem *encodedKey = NULL; |
| 4978 #ifdef NSS_ENABLE_ECC | 4978 #ifndef NSS_DISABLE_ECC |
| 4979 SECItem *fordebug; | 4979 SECItem *fordebug; |
| 4980 int savelen; | 4980 int savelen; |
| 4981 #endif | 4981 #endif |
| 4982 | 4982 |
| 4983 if(!key) { | 4983 if(!key) { |
| 4984 *crvp = CKR_KEY_HANDLE_INVALID; /* really can't happen */ | 4984 *crvp = CKR_KEY_HANDLE_INVALID; /* really can't happen */ |
| 4985 return NULL; | 4985 return NULL; |
| 4986 } | 4986 } |
| 4987 | 4987 |
| 4988 attribute = sftk_FindAttribute(key, CKA_KEY_TYPE); | 4988 attribute = sftk_FindAttribute(key, CKA_KEY_TYPE); |
| (...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 5023 break; | 5023 break; |
| 5024 case NSSLOWKEYDSAKey: | 5024 case NSSLOWKEYDSAKey: |
| 5025 prepare_low_dsa_priv_key_export_for_asn1(lk); | 5025 prepare_low_dsa_priv_key_export_for_asn1(lk); |
| 5026 dummy = SEC_ASN1EncodeItem(arena, &pki->privateKey, lk, | 5026 dummy = SEC_ASN1EncodeItem(arena, &pki->privateKey, lk, |
| 5027 nsslowkey_DSAPrivateKeyExportTemplate); | 5027 nsslowkey_DSAPrivateKeyExportTemplate); |
| 5028 prepare_low_pqg_params_for_asn1(&lk->u.dsa.params); | 5028 prepare_low_pqg_params_for_asn1(&lk->u.dsa.params); |
| 5029 param = SEC_ASN1EncodeItem(NULL, NULL, &(lk->u.dsa.params), | 5029 param = SEC_ASN1EncodeItem(NULL, NULL, &(lk->u.dsa.params), |
| 5030 nsslowkey_PQGParamsTemplate); | 5030 nsslowkey_PQGParamsTemplate); |
| 5031 algorithm = SEC_OID_ANSIX9_DSA_SIGNATURE; | 5031 algorithm = SEC_OID_ANSIX9_DSA_SIGNATURE; |
| 5032 break; | 5032 break; |
| 5033 #ifdef NSS_ENABLE_ECC» | 5033 #ifndef NSS_DISABLE_ECC |
| 5034 case NSSLOWKEYECKey: | 5034 case NSSLOWKEYECKey: |
| 5035 prepare_low_ec_priv_key_for_asn1(lk); | 5035 prepare_low_ec_priv_key_for_asn1(lk); |
| 5036 /* Public value is encoded as a bit string so adjust length | 5036 /* Public value is encoded as a bit string so adjust length |
| 5037 * to be in bits before ASN encoding and readjust | 5037 * to be in bits before ASN encoding and readjust |
| 5038 * immediately after. | 5038 * immediately after. |
| 5039 * | 5039 * |
| 5040 * Since the SECG specification recommends not including the | 5040 * Since the SECG specification recommends not including the |
| 5041 * parameters as part of ECPrivateKey, we zero out the curveOID | 5041 * parameters as part of ECPrivateKey, we zero out the curveOID |
| 5042 * length before encoding and restore it later. | 5042 * length before encoding and restore it later. |
| 5043 */ | 5043 */ |
| 5044 lk->u.ec.publicValue.len <<= 3; | 5044 lk->u.ec.publicValue.len <<= 3; |
| 5045 savelen = lk->u.ec.ecParams.curveOID.len; | 5045 savelen = lk->u.ec.ecParams.curveOID.len; |
| 5046 lk->u.ec.ecParams.curveOID.len = 0; | 5046 lk->u.ec.ecParams.curveOID.len = 0; |
| 5047 dummy = SEC_ASN1EncodeItem(arena, &pki->privateKey, lk, | 5047 dummy = SEC_ASN1EncodeItem(arena, &pki->privateKey, lk, |
| 5048 nsslowkey_ECPrivateKeyTemplate); | 5048 nsslowkey_ECPrivateKeyTemplate); |
| 5049 lk->u.ec.ecParams.curveOID.len = savelen; | 5049 lk->u.ec.ecParams.curveOID.len = savelen; |
| 5050 lk->u.ec.publicValue.len >>= 3; | 5050 lk->u.ec.publicValue.len >>= 3; |
| 5051 | 5051 |
| 5052 fordebug = &pki->privateKey; | 5052 fordebug = &pki->privateKey; |
| 5053 SEC_PRINT("sftk_PackagePrivateKey()", "PrivateKey", lk->keyType, | 5053 SEC_PRINT("sftk_PackagePrivateKey()", "PrivateKey", lk->keyType, |
| 5054 fordebug); | 5054 fordebug); |
| 5055 | 5055 |
| 5056 param = SECITEM_DupItem(&lk->u.ec.ecParams.DEREncoding); | 5056 param = SECITEM_DupItem(&lk->u.ec.ecParams.DEREncoding); |
| 5057 | 5057 |
| 5058 algorithm = SEC_OID_ANSIX962_EC_PUBLIC_KEY; | 5058 algorithm = SEC_OID_ANSIX962_EC_PUBLIC_KEY; |
| 5059 break; | 5059 break; |
| 5060 #endif /* NSS_ENABLE_ECC */ | 5060 #endif /* NSS_DISABLE_ECC */ |
| 5061 case NSSLOWKEYDHKey: | 5061 case NSSLOWKEYDHKey: |
| 5062 default: | 5062 default: |
| 5063 dummy = NULL; | 5063 dummy = NULL; |
| 5064 break; | 5064 break; |
| 5065 } | 5065 } |
| 5066 | 5066 |
| 5067 if(!dummy || ((lk->keyType == NSSLOWKEYDSAKey) && !param)) { | 5067 if(!dummy || ((lk->keyType == NSSLOWKEYDSAKey) && !param)) { |
| 5068 *crvp = CKR_DEVICE_ERROR; /* should map NSS SECError */ | 5068 *crvp = CKR_DEVICE_ERROR; /* should map NSS SECError */ |
| 5069 rv = SECFailure; | 5069 rv = SECFailure; |
| 5070 goto loser; | 5070 goto loser; |
| (...skipping 12 matching lines...) Expand all Loading... |
| 5083 if(!dummy) { | 5083 if(!dummy) { |
| 5084 *crvp = CKR_DEVICE_ERROR; /* should map NSS SECError */ | 5084 *crvp = CKR_DEVICE_ERROR; /* should map NSS SECError */ |
| 5085 rv = SECFailure; | 5085 rv = SECFailure; |
| 5086 goto loser; | 5086 goto loser; |
| 5087 } | 5087 } |
| 5088 | 5088 |
| 5089 encodedKey = SEC_ASN1EncodeItem(NULL, NULL, pki, | 5089 encodedKey = SEC_ASN1EncodeItem(NULL, NULL, pki, |
| 5090 nsslowkey_PrivateKeyInfoTemplate); | 5090 nsslowkey_PrivateKeyInfoTemplate); |
| 5091 *crvp = encodedKey ? CKR_OK : CKR_DEVICE_ERROR; | 5091 *crvp = encodedKey ? CKR_OK : CKR_DEVICE_ERROR; |
| 5092 | 5092 |
| 5093 #ifdef NSS_ENABLE_ECC | 5093 #ifndef NSS_DISABLE_ECC |
| 5094 fordebug = encodedKey; | 5094 fordebug = encodedKey; |
| 5095 SEC_PRINT("sftk_PackagePrivateKey()", "PrivateKeyInfo", lk->keyType, | 5095 SEC_PRINT("sftk_PackagePrivateKey()", "PrivateKeyInfo", lk->keyType, |
| 5096 fordebug); | 5096 fordebug); |
| 5097 #endif | 5097 #endif |
| 5098 loser: | 5098 loser: |
| 5099 if(arena) { | 5099 if(arena) { |
| 5100 PORT_FreeArena(arena, PR_TRUE); | 5100 PORT_FreeArena(arena, PR_TRUE); |
| 5101 } | 5101 } |
| 5102 | 5102 |
| 5103 if(lk && (lk != key->objectInfo)) { | 5103 if(lk && (lk != key->objectInfo)) { |
| (...skipping 205 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 5309 break; | 5309 break; |
| 5310 case SEC_OID_ANSIX9_DSA_SIGNATURE: | 5310 case SEC_OID_ANSIX9_DSA_SIGNATURE: |
| 5311 keyTemplate = nsslowkey_DSAPrivateKeyExportTemplate; | 5311 keyTemplate = nsslowkey_DSAPrivateKeyExportTemplate; |
| 5312 paramTemplate = nsslowkey_PQGParamsTemplate; | 5312 paramTemplate = nsslowkey_PQGParamsTemplate; |
| 5313 paramDest = &(lpk->u.dsa.params); | 5313 paramDest = &(lpk->u.dsa.params); |
| 5314 lpk->keyType = NSSLOWKEYDSAKey; | 5314 lpk->keyType = NSSLOWKEYDSAKey; |
| 5315 prepare_low_dsa_priv_key_export_for_asn1(lpk); | 5315 prepare_low_dsa_priv_key_export_for_asn1(lpk); |
| 5316 prepare_low_pqg_params_for_asn1(&lpk->u.dsa.params); | 5316 prepare_low_pqg_params_for_asn1(&lpk->u.dsa.params); |
| 5317 break; | 5317 break; |
| 5318 /* case NSSLOWKEYDHKey: */ | 5318 /* case NSSLOWKEYDHKey: */ |
| 5319 #ifdef NSS_ENABLE_ECC | 5319 #ifndef NSS_DISABLE_ECC |
| 5320 case SEC_OID_ANSIX962_EC_PUBLIC_KEY: | 5320 case SEC_OID_ANSIX962_EC_PUBLIC_KEY: |
| 5321 keyTemplate = nsslowkey_ECPrivateKeyTemplate; | 5321 keyTemplate = nsslowkey_ECPrivateKeyTemplate; |
| 5322 paramTemplate = NULL; | 5322 paramTemplate = NULL; |
| 5323 paramDest = &(lpk->u.ec.ecParams.DEREncoding); | 5323 paramDest = &(lpk->u.ec.ecParams.DEREncoding); |
| 5324 lpk->keyType = NSSLOWKEYECKey; | 5324 lpk->keyType = NSSLOWKEYECKey; |
| 5325 prepare_low_ec_priv_key_for_asn1(lpk); | 5325 prepare_low_ec_priv_key_for_asn1(lpk); |
| 5326 prepare_low_ecparams_for_asn1(&lpk->u.ec.ecParams); | 5326 prepare_low_ecparams_for_asn1(&lpk->u.ec.ecParams); |
| 5327 break; | 5327 break; |
| 5328 #endif /* NSS_ENABLE_ECC */ | 5328 #endif /* NSS_DISABLE_ECC */ |
| 5329 default: | 5329 default: |
| 5330 keyTemplate = NULL; | 5330 keyTemplate = NULL; |
| 5331 paramTemplate = NULL; | 5331 paramTemplate = NULL; |
| 5332 paramDest = NULL; | 5332 paramDest = NULL; |
| 5333 break; | 5333 break; |
| 5334 } | 5334 } |
| 5335 | 5335 |
| 5336 if(!keyTemplate) { | 5336 if(!keyTemplate) { |
| 5337 goto loser; | 5337 goto loser; |
| 5338 } | 5338 } |
| 5339 | 5339 |
| 5340 /* decode the private key and any algorithm parameters */ | 5340 /* decode the private key and any algorithm parameters */ |
| 5341 rv = SEC_QuickDERDecodeItem(arena, lpk, keyTemplate, &pki->privateKey); | 5341 rv = SEC_QuickDERDecodeItem(arena, lpk, keyTemplate, &pki->privateKey); |
| 5342 | 5342 |
| 5343 #ifdef NSS_ENABLE_ECC | 5343 #ifndef NSS_DISABLE_ECC |
| 5344 if (lpk->keyType == NSSLOWKEYECKey) { | 5344 if (lpk->keyType == NSSLOWKEYECKey) { |
| 5345 /* convert length in bits to length in bytes */ | 5345 /* convert length in bits to length in bytes */ |
| 5346 lpk->u.ec.publicValue.len >>= 3; | 5346 lpk->u.ec.publicValue.len >>= 3; |
| 5347 rv = SECITEM_CopyItem(arena, | 5347 rv = SECITEM_CopyItem(arena, |
| 5348 &(lpk->u.ec.ecParams.DEREncoding), | 5348 &(lpk->u.ec.ecParams.DEREncoding), |
| 5349 &(pki->algorithm.parameters)); | 5349 &(pki->algorithm.parameters)); |
| 5350 if(rv != SECSuccess) { | 5350 if(rv != SECSuccess) { |
| 5351 goto loser; | 5351 goto loser; |
| 5352 } | 5352 } |
| 5353 } | 5353 } |
| 5354 #endif /* NSS_ENABLE_ECC */ | 5354 #endif /* NSS_DISABLE_ECC */ |
| 5355 | 5355 |
| 5356 if(rv != SECSuccess) { | 5356 if(rv != SECSuccess) { |
| 5357 goto loser; | 5357 goto loser; |
| 5358 } | 5358 } |
| 5359 if(paramDest && paramTemplate) { | 5359 if(paramDest && paramTemplate) { |
| 5360 rv = SEC_QuickDERDecodeItem(arena, paramDest, paramTemplate, | 5360 rv = SEC_QuickDERDecodeItem(arena, paramDest, paramTemplate, |
| 5361 &(pki->algorithm.parameters)); | 5361 &(pki->algorithm.parameters)); |
| 5362 if(rv != SECSuccess) { | 5362 if(rv != SECSuccess) { |
| 5363 goto loser; | 5363 goto loser; |
| 5364 } | 5364 } |
| (...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 5439 if(crv != CKR_OK) break; | 5439 if(crv != CKR_OK) break; |
| 5440 break; | 5440 break; |
| 5441 #ifdef notdef | 5441 #ifdef notdef |
| 5442 case NSSLOWKEYDHKey: | 5442 case NSSLOWKEYDHKey: |
| 5443 template = dhTemplate; | 5443 template = dhTemplate; |
| 5444 templateCount = sizeof(dhTemplate)/sizeof(CK_ATTRIBUTE); | 5444 templateCount = sizeof(dhTemplate)/sizeof(CK_ATTRIBUTE); |
| 5445 keyType = CKK_DH; | 5445 keyType = CKK_DH; |
| 5446 break; | 5446 break; |
| 5447 #endif | 5447 #endif |
| 5448 /* what about fortezza??? */ | 5448 /* what about fortezza??? */ |
| 5449 #ifdef NSS_ENABLE_ECC | 5449 #ifndef NSS_DISABLE_ECC |
| 5450 case NSSLOWKEYECKey: | 5450 case NSSLOWKEYECKey: |
| 5451 keyType = CKK_EC; | 5451 keyType = CKK_EC; |
| 5452 crv = (sftk_hasAttribute(key, CKA_NETSCAPE_DB)) ? CKR_OK : | 5452 crv = (sftk_hasAttribute(key, CKA_NETSCAPE_DB)) ? CKR_OK : |
| 5453 CKR_KEY_TYPE_INCONSISTENT; | 5453 CKR_KEY_TYPE_INCONSISTENT; |
| 5454 if(crv != CKR_OK) break; | 5454 if(crv != CKR_OK) break; |
| 5455 crv = sftk_AddAttributeType(key, CKA_KEY_TYPE, &keyType, | 5455 crv = sftk_AddAttributeType(key, CKA_KEY_TYPE, &keyType, |
| 5456 sizeof(keyType)); | 5456 sizeof(keyType)); |
| 5457 if(crv != CKR_OK) break; | 5457 if(crv != CKR_OK) break; |
| 5458 crv = sftk_AddAttributeType(key, CKA_SIGN, &cktrue, | 5458 crv = sftk_AddAttributeType(key, CKA_SIGN, &cktrue, |
| 5459 sizeof(CK_BBOOL)); | 5459 sizeof(CK_BBOOL)); |
| 5460 if(crv != CKR_OK) break; | 5460 if(crv != CKR_OK) break; |
| 5461 crv = sftk_AddAttributeType(key, CKA_SIGN_RECOVER, &cktrue, | 5461 crv = sftk_AddAttributeType(key, CKA_SIGN_RECOVER, &cktrue, |
| 5462 sizeof(CK_BBOOL)); | 5462 sizeof(CK_BBOOL)); |
| 5463 if(crv != CKR_OK) break; | 5463 if(crv != CKR_OK) break; |
| 5464 crv = sftk_AddAttributeType(key, CKA_DERIVE, &cktrue, | 5464 crv = sftk_AddAttributeType(key, CKA_DERIVE, &cktrue, |
| 5465 sizeof(CK_BBOOL)); | 5465 sizeof(CK_BBOOL)); |
| 5466 if(crv != CKR_OK) break; | 5466 if(crv != CKR_OK) break; |
| 5467 crv = sftk_AddAttributeType(key, CKA_EC_PARAMS, | 5467 crv = sftk_AddAttributeType(key, CKA_EC_PARAMS, |
| 5468 sftk_item_expand(&lpk->u.ec.ecParams.DEREncodin
g)); | 5468 sftk_item_expand(&lpk->u.ec.ecParams.DEREncodin
g)); |
| 5469 if(crv != CKR_OK) break; | 5469 if(crv != CKR_OK) break; |
| 5470 crv = sftk_AddAttributeType(key, CKA_VALUE, | 5470 crv = sftk_AddAttributeType(key, CKA_VALUE, |
| 5471 sftk_item_expand(&lpk->u.ec.privateValue)); | 5471 sftk_item_expand(&lpk->u.ec.privateValue)); |
| 5472 if(crv != CKR_OK) break; | 5472 if(crv != CKR_OK) break; |
| 5473 /* XXX Do we need to decode the EC Params here ?? */ | 5473 /* XXX Do we need to decode the EC Params here ?? */ |
| 5474 break; | 5474 break; |
| 5475 #endif /* NSS_ENABLE_ECC */ | 5475 #endif /* NSS_DISABLE_ECC */ |
| 5476 default: | 5476 default: |
| 5477 crv = CKR_KEY_TYPE_INCONSISTENT; | 5477 crv = CKR_KEY_TYPE_INCONSISTENT; |
| 5478 break; | 5478 break; |
| 5479 } | 5479 } |
| 5480 | 5480 |
| 5481 loser: | 5481 loser: |
| 5482 if(lpk) { | 5482 if(lpk) { |
| 5483 nsslowkey_DestroyPrivateKey(lpk); | 5483 nsslowkey_DestroyPrivateKey(lpk); |
| 5484 } | 5484 } |
| 5485 | 5485 |
| (...skipping 289 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 5775 return 16; | 5775 return 16; |
| 5776 case CKK_DES3: | 5776 case CKK_DES3: |
| 5777 return 24; | 5777 return 24; |
| 5778 /* IDEA and CAST need to be added */ | 5778 /* IDEA and CAST need to be added */ |
| 5779 default: | 5779 default: |
| 5780 break; | 5780 break; |
| 5781 } | 5781 } |
| 5782 return 0; | 5782 return 0; |
| 5783 } | 5783 } |
| 5784 | 5784 |
| 5785 #ifdef NSS_ENABLE_ECC | 5785 #ifndef NSS_DISABLE_ECC |
| 5786 /* Inputs: | 5786 /* Inputs: |
| 5787 * key_len: Length of derived key to be generated. | 5787 * key_len: Length of derived key to be generated. |
| 5788 * SharedSecret: a shared secret that is the output of a key agreement primitiv
e. | 5788 * SharedSecret: a shared secret that is the output of a key agreement primitiv
e. |
| 5789 * SharedInfo: (Optional) some data shared by the entities computing the secret
key. | 5789 * SharedInfo: (Optional) some data shared by the entities computing the secret
key. |
| 5790 * SharedInfoLen: the length in octets of SharedInfo | 5790 * SharedInfoLen: the length in octets of SharedInfo |
| 5791 * Hash: The hash function to be used in the KDF | 5791 * Hash: The hash function to be used in the KDF |
| 5792 * HashLen: the length in octets of the output of Hash | 5792 * HashLen: the length in octets of the output of Hash |
| 5793 * Output: | 5793 * Output: |
| 5794 * key: Pointer to a buffer containing derived key, if return value is SECSucce
ss. | 5794 * key: Pointer to a buffer containing derived key, if return value is SECSucce
ss. |
| 5795 */ | 5795 */ |
| (...skipping 90 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 5886 SharedInfoLen, SHA256_HashBuf, SHA256_LENGTH); | 5886 SharedInfoLen, SHA256_HashBuf, SHA256_LENGTH); |
| 5887 else if (kdf == CKD_SHA384_KDF) | 5887 else if (kdf == CKD_SHA384_KDF) |
| 5888 return sftk_compute_ANSI_X9_63_kdf(key, key_len, SharedSecret, SharedInf
o, | 5888 return sftk_compute_ANSI_X9_63_kdf(key, key_len, SharedSecret, SharedInf
o, |
| 5889 SharedInfoLen, SHA384_HashBuf, SHA384_LENGTH); | 5889 SharedInfoLen, SHA384_HashBuf, SHA384_LENGTH); |
| 5890 else if (kdf == CKD_SHA512_KDF) | 5890 else if (kdf == CKD_SHA512_KDF) |
| 5891 return sftk_compute_ANSI_X9_63_kdf(key, key_len, SharedSecret, SharedInf
o, | 5891 return sftk_compute_ANSI_X9_63_kdf(key, key_len, SharedSecret, SharedInf
o, |
| 5892 SharedInfoLen, SHA512_HashBuf, SHA512_LENGTH); | 5892 SharedInfoLen, SHA512_HashBuf, SHA512_LENGTH); |
| 5893 else | 5893 else |
| 5894 return CKR_MECHANISM_INVALID; | 5894 return CKR_MECHANISM_INVALID; |
| 5895 } | 5895 } |
| 5896 #endif | 5896 #endif /* NSS_DISABLE_ECC */ |
| 5897 | 5897 |
| 5898 /* | 5898 /* |
| 5899 * SSL Key generation given pre master secret | 5899 * SSL Key generation given pre master secret |
| 5900 */ | 5900 */ |
| 5901 #define NUM_MIXERS 9 | 5901 #define NUM_MIXERS 9 |
| 5902 static const char * const mixers[NUM_MIXERS] = { | 5902 static const char * const mixers[NUM_MIXERS] = { |
| 5903 "A", | 5903 "A", |
| 5904 "BB", | 5904 "BB", |
| 5905 "CCC", | 5905 "CCC", |
| 5906 "DDDD", | 5906 "DDDD", |
| (...skipping 925 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 6832 | 6832 |
| 6833 if (rv == SECSuccess) { | 6833 if (rv == SECSuccess) { |
| 6834 sftk_forceAttribute(key, CKA_VALUE, derived.data, derived.len); | 6834 sftk_forceAttribute(key, CKA_VALUE, derived.data, derived.len); |
| 6835 PORT_ZFree(derived.data, derived.len); | 6835 PORT_ZFree(derived.data, derived.len); |
| 6836 } else | 6836 } else |
| 6837 crv = CKR_HOST_MEMORY; | 6837 crv = CKR_HOST_MEMORY; |
| 6838 | 6838 |
| 6839 break; | 6839 break; |
| 6840 } | 6840 } |
| 6841 | 6841 |
| 6842 #ifdef NSS_ENABLE_ECC | 6842 #ifndef NSS_DISABLE_ECC |
| 6843 case CKM_ECDH1_DERIVE: | 6843 case CKM_ECDH1_DERIVE: |
| 6844 case CKM_ECDH1_COFACTOR_DERIVE: | 6844 case CKM_ECDH1_COFACTOR_DERIVE: |
| 6845 { | 6845 { |
| 6846 SECItem ecScalar, ecPoint; | 6846 SECItem ecScalar, ecPoint; |
| 6847 SECItem tmp; | 6847 SECItem tmp; |
| 6848 PRBool withCofactor = PR_FALSE; | 6848 PRBool withCofactor = PR_FALSE; |
| 6849 unsigned char *secret; | 6849 unsigned char *secret; |
| 6850 unsigned char *keyData = NULL; | 6850 unsigned char *keyData = NULL; |
| 6851 int secretlen, curveLen, pubKeyLen; | 6851 int secretlen, curveLen, pubKeyLen; |
| 6852 CK_ECDH1_DERIVE_PARAMS *mechParams; | 6852 CK_ECDH1_DERIVE_PARAMS *mechParams; |
| (...skipping 137 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 6990 crv = CKR_ARGUMENTS_BAD; | 6990 crv = CKR_ARGUMENTS_BAD; |
| 6991 PORT_Free(ecScalar.data); | 6991 PORT_Free(ecScalar.data); |
| 6992 if (privKey != sourceKey->objectInfo) | 6992 if (privKey != sourceKey->objectInfo) |
| 6993 nsslowkey_DestroyPrivateKey(privKey); | 6993 nsslowkey_DestroyPrivateKey(privKey); |
| 6994 if (arena) { | 6994 if (arena) { |
| 6995 PORT_FreeArena(arena, PR_FALSE); | 6995 PORT_FreeArena(arena, PR_FALSE); |
| 6996 } | 6996 } |
| 6997 break; | 6997 break; |
| 6998 | 6998 |
| 6999 } | 6999 } |
| 7000 #endif /* NSS_ENABLE_ECC */ | 7000 #endif /* NSS_DISABLE_ECC */ |
| 7001 | 7001 |
| 7002 /* See RFC 5869 and CK_NSS_HKDFParams for documentation. */ | 7002 /* See RFC 5869 and CK_NSS_HKDFParams for documentation. */ |
| 7003 case CKM_NSS_HKDF_SHA1: hashType = HASH_AlgSHA1; goto hkdf; | 7003 case CKM_NSS_HKDF_SHA1: hashType = HASH_AlgSHA1; goto hkdf; |
| 7004 case CKM_NSS_HKDF_SHA256: hashType = HASH_AlgSHA256; goto hkdf; | 7004 case CKM_NSS_HKDF_SHA256: hashType = HASH_AlgSHA256; goto hkdf; |
| 7005 case CKM_NSS_HKDF_SHA384: hashType = HASH_AlgSHA384; goto hkdf; | 7005 case CKM_NSS_HKDF_SHA384: hashType = HASH_AlgSHA384; goto hkdf; |
| 7006 case CKM_NSS_HKDF_SHA512: hashType = HASH_AlgSHA512; goto hkdf; | 7006 case CKM_NSS_HKDF_SHA512: hashType = HASH_AlgSHA512; goto hkdf; |
| 7007 hkdf: { | 7007 hkdf: { |
| 7008 const CK_NSS_HKDFParams * params = | 7008 const CK_NSS_HKDFParams * params = |
| 7009 (const CK_NSS_HKDFParams *) pMechanism->pParameter; | 7009 (const CK_NSS_HKDFParams *) pMechanism->pParameter; |
| 7010 const SECHashObject * rawHash; | 7010 const SECHashObject * rawHash; |
| (...skipping 398 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 7409 att = sftk_FindAttribute(key,CKA_VALUE); | 7409 att = sftk_FindAttribute(key,CKA_VALUE); |
| 7410 sftk_FreeObject(key); | 7410 sftk_FreeObject(key); |
| 7411 if (!att) { | 7411 if (!att) { |
| 7412 return CKR_KEY_HANDLE_INVALID; | 7412 return CKR_KEY_HANDLE_INVALID; |
| 7413 } | 7413 } |
| 7414 crv = NSC_DigestUpdate(hSession,(CK_BYTE_PTR)att->attrib.pValue, | 7414 crv = NSC_DigestUpdate(hSession,(CK_BYTE_PTR)att->attrib.pValue, |
| 7415 att->attrib.ulValueLen); | 7415 att->attrib.ulValueLen); |
| 7416 sftk_FreeAttribute(att); | 7416 sftk_FreeAttribute(att); |
| 7417 return crv; | 7417 return crv; |
| 7418 } | 7418 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 195763027:
Update NSS to NSS_3_16_RC0. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/