OLD | NEW |
---|---|
1 | 1 |
2 /* This Source Code Form is subject to the terms of the Mozilla Public | 2 /* This Source Code Form is subject to the terms of the Mozilla Public |
3 * License, v. 2.0. If a copy of the MPL was not distributed with this | 3 * License, v. 2.0. If a copy of the MPL was not distributed with this |
4 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 4 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
5 /* | 5 /* |
6 * This file PKCS #12 fuctions that should really be moved to the | 6 * This file PKCS #12 fuctions that should really be moved to the |
7 * PKCS #12 directory, however we can't do that in a point release | 7 * PKCS #12 directory, however we can't do that in a point release |
8 * because that will break binary compatibility, so we keep them here for now. | 8 * because that will break binary compatibility, so we keep them here for now. |
9 */ | 9 */ |
10 | 10 |
11 #include "seccomon.h" | 11 #include "seccomon.h" |
12 #include "secmod.h" | 12 #include "secmod.h" |
13 #include "secmodi.h" | 13 #include "secmodi.h" |
14 #include "pkcs11.h" | 14 #include "pkcs11.h" |
15 #include "pk11func.h" | 15 #include "pk11func.h" |
16 #include "secitem.h" | 16 #include "secitem.h" |
17 #include "key.h" | 17 #include "key.h" |
18 #include "secoid.h" | 18 #include "secoid.h" |
19 #include "secasn1.h" | 19 #include "secasn1.h" |
20 #include "secerr.h" | 20 #include "secerr.h" |
21 #include "prerror.h" | |
eroman
2014/03/20 00:12:04
is there an expected ordering to headers?
wtc
2014/03/22 01:08:00
No. Some NSS headers, like the Unix system headers
| |
21 | 22 |
22 | 23 |
23 | 24 |
24 /* These data structures should move to a common .h file shared between the | 25 /* These data structures should move to a common .h file shared between the |
25 * wrappers and the pkcs 12 code. */ | 26 * wrappers and the pkcs 12 code. */ |
26 | 27 |
27 /* | 28 /* |
28 ** RSA Raw Private Key structures | 29 ** RSA Raw Private Key structures |
29 */ | 30 */ |
30 | 31 |
(...skipping 478 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
509 SECStatus | 510 SECStatus |
510 PK11_ImportPrivateKeyInfo(PK11SlotInfo *slot, SECKEYPrivateKeyInfo *pki, | 511 PK11_ImportPrivateKeyInfo(PK11SlotInfo *slot, SECKEYPrivateKeyInfo *pki, |
511 SECItem *nickname, SECItem *publicValue, PRBool isPerm, | 512 SECItem *nickname, SECItem *publicValue, PRBool isPerm, |
512 PRBool isPrivate, unsigned int keyUsage, void *wincx) | 513 PRBool isPrivate, unsigned int keyUsage, void *wincx) |
513 { | 514 { |
514 return PK11_ImportPrivateKeyInfoAndReturnKey(slot, pki, nickname, | 515 return PK11_ImportPrivateKeyInfoAndReturnKey(slot, pki, nickname, |
515 publicValue, isPerm, isPrivate, keyUsage, NULL, wincx); | 516 publicValue, isPerm, isPrivate, keyUsage, NULL, wincx); |
516 | 517 |
517 } | 518 } |
518 | 519 |
520 SECItem * | |
521 PK11_ExportDERPrivateKeyInfo(SECKEYPrivateKey *pk, void *wincx) | |
522 { | |
523 SECKEYPrivateKeyInfo *pki = PK11_ExportPrivKeyInfo(pk, wincx); | |
524 SECItem *derPKI; | |
525 derPKI = SEC_ASN1EncodeItem(NULL, NULL, pki, | |
526 SECKEY_PrivateKeyInfoTemplate); | |
527 SECKEY_DestroyPrivateKeyInfo(pki, PR_TRUE); | |
528 return derPKI; | |
529 } | |
530 | |
531 static PRBool | |
532 ReadAttribute(SECKEYPrivateKey* key, CK_ATTRIBUTE_TYPE type, | |
533 PLArenaPool* arena, SECItem* output) | |
534 { | |
535 SECStatus rv = PK11_ReadAttribute(key->pkcs11Slot, key->pkcs11ID, type, | |
536 arena, output); | |
537 return rv == SECSuccess; | |
538 } | |
539 | |
540 SECKEYPrivateKeyInfo * | |
541 PK11_ExportPrivKeyInfo(SECKEYPrivateKey *pk, void *wincx) | |
542 { | |
543 /* PrivateKeyInfo version (always zero) */ | |
544 static const unsigned char pkiVersion = 0; | |
545 /* RSAPrivateKey version (always zero) */ | |
546 static const unsigned char rsaVersion = 0; | |
547 PLArenaPool *arena; | |
548 SECKEYRawPrivateKey *rawKey; | |
549 SECKEYPrivateKeyInfo *pki; | |
550 SECItem *encoded; | |
551 SECStatus rv; | |
552 | |
553 if (pk->keyType != rsaKey) { | |
554 PORT_SetError(PR_NOT_IMPLEMENTED_ERROR); | |
555 return NULL; | |
556 } | |
557 | |
558 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); | |
559 rawKey = PORT_ArenaZNew(arena, SECKEYRawPrivateKey); | |
eroman
2014/03/20 00:12:04
why allocate rawKey using arena rather than stack?
Ryan Sleevi
2014/03/20 01:24:27
More importantly, this strikes me as a bit inconsi
wtc
2014/03/22 01:08:00
I may have copied this code from some other functi
| |
560 rawKey->keyType = pk->keyType; | |
561 rawKey->u.rsa.version.type = siUnsignedInteger; | |
562 rawKey->u.rsa.version.data = &rsaVersion; | |
563 rawKey->u.rsa.version.len = 1; | |
564 | |
565 /* Read the component attributes of the private key */ | |
566 prepare_rsa_priv_key_export_for_asn1(rawKey); | |
eroman
2014/03/20 00:12:04
What guarantees does PK11_ReadAttribute give? I wo
wtc
2014/03/22 01:08:00
PK11_ReadAttribute doesn't modify the SECItem's ty
| |
567 if (!ReadAttribute(pk, CKA_MODULUS, arena, &rawKey->u.rsa.modulus) || | |
568 !ReadAttribute(pk, CKA_PUBLIC_EXPONENT, arena, | |
569 &rawKey->u.rsa.publicExponent) || | |
570 !ReadAttribute(pk, CKA_PRIVATE_EXPONENT, arena, | |
571 &rawKey->u.rsa.privateExponent) || | |
572 !ReadAttribute(pk, CKA_PRIME_1, arena, &rawKey->u.rsa.prime1) || | |
573 !ReadAttribute(pk, CKA_PRIME_2, arena, &rawKey->u.rsa.prime2) || | |
574 !ReadAttribute(pk, CKA_EXPONENT_1, arena, | |
575 &rawKey->u.rsa.exponent1) || | |
576 !ReadAttribute(pk, CKA_EXPONENT_2, arena, | |
577 &rawKey->u.rsa.exponent2) || | |
578 !ReadAttribute(pk, CKA_COEFFICIENT, arena, | |
579 &rawKey->u.rsa.coefficient)) { | |
580 PORT_FreeArena(arena, PR_TRUE); | |
581 return NULL; | |
582 } | |
eroman
2014/03/20 00:12:04
Is it worth calling out that the PrivateKeyInfo's
Ryan Sleevi
2014/03/20 01:24:27
nah
| |
583 | |
584 pki = PORT_ArenaZNew(arena, SECKEYPrivateKeyInfo); | |
585 encoded = SEC_ASN1EncodeItem(arena, &pki->privateKey, rawKey, | |
eroman
2014/03/20 00:12:04
Should you check the return value for success?
Ryan Sleevi
2014/03/20 01:24:27
+1
wtc
2014/03/22 01:08:00
Done.
| |
586 SECKEY_RSAPrivateKeyExportTemplate); | |
587 rv = SECOID_SetAlgorithmID(arena, &pki->algorithm, | |
588 SEC_OID_PKCS1_RSA_ENCRYPTION, NULL); | |
589 pki->version.type = siUnsignedInteger; | |
590 pki->version.data = &pkiVersion; | |
eroman
2014/03/20 00:23:35
I found this a bit subtle, but maybe it is in line
Ryan Sleevi
2014/03/20 01:24:27
I have to agree with Eric, that this strikes me as
wtc
2014/03/22 01:08:00
Done.
| |
591 pki->version.len = 1; | |
592 pki->arena = arena; | |
eroman
2014/03/20 00:12:04
Apologies for lack of NSS foo: does this mean the
Ryan Sleevi
2014/03/20 01:24:27
Not directly, but through using SECKEY_DestroyPriv
| |
593 | |
594 return pki; | |
595 } | |
OLD | NEW |