OLD | NEW |
---|---|
1 | 1 |
2 /* This Source Code Form is subject to the terms of the Mozilla Public | 2 /* This Source Code Form is subject to the terms of the Mozilla Public |
3 * License, v. 2.0. If a copy of the MPL was not distributed with this | 3 * License, v. 2.0. If a copy of the MPL was not distributed with this |
4 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 4 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
5 /* | 5 /* |
6 * This file PKCS #12 fuctions that should really be moved to the | 6 * This file PKCS #12 fuctions that should really be moved to the |
7 * PKCS #12 directory, however we can't do that in a point release | 7 * PKCS #12 directory, however we can't do that in a point release |
8 * because that will break binary compatibility, so we keep them here for now. | 8 * because that will break binary compatibility, so we keep them here for now. |
9 */ | 9 */ |
10 | 10 |
11 #include "seccomon.h" | 11 #include "seccomon.h" |
12 #include "secmod.h" | 12 #include "secmod.h" |
13 #include "secmodi.h" | 13 #include "secmodi.h" |
14 #include "pkcs11.h" | 14 #include "pkcs11.h" |
15 #include "pk11func.h" | 15 #include "pk11func.h" |
16 #include "secitem.h" | 16 #include "secitem.h" |
17 #include "key.h" | 17 #include "key.h" |
18 #include "secoid.h" | 18 #include "secoid.h" |
19 #include "secasn1.h" | 19 #include "secasn1.h" |
20 #include "secerr.h" | 20 #include "secerr.h" |
21 #include "prerror.h" | |
21 | 22 |
22 | 23 |
23 | 24 |
24 /* These data structures should move to a common .h file shared between the | 25 /* These data structures should move to a common .h file shared between the |
25 * wrappers and the pkcs 12 code. */ | 26 * wrappers and the pkcs 12 code. */ |
26 | 27 |
27 /* | 28 /* |
28 ** RSA Raw Private Key structures | 29 ** RSA Raw Private Key structures |
29 */ | 30 */ |
30 | 31 |
(...skipping 478 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
509 SECStatus | 510 SECStatus |
510 PK11_ImportPrivateKeyInfo(PK11SlotInfo *slot, SECKEYPrivateKeyInfo *pki, | 511 PK11_ImportPrivateKeyInfo(PK11SlotInfo *slot, SECKEYPrivateKeyInfo *pki, |
511 SECItem *nickname, SECItem *publicValue, PRBool isPerm, | 512 SECItem *nickname, SECItem *publicValue, PRBool isPerm, |
512 PRBool isPrivate, unsigned int keyUsage, void *wincx) | 513 PRBool isPrivate, unsigned int keyUsage, void *wincx) |
513 { | 514 { |
514 return PK11_ImportPrivateKeyInfoAndReturnKey(slot, pki, nickname, | 515 return PK11_ImportPrivateKeyInfoAndReturnKey(slot, pki, nickname, |
515 publicValue, isPerm, isPrivate, keyUsage, NULL, wincx); | 516 publicValue, isPerm, isPrivate, keyUsage, NULL, wincx); |
516 | 517 |
517 } | 518 } |
518 | 519 |
520 SECItem * | |
521 PK11_ExportDERPrivateKeyInfo(SECKEYPrivateKey *pk, void *wincx) | |
522 { | |
523 SECKEYPrivateKeyInfo *pki = PK11_ExportPrivKeyInfo(pk, wincx); | |
524 SECItem *derPKI; | |
525 | |
526 if (!pki) { | |
527 return NULL; | |
528 } | |
529 derPKI = SEC_ASN1EncodeItem(NULL, NULL, pki, | |
530 SECKEY_PrivateKeyInfoTemplate); | |
531 SECKEY_DestroyPrivateKeyInfo(pki, PR_TRUE); | |
532 return derPKI; | |
533 } | |
534 | |
535 static PRBool | |
536 ReadAttribute(SECKEYPrivateKey* key, CK_ATTRIBUTE_TYPE type, | |
537 PLArenaPool* arena, SECItem* output) | |
538 { | |
539 SECStatus rv = PK11_ReadAttribute(key->pkcs11Slot, key->pkcs11ID, type, | |
540 arena, output); | |
541 return rv == SECSuccess; | |
542 } | |
543 | |
544 /* | |
545 * The caller is responsible for freeing the return value by passing it to | |
546 * SECKEY_DestroyPrivateKeyInfo(..., PR_TRUE). | |
547 */ | |
548 SECKEYPrivateKeyInfo * | |
549 PK11_ExportPrivKeyInfo(SECKEYPrivateKey *pk, void *wincx) | |
550 { | |
551 /* PrivateKeyInfo version (always zero) */ | |
552 const unsigned char pkiVersion = 0; | |
553 /* RSAPrivateKey version (always zero) */ | |
554 const unsigned char rsaVersion = 0; | |
555 PLArenaPool *arena = NULL; | |
556 SECKEYRawPrivateKey rawKey; | |
557 SECKEYPrivateKeyInfo *pki; | |
558 SECItem *encoded; | |
559 SECStatus rv; | |
560 | |
561 if (pk->keyType != rsaKey) { | |
562 PORT_SetError(PR_NOT_IMPLEMENTED_ERROR); | |
563 goto loser; | |
564 } | |
565 | |
566 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); | |
567 if (!arena) { | |
568 goto loser; | |
569 } | |
570 memset(&rawKey, 0, sizeof(rawKey)); | |
571 rawKey.keyType = pk->keyType; | |
572 rawKey.u.rsa.version.type = siUnsignedInteger; | |
573 rawKey.u.rsa.version.data = &rsaVersion; | |
eroman
2014/03/24 22:46:38
Should this allocate in the arenapool too? I guess
wtc
2014/03/26 01:47:15
Correct. If I allocate this in the arena pool, it
| |
574 rawKey.u.rsa.version.len = 1; | |
575 | |
576 /* Read the component attributes of the private key */ | |
577 prepare_rsa_priv_key_export_for_asn1(&rawKey); | |
Ryan Sleevi
2014/03/24 23:57:40
Shouldn't you prepare after reading all attributes
wtc
2014/03/26 01:47:15
The order doesn't matter.
prepare_rsa_priv_key_ex
| |
578 if (!ReadAttribute(pk, CKA_MODULUS, arena, &rawKey.u.rsa.modulus) || | |
579 !ReadAttribute(pk, CKA_PUBLIC_EXPONENT, arena, | |
580 &rawKey.u.rsa.publicExponent) || | |
581 !ReadAttribute(pk, CKA_PRIVATE_EXPONENT, arena, | |
582 &rawKey.u.rsa.privateExponent) || | |
583 !ReadAttribute(pk, CKA_PRIME_1, arena, &rawKey.u.rsa.prime1) || | |
584 !ReadAttribute(pk, CKA_PRIME_2, arena, &rawKey.u.rsa.prime2) || | |
585 !ReadAttribute(pk, CKA_EXPONENT_1, arena, | |
586 &rawKey.u.rsa.exponent1) || | |
587 !ReadAttribute(pk, CKA_EXPONENT_2, arena, | |
588 &rawKey.u.rsa.exponent2) || | |
589 !ReadAttribute(pk, CKA_COEFFICIENT, arena, | |
590 &rawKey.u.rsa.coefficient)) { | |
591 goto loser; | |
592 } | |
593 | |
594 pki = PORT_ArenaZNew(arena, SECKEYPrivateKeyInfo); | |
595 if (!pki) { | |
596 goto loser; | |
597 } | |
598 encoded = SEC_ASN1EncodeItem(arena, &pki->privateKey, &rawKey, | |
599 SECKEY_RSAPrivateKeyExportTemplate); | |
600 if (!encoded) { | |
601 goto loser; | |
602 } | |
603 rv = SECOID_SetAlgorithmID(arena, &pki->algorithm, | |
604 SEC_OID_PKCS1_RSA_ENCRYPTION, NULL); | |
605 if (rv != SECSuccess) { | |
606 goto loser; | |
607 } | |
608 pki->version.type = siUnsignedInteger; | |
609 pki->version.data = (unsigned char *)PORT_ArenaAlloc(arena, 1); | |
610 if (!pki->version.data) { | |
611 goto loser; | |
612 } | |
613 pki->version.data[0] = pkiVersion; | |
614 pki->version.len = 1; | |
615 pki->arena = arena; | |
616 | |
617 return pki; | |
618 | |
619 loser: | |
620 if (arena) { | |
621 PORT_FreeArena(arena, PR_TRUE); | |
622 } | |
623 return NULL; | |
624 } | |
OLD | NEW |