Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(172)

Unified Diff: nss/lib/pk11wrap/pk11kea.c

Issue 2078763002: Delete bundled copy of NSS and replace with README. (Closed) Base URL: https://chromium.googlesource.com/chromium/deps/nss@master
Patch Set: Delete bundled copy of NSS and replace with README. Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « nss/lib/pk11wrap/pk11func.h ('k') | nss/lib/pk11wrap/pk11list.c » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: nss/lib/pk11wrap/pk11kea.c
diff --git a/nss/lib/pk11wrap/pk11kea.c b/nss/lib/pk11wrap/pk11kea.c
deleted file mode 100644
index a7dd4fbbc5c5215a647098b62f40de8a699d7789..0000000000000000000000000000000000000000
--- a/nss/lib/pk11wrap/pk11kea.c
+++ /dev/null
@@ -1,131 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/*
- * This file implements the Symkey wrapper and the PKCS context
- * Interfaces.
- */
-
-#include "seccomon.h"
-#include "secmod.h"
-#include "nssilock.h"
-#include "secmodi.h"
-#include "secmodti.h"
-#include "pkcs11.h"
-#include "pk11func.h"
-#include "secitem.h"
-#include "key.h"
-#include "secasn1.h"
-#include "sechash.h"
-#include "cert.h"
-#include "secerr.h"
-
-/*
- * find an RSA public key on a card
- */
-static CK_OBJECT_HANDLE
-pk11_FindRSAPubKey(PK11SlotInfo *slot)
-{
- CK_KEY_TYPE key_type = CKK_RSA;
- CK_OBJECT_CLASS class_type = CKO_PUBLIC_KEY;
- CK_ATTRIBUTE theTemplate[2];
- int template_count = sizeof(theTemplate)/sizeof(theTemplate[0]);
- CK_ATTRIBUTE *attrs = theTemplate;
-
- PK11_SETATTRS(attrs,CKA_CLASS,&class_type,sizeof(class_type)); attrs++;
- PK11_SETATTRS(attrs,CKA_KEY_TYPE,&key_type,sizeof(key_type)); attrs++;
- template_count = attrs - theTemplate;
- PR_ASSERT(template_count <= sizeof(theTemplate)/sizeof(CK_ATTRIBUTE));
-
- return pk11_FindObjectByTemplate(slot,theTemplate,template_count);
-}
-
-PK11SymKey *
-pk11_KeyExchange(PK11SlotInfo *slot,CK_MECHANISM_TYPE type,
- CK_ATTRIBUTE_TYPE operation, CK_FLAGS flags,
- PRBool isPerm, PK11SymKey *symKey)
-{
- PK11SymKey *newSymKey = NULL;
- SECStatus rv;
- /* performance improvement can go here --- use a generated key at startup
- * to generate a per token wrapping key. If it exists, use it, otherwise
- * do a full key exchange. */
-
- /* find a common Key Exchange algorithm */
- /* RSA */
- if (PK11_DoesMechanism(symKey->slot, CKM_RSA_PKCS) &&
- PK11_DoesMechanism(slot,CKM_RSA_PKCS)) {
- CK_OBJECT_HANDLE pubKeyHandle = CK_INVALID_HANDLE;
- CK_OBJECT_HANDLE privKeyHandle = CK_INVALID_HANDLE;
- SECKEYPublicKey *pubKey = NULL;
- SECKEYPrivateKey *privKey = NULL;
- SECItem wrapData;
- unsigned int symKeyLength = PK11_GetKeyLength(symKey);
-
- wrapData.data = NULL;
-
- /* find RSA Public Key on target */
- pubKeyHandle = pk11_FindRSAPubKey(slot);
- if (pubKeyHandle != CK_INVALID_HANDLE) {
- privKeyHandle = PK11_MatchItem(slot,pubKeyHandle,CKO_PRIVATE_KEY);
- }
-
- /* if no key exists, generate a key pair */
- if (privKeyHandle == CK_INVALID_HANDLE) {
- PK11RSAGenParams rsaParams;
-
- if (symKeyLength > 53) /* bytes */ {
- /* we'd have to generate an RSA key pair > 512 bits long,
- ** and that's too costly. Don't even try.
- */
- PORT_SetError( SEC_ERROR_CANNOT_MOVE_SENSITIVE_KEY );
- goto rsa_failed;
- }
- rsaParams.keySizeInBits =
- (symKeyLength > 21 || symKeyLength == 0) ? 512 : 256;
- rsaParams.pe = 0x10001;
- privKey = PK11_GenerateKeyPair(slot,CKM_RSA_PKCS_KEY_PAIR_GEN,
- &rsaParams, &pubKey,PR_FALSE,PR_TRUE,symKey->cx);
- } else {
- /* if keys exist, build SECKEY data structures for them */
- privKey = PK11_MakePrivKey(slot,nullKey, PR_TRUE, privKeyHandle,
- symKey->cx);
- if (privKey != NULL) {
- pubKey = PK11_ExtractPublicKey(slot, rsaKey, pubKeyHandle);
- if (pubKey && pubKey->pkcs11Slot) {
- PK11_FreeSlot(pubKey->pkcs11Slot);
- pubKey->pkcs11Slot = NULL;
- pubKey->pkcs11ID = CK_INVALID_HANDLE;
- }
- }
- }
- if (privKey == NULL) goto rsa_failed;
- if (pubKey == NULL) goto rsa_failed;
-
- wrapData.len = SECKEY_PublicKeyStrength(pubKey);
- if (!wrapData.len) goto rsa_failed;
- wrapData.data = PORT_Alloc(wrapData.len);
- if (wrapData.data == NULL) goto rsa_failed;
-
- /* now wrap the keys in and out */
- rv = PK11_PubWrapSymKey(CKM_RSA_PKCS, pubKey, symKey, &wrapData);
- if (rv == SECSuccess) {
- newSymKey = PK11_PubUnwrapSymKeyWithFlagsPerm(privKey,
- &wrapData,type,operation,symKeyLength,flags,isPerm);
- /* make sure we wound up where we wanted to be! */
- if (newSymKey && newSymKey->slot != slot) {
- PK11_FreeSymKey(newSymKey);
- newSymKey = NULL;
- }
- }
-rsa_failed:
- if (wrapData.data != NULL) PORT_Free(wrapData.data);
- if (privKey != NULL) SECKEY_DestroyPrivateKey(privKey);
- if (pubKey != NULL) SECKEY_DestroyPublicKey(pubKey);
-
- return newSymKey;
- }
- PORT_SetError( SEC_ERROR_NO_MODULE );
- return NULL;
-}
-
« no previous file with comments | « nss/lib/pk11wrap/pk11func.h ('k') | nss/lib/pk11wrap/pk11list.c » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698