| OLD | NEW |
|---|
| 1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
| 2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
| 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| 4 /* | 4 /* |
| 5 * This file implements PKCS 11 on top of our existing security modules | 5 * This file implements PKCS 11 on top of our existing security modules |
| 6 * | 6 * |
| 7 * For more information about PKCS 11 See PKCS 11 Token Inteface Standard. | 7 * For more information about PKCS 11 See PKCS 11 Token Inteface Standard. |
| 8 * This implementation has two slots: | 8 * This implementation has two slots: |
| 9 * slot 1 is our generic crypto support. It does not require login. | 9 * slot 1 is our generic crypto support. It does not require login. |
| 10 * It supports Public Key ops, and all they bulk ciphers and hashes. | 10 * It supports Public Key ops, and all they bulk ciphers and hashes. |
| (...skipping 139 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 150 */ | 150 */ |
| 151 static CK_RV | 151 static CK_RV |
| 152 sftk_MapVerifyError(int error) | 152 sftk_MapVerifyError(int error) |
| 153 { | 153 { |
| 154 CK_RV crv = sftk_MapCryptError(error); | 154 CK_RV crv = sftk_MapCryptError(error); |
| 155 if (crv == CKR_DEVICE_ERROR) | 155 if (crv == CKR_DEVICE_ERROR) |
| 156 crv = CKR_SIGNATURE_INVALID; | 156 crv = CKR_SIGNATURE_INVALID; |
| 157 return crv; | 157 return crv; |
| 158 } | 158 } |
| 159 | 159 |
| 160 static HASH_HashType |
| 161 GetHashTypeFromMechanism(CK_MECHANISM_TYPE mech) |
| 162 { |
| 163 switch (mech) { |
| 164 case CKM_SHA256: |
| 165 return HASH_AlgSHA256; |
| 166 case CKM_SHA384: |
| 167 return HASH_AlgSHA384; |
| 168 case CKM_SHA512: |
| 169 return HASH_AlgSHA512; |
| 170 default: |
| 171 return HASH_AlgNULL; |
| 172 } |
| 173 } |
| 174 |
| 160 | 175 |
| 161 /* | 176 /* |
| 162 * turn a CDMF key into a des key. CDMF is an old IBM scheme to export DES by | 177 * turn a CDMF key into a des key. CDMF is an old IBM scheme to export DES by |
| 163 * Deprecating a full des key to 40 bit key strenth. | 178 * Deprecating a full des key to 40 bit key strenth. |
| 164 */ | 179 */ |
| 165 static CK_RV | 180 static CK_RV |
| 166 sftk_cdmf2des(unsigned char *cdmfkey, unsigned char *deskey) | 181 sftk_cdmf2des(unsigned char *cdmfkey, unsigned char *deskey) |
| 167 { | 182 { |
| 168 unsigned char key1[8] = { 0xc4, 0x08, 0xb0, 0x54, 0x0b, 0xa1, 0xe0, 0xae }; | 183 unsigned char key1[8] = { 0xc4, 0x08, 0xb0, 0x54, 0x0b, 0xa1, 0xe0, 0xae }; |
| 169 unsigned char key2[8] = { 0xef, 0x2c, 0x04, 0x1c, 0xe6, 0x38, 0x2f, 0xe6 }; | 184 unsigned char key2[8] = { 0xef, 0x2c, 0x04, 0x1c, 0xe6, 0x38, 0x2f, 0xe6 }; |
| (...skipping 2070 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2240 | 2255 |
| 2241 case CKM_SSL3_MD5_MAC: | 2256 case CKM_SSL3_MD5_MAC: |
| 2242 crv = sftk_doSSLMACInit(context,SEC_OID_MD5,key, | 2257 crv = sftk_doSSLMACInit(context,SEC_OID_MD5,key, |
| 2243 *(CK_ULONG *)pMechanism->pParameter); | 2258 *(CK_ULONG *)pMechanism->pParameter); |
| 2244 break; | 2259 break; |
| 2245 case CKM_SSL3_SHA1_MAC: | 2260 case CKM_SSL3_SHA1_MAC: |
| 2246 crv = sftk_doSSLMACInit(context,SEC_OID_SHA1,key, | 2261 crv = sftk_doSSLMACInit(context,SEC_OID_SHA1,key, |
| 2247 *(CK_ULONG *)pMechanism->pParameter); | 2262 *(CK_ULONG *)pMechanism->pParameter); |
| 2248 break; | 2263 break; |
| 2249 case CKM_TLS_PRF_GENERAL: | 2264 case CKM_TLS_PRF_GENERAL: |
| 2250 » crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgNULL); | 2265 » crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgNULL, 0); |
| 2251 break; | 2266 break; |
| 2267 case CKM_TLS12_MAC: { |
| 2268 CK_TLS12_MAC_PARAMS *tls12_mac_params; |
| 2269 HASH_HashType tlsPrfHash; |
| 2270 const char *label; |
| 2271 |
| 2272 if (pMechanism->ulParameterLen != sizeof(CK_TLS12_MAC_PARAMS)) { |
| 2273 crv = CKR_MECHANISM_PARAM_INVALID; |
| 2274 break; |
| 2275 } |
| 2276 tls12_mac_params = (CK_TLS12_MAC_PARAMS *)pMechanism->pParameter; |
| 2277 if (tls12_mac_params->prfHashMechanism == CKM_TLS_PRF) { |
| 2278 /* The TLS 1.0 and 1.1 PRF */ |
| 2279 tlsPrfHash = HASH_AlgNULL; |
| 2280 if (tls12_mac_params->ulMacLength != 12) { |
| 2281 crv = CKR_MECHANISM_PARAM_INVALID; |
| 2282 break; |
| 2283 } |
| 2284 } else { |
| 2285 /* The hash function for the TLS 1.2 PRF */ |
| 2286 tlsPrfHash = |
| 2287 GetHashTypeFromMechanism(tls12_mac_params->prfHashMechanism); |
| 2288 if (tlsPrfHash == HASH_AlgNULL || |
| 2289 tls12_mac_params->ulMacLength < 12) { |
| 2290 crv = CKR_MECHANISM_PARAM_INVALID; |
| 2291 break; |
| 2292 } |
| 2293 } |
| 2294 if (tls12_mac_params->ulServerOrClient == 1) { |
| 2295 label = "server finished"; |
| 2296 } else if (tls12_mac_params->ulServerOrClient == 2) { |
| 2297 label = "client finished"; |
| 2298 } else { |
| 2299 crv = CKR_MECHANISM_PARAM_INVALID; |
| 2300 break; |
| 2301 } |
| 2302 crv = sftk_TLSPRFInit(context, key, key_type, tlsPrfHash, |
| 2303 tls12_mac_params->ulMacLength); |
| 2304 if (crv == CKR_OK) { |
| 2305 context->hashUpdate(context->hashInfo, label, 15); |
| 2306 } |
| 2307 break; |
| 2308 } |
| 2252 case CKM_NSS_TLS_PRF_GENERAL_SHA256: | 2309 case CKM_NSS_TLS_PRF_GENERAL_SHA256: |
| 2253 » crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgSHA256); | 2310 » crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgSHA256, 0); |
| 2254 break; | 2311 break; |
| 2255 | 2312 |
| 2256 case CKM_NSS_HMAC_CONSTANT_TIME: { | 2313 case CKM_NSS_HMAC_CONSTANT_TIME: { |
| 2257 sftk_MACConstantTimeCtx *ctx = | 2314 sftk_MACConstantTimeCtx *ctx = |
| 2258 sftk_HMACConstantTime_New(pMechanism,key); | 2315 sftk_HMACConstantTime_New(pMechanism,key); |
| 2259 CK_ULONG *intpointer; | 2316 CK_ULONG *intpointer; |
| 2260 | 2317 |
| 2261 if (ctx == NULL) { | 2318 if (ctx == NULL) { |
| 2262 crv = CKR_ARGUMENTS_BAD; | 2319 crv = CKR_ARGUMENTS_BAD; |
| 2263 break; | 2320 break; |
| (...skipping 535 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2799 | 2856 |
| 2800 case CKM_SSL3_MD5_MAC: | 2857 case CKM_SSL3_MD5_MAC: |
| 2801 crv = sftk_doSSLMACInit(context,SEC_OID_MD5,key, | 2858 crv = sftk_doSSLMACInit(context,SEC_OID_MD5,key, |
| 2802 *(CK_ULONG *)pMechanism->pParameter); | 2859 *(CK_ULONG *)pMechanism->pParameter); |
| 2803 break; | 2860 break; |
| 2804 case CKM_SSL3_SHA1_MAC: | 2861 case CKM_SSL3_SHA1_MAC: |
| 2805 crv = sftk_doSSLMACInit(context,SEC_OID_SHA1,key, | 2862 crv = sftk_doSSLMACInit(context,SEC_OID_SHA1,key, |
| 2806 *(CK_ULONG *)pMechanism->pParameter); | 2863 *(CK_ULONG *)pMechanism->pParameter); |
| 2807 break; | 2864 break; |
| 2808 case CKM_TLS_PRF_GENERAL: | 2865 case CKM_TLS_PRF_GENERAL: |
| 2809 » crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgNULL); | 2866 » crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgNULL, 0); |
| 2810 break; | 2867 break; |
| 2811 case CKM_NSS_TLS_PRF_GENERAL_SHA256: | 2868 case CKM_NSS_TLS_PRF_GENERAL_SHA256: |
| 2812 » crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgSHA256); | 2869 » crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgSHA256, 0); |
| 2813 break; | 2870 break; |
| 2814 | 2871 |
| 2815 default: | 2872 default: |
| 2816 crv = CKR_MECHANISM_INVALID; | 2873 crv = CKR_MECHANISM_INVALID; |
| 2817 break; | 2874 break; |
| 2818 } | 2875 } |
| 2819 | 2876 |
| 2820 if (crv != CKR_OK) { | 2877 if (crv != CKR_OK) { |
| 2821 if (info) PORT_Free(info); | 2878 if (info) PORT_Free(info); |
| 2822 sftk_FreeContext(context); | 2879 sftk_FreeContext(context); |
| (...skipping 2646 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 5469 MD2Context * md2; | 5526 MD2Context * md2; |
| 5470 CK_ULONG macSize; | 5527 CK_ULONG macSize; |
| 5471 CK_ULONG tmpKeySize; | 5528 CK_ULONG tmpKeySize; |
| 5472 CK_ULONG IVSize; | 5529 CK_ULONG IVSize; |
| 5473 CK_ULONG keySize = 0; | 5530 CK_ULONG keySize = 0; |
| 5474 CK_RV crv = CKR_OK; | 5531 CK_RV crv = CKR_OK; |
| 5475 CK_BBOOL cktrue = CK_TRUE; | 5532 CK_BBOOL cktrue = CK_TRUE; |
| 5476 CK_KEY_TYPE keyType = CKK_GENERIC_SECRET; | 5533 CK_KEY_TYPE keyType = CKK_GENERIC_SECRET; |
| 5477 CK_OBJECT_CLASS classType = CKO_SECRET_KEY; | 5534 CK_OBJECT_CLASS classType = CKO_SECRET_KEY; |
| 5478 CK_KEY_DERIVATION_STRING_DATA *stringPtr; | 5535 CK_KEY_DERIVATION_STRING_DATA *stringPtr; |
| 5536 CK_MECHANISM_TYPE mechanism = pMechanism->mechanism; |
| 5479 PRBool isTLS = PR_FALSE; | 5537 PRBool isTLS = PR_FALSE; |
| 5480 PRBool isSHA256 = PR_FALSE; | |
| 5481 PRBool isDH = PR_FALSE; | 5538 PRBool isDH = PR_FALSE; |
| 5539 HASH_HashType tlsPrfHash = HASH_AlgNULL; |
| 5482 SECStatus rv; | 5540 SECStatus rv; |
| 5483 int i; | 5541 int i; |
| 5484 unsigned int outLen; | 5542 unsigned int outLen; |
| 5485 unsigned char sha_out[SHA1_LENGTH]; | 5543 unsigned char sha_out[SHA1_LENGTH]; |
| 5486 unsigned char key_block[NUM_MIXERS * MD5_LENGTH]; | 5544 unsigned char key_block[NUM_MIXERS * MD5_LENGTH]; |
| 5487 unsigned char key_block2[MD5_LENGTH]; | 5545 unsigned char key_block2[MD5_LENGTH]; |
| 5488 PRBool isFIPS; | 5546 PRBool isFIPS; |
| 5489 HASH_HashType hashType; | 5547 HASH_HashType hashType; |
| 5490 PRBool extractValue = PR_TRUE; | 5548 PRBool extractValue = PR_TRUE; |
| 5491 | 5549 |
| (...skipping 26 matching lines...) Expand all Loading... |
| 5518 if (pTemplate[i].type == CKA_VALUE_LEN) { | 5576 if (pTemplate[i].type == CKA_VALUE_LEN) { |
| 5519 keySize = *(CK_ULONG *)pTemplate[i].pValue; | 5577 keySize = *(CK_ULONG *)pTemplate[i].pValue; |
| 5520 } | 5578 } |
| 5521 } | 5579 } |
| 5522 if (crv != CKR_OK) { sftk_FreeObject(key); return crv; } | 5580 if (crv != CKR_OK) { sftk_FreeObject(key); return crv; } |
| 5523 | 5581 |
| 5524 if (keySize == 0) { | 5582 if (keySize == 0) { |
| 5525 keySize = sftk_MapKeySize(keyType); | 5583 keySize = sftk_MapKeySize(keyType); |
| 5526 } | 5584 } |
| 5527 | 5585 |
| 5528 switch (pMechanism->mechanism) { | 5586 switch (mechanism) { |
| 5529 case CKM_NSS_JPAKE_ROUND2_SHA1: /* fall through */ | 5587 case CKM_NSS_JPAKE_ROUND2_SHA1: /* fall through */ |
| 5530 case CKM_NSS_JPAKE_ROUND2_SHA256: /* fall through */ | 5588 case CKM_NSS_JPAKE_ROUND2_SHA256: /* fall through */ |
| 5531 case CKM_NSS_JPAKE_ROUND2_SHA384: /* fall through */ | 5589 case CKM_NSS_JPAKE_ROUND2_SHA384: /* fall through */ |
| 5532 case CKM_NSS_JPAKE_ROUND2_SHA512: | 5590 case CKM_NSS_JPAKE_ROUND2_SHA512: |
| 5533 extractValue = PR_FALSE; | 5591 extractValue = PR_FALSE; |
| 5534 classType = CKO_PRIVATE_KEY; | 5592 classType = CKO_PRIVATE_KEY; |
| 5535 break; | 5593 break; |
| 5536 case CKM_NSS_JPAKE_FINAL_SHA1: /* fall through */ | 5594 case CKM_NSS_JPAKE_FINAL_SHA1: /* fall through */ |
| 5537 case CKM_NSS_JPAKE_FINAL_SHA256: /* fall through */ | 5595 case CKM_NSS_JPAKE_FINAL_SHA256: /* fall through */ |
| 5538 case CKM_NSS_JPAKE_FINAL_SHA384: /* fall through */ | 5596 case CKM_NSS_JPAKE_FINAL_SHA384: /* fall through */ |
| (...skipping 27 matching lines...) Expand all Loading... |
| 5566 if (extractValue) { | 5624 if (extractValue) { |
| 5567 /* get the value of the base key */ | 5625 /* get the value of the base key */ |
| 5568 att = sftk_FindAttribute(sourceKey,CKA_VALUE); | 5626 att = sftk_FindAttribute(sourceKey,CKA_VALUE); |
| 5569 if (att == NULL) { | 5627 if (att == NULL) { |
| 5570 sftk_FreeObject(key); | 5628 sftk_FreeObject(key); |
| 5571 sftk_FreeObject(sourceKey); | 5629 sftk_FreeObject(sourceKey); |
| 5572 return CKR_KEY_HANDLE_INVALID; | 5630 return CKR_KEY_HANDLE_INVALID; |
| 5573 } | 5631 } |
| 5574 } | 5632 } |
| 5575 | 5633 |
| 5576 switch (pMechanism->mechanism) { | 5634 switch (mechanism) { |
| 5577 /* | 5635 /* |
| 5578 * generate the master secret | 5636 * generate the master secret |
| 5579 */ | 5637 */ |
| 5638 case CKM_TLS12_MASTER_KEY_DERIVE: |
| 5639 case CKM_TLS12_MASTER_KEY_DERIVE_DH: |
| 5580 case CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256: | 5640 case CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256: |
| 5581 case CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256: | 5641 case CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256: |
| 5582 isSHA256 = PR_TRUE; | |
| 5583 /* fall thru */ | |
| 5584 case CKM_TLS_MASTER_KEY_DERIVE: | 5642 case CKM_TLS_MASTER_KEY_DERIVE: |
| 5585 case CKM_TLS_MASTER_KEY_DERIVE_DH: | 5643 case CKM_TLS_MASTER_KEY_DERIVE_DH: |
| 5586 isTLS = PR_TRUE; | |
| 5587 /* fall thru */ | |
| 5588 case CKM_SSL3_MASTER_KEY_DERIVE: | 5644 case CKM_SSL3_MASTER_KEY_DERIVE: |
| 5589 case CKM_SSL3_MASTER_KEY_DERIVE_DH: | 5645 case CKM_SSL3_MASTER_KEY_DERIVE_DH: |
| 5590 { | 5646 { |
| 5591 CK_SSL3_MASTER_KEY_DERIVE_PARAMS *ssl3_master; | 5647 CK_SSL3_MASTER_KEY_DERIVE_PARAMS *ssl3_master; |
| 5592 SSL3RSAPreMasterSecret * rsa_pms; | 5648 SSL3RSAPreMasterSecret * rsa_pms; |
| 5593 unsigned char crsrdata[SSL3_RANDOM_LENGTH * 2]; | 5649 unsigned char crsrdata[SSL3_RANDOM_LENGTH * 2]; |
| 5594 | 5650 |
| 5595 if ((pMechanism->mechanism == CKM_SSL3_MASTER_KEY_DERIVE_DH) || | 5651 » if ((mechanism == CKM_TLS12_MASTER_KEY_DERIVE) || |
| 5596 (pMechanism->mechanism == CKM_TLS_MASTER_KEY_DERIVE_DH) || | 5652 » (mechanism == CKM_TLS12_MASTER_KEY_DERIVE_DH)) { |
| 5597 (pMechanism->mechanism == CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256)) | 5653 » CK_TLS12_MASTER_KEY_DERIVE_PARAMS *tls12_master = |
| 5598 » » isDH = PR_TRUE; | 5654 » » (CK_TLS12_MASTER_KEY_DERIVE_PARAMS *) pMechanism->pParameter; |
| 5655 » tlsPrfHash = GetHashTypeFromMechanism(tls12_master->prfHashMechanism
); |
| 5656 » if (tlsPrfHash == HASH_AlgNULL) { |
| 5657 » » crv = CKR_MECHANISM_PARAM_INVALID; |
| 5658 » » break; |
| 5659 » } |
| 5660 » } else if ((mechanism == CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256) || |
| 5661 » » (mechanism == CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256)) { |
| 5662 » tlsPrfHash = HASH_AlgSHA256; |
| 5663 » } |
| 5664 |
| 5665 » if ((mechanism != CKM_SSL3_MASTER_KEY_DERIVE) && |
| 5666 » (mechanism != CKM_SSL3_MASTER_KEY_DERIVE_DH)) { |
| 5667 » isTLS = PR_TRUE; |
| 5668 » } |
| 5669 » if ((mechanism == CKM_SSL3_MASTER_KEY_DERIVE_DH) || |
| 5670 » (mechanism == CKM_TLS_MASTER_KEY_DERIVE_DH) || |
| 5671 » (mechanism == CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256) || |
| 5672 » (mechanism == CKM_TLS12_MASTER_KEY_DERIVE_DH)) { |
| 5673 » isDH = PR_TRUE; |
| 5674 » } |
| 5599 | 5675 |
| 5600 /* first do the consistancy checks */ | 5676 /* first do the consistancy checks */ |
| 5601 if (!isDH && (att->attrib.ulValueLen != SSL3_PMS_LENGTH)) { | 5677 if (!isDH && (att->attrib.ulValueLen != SSL3_PMS_LENGTH)) { |
| 5602 crv = CKR_KEY_TYPE_INCONSISTENT; | 5678 crv = CKR_KEY_TYPE_INCONSISTENT; |
| 5603 break; | 5679 break; |
| 5604 } | 5680 } |
| 5605 att2 = sftk_FindAttribute(sourceKey,CKA_KEY_TYPE); | 5681 att2 = sftk_FindAttribute(sourceKey,CKA_KEY_TYPE); |
| 5606 if ((att2 == NULL) || (*(CK_KEY_TYPE *)att2->attrib.pValue != | 5682 if ((att2 == NULL) || (*(CK_KEY_TYPE *)att2->attrib.pValue != |
| 5607 CKK_GENERIC_SECRET)) { | 5683 CKK_GENERIC_SECRET)) { |
| 5608 if (att2) sftk_FreeAttribute(att2); | 5684 if (att2) sftk_FreeAttribute(att2); |
| (...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 5655 SECItem master = { siBuffer, NULL, 0 }; | 5731 SECItem master = { siBuffer, NULL, 0 }; |
| 5656 SECItem pms = { siBuffer, NULL, 0 }; | 5732 SECItem pms = { siBuffer, NULL, 0 }; |
| 5657 | 5733 |
| 5658 crsr.data = crsrdata; | 5734 crsr.data = crsrdata; |
| 5659 crsr.len = sizeof crsrdata; | 5735 crsr.len = sizeof crsrdata; |
| 5660 master.data = key_block; | 5736 master.data = key_block; |
| 5661 master.len = SSL3_MASTER_SECRET_LENGTH; | 5737 master.len = SSL3_MASTER_SECRET_LENGTH; |
| 5662 pms.data = (unsigned char*)att->attrib.pValue; | 5738 pms.data = (unsigned char*)att->attrib.pValue; |
| 5663 pms.len = att->attrib.ulValueLen; | 5739 pms.len = att->attrib.ulValueLen; |
| 5664 | 5740 |
| 5665 » if (isSHA256) { | 5741 » if (tlsPrfHash != HASH_AlgNULL) { |
| 5666 » » status = TLS_P_hash(HASH_AlgSHA256, &pms, "master secret", | 5742 » » status = TLS_P_hash(tlsPrfHash, &pms, "master secret", |
| 5667 &crsr, &master, isFIPS); | 5743 &crsr, &master, isFIPS); |
| 5668 } else { | 5744 } else { |
| 5669 status = TLS_PRF(&pms, "master secret", &crsr, &master, isFIPS); | 5745 status = TLS_PRF(&pms, "master secret", &crsr, &master, isFIPS); |
| 5670 } | 5746 } |
| 5671 if (status != SECSuccess) { | 5747 if (status != SECSuccess) { |
| 5672 crv = CKR_FUNCTION_FAILED; | 5748 crv = CKR_FUNCTION_FAILED; |
| 5673 break; | 5749 break; |
| 5674 } | 5750 } |
| 5675 } else { | 5751 } else { |
| 5676 /* now allocate the hash contexts */ | 5752 /* now allocate the hash contexts */ |
| (...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 5719 if (crv != CKR_OK) break; | 5795 if (crv != CKR_OK) break; |
| 5720 crv = sftk_forceAttribute(key,CKA_VERIFY,&cktrue,sizeof(CK_BBOOL)); | 5796 crv = sftk_forceAttribute(key,CKA_VERIFY,&cktrue,sizeof(CK_BBOOL)); |
| 5721 if (crv != CKR_OK) break; | 5797 if (crv != CKR_OK) break; |
| 5722 /* While we're here, we might as well force this, too. */ | 5798 /* While we're here, we might as well force this, too. */ |
| 5723 crv = sftk_forceAttribute(key,CKA_DERIVE,&cktrue,sizeof(CK_BBOOL)); | 5799 crv = sftk_forceAttribute(key,CKA_DERIVE,&cktrue,sizeof(CK_BBOOL)); |
| 5724 if (crv != CKR_OK) break; | 5800 if (crv != CKR_OK) break; |
| 5725 } | 5801 } |
| 5726 break; | 5802 break; |
| 5727 } | 5803 } |
| 5728 | 5804 |
| 5805 case CKM_TLS12_KEY_AND_MAC_DERIVE: |
| 5729 case CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256: | 5806 case CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256: |
| 5730 isSHA256 = PR_TRUE; | |
| 5731 /* fall thru */ | |
| 5732 case CKM_TLS_KEY_AND_MAC_DERIVE: | 5807 case CKM_TLS_KEY_AND_MAC_DERIVE: |
| 5733 isTLS = PR_TRUE; | |
| 5734 /* fall thru */ | |
| 5735 case CKM_SSL3_KEY_AND_MAC_DERIVE: | 5808 case CKM_SSL3_KEY_AND_MAC_DERIVE: |
| 5736 { | 5809 { |
| 5737 CK_SSL3_KEY_MAT_PARAMS *ssl3_keys; | 5810 CK_SSL3_KEY_MAT_PARAMS *ssl3_keys; |
| 5738 CK_SSL3_KEY_MAT_OUT * ssl3_keys_out; | 5811 CK_SSL3_KEY_MAT_OUT * ssl3_keys_out; |
| 5739 CK_ULONG effKeySize; | 5812 CK_ULONG effKeySize; |
| 5740 unsigned int block_needed; | 5813 unsigned int block_needed; |
| 5741 unsigned char srcrdata[SSL3_RANDOM_LENGTH * 2]; | 5814 unsigned char srcrdata[SSL3_RANDOM_LENGTH * 2]; |
| 5742 unsigned char crsrdata[SSL3_RANDOM_LENGTH * 2]; | 5815 unsigned char crsrdata[SSL3_RANDOM_LENGTH * 2]; |
| 5743 | 5816 |
| 5817 if (mechanism == CKM_TLS12_KEY_AND_MAC_DERIVE) { |
| 5818 CK_TLS12_KEY_MAT_PARAMS *tls12_keys = |
| 5819 (CK_TLS12_KEY_MAT_PARAMS *) pMechanism->pParameter; |
| 5820 tlsPrfHash = GetHashTypeFromMechanism(tls12_keys->prfHashMechanism); |
| 5821 if (tlsPrfHash == HASH_AlgNULL) { |
| 5822 crv = CKR_MECHANISM_PARAM_INVALID; |
| 5823 break; |
| 5824 } |
| 5825 } else if (mechanism == CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256) { |
| 5826 tlsPrfHash = HASH_AlgSHA256; |
| 5827 } |
| 5828 |
| 5829 if (mechanism != CKM_SSL3_KEY_AND_MAC_DERIVE) { |
| 5830 isTLS = PR_TRUE; |
| 5831 } |
| 5832 |
| 5744 crv = sftk_DeriveSensitiveCheck(sourceKey,key); | 5833 crv = sftk_DeriveSensitiveCheck(sourceKey,key); |
| 5745 if (crv != CKR_OK) break; | 5834 if (crv != CKR_OK) break; |
| 5746 | 5835 |
| 5747 if (att->attrib.ulValueLen != SSL3_MASTER_SECRET_LENGTH) { | 5836 if (att->attrib.ulValueLen != SSL3_MASTER_SECRET_LENGTH) { |
| 5748 crv = CKR_KEY_FUNCTION_NOT_PERMITTED; | 5837 crv = CKR_KEY_FUNCTION_NOT_PERMITTED; |
| 5749 break; | 5838 break; |
| 5750 } | 5839 } |
| 5751 att2 = sftk_FindAttribute(sourceKey,CKA_KEY_TYPE); | 5840 att2 = sftk_FindAttribute(sourceKey,CKA_KEY_TYPE); |
| 5752 if ((att2 == NULL) || (*(CK_KEY_TYPE *)att2->attrib.pValue != | 5841 if ((att2 == NULL) || (*(CK_KEY_TYPE *)att2->attrib.pValue != |
| 5753 CKK_GENERIC_SECRET)) { | 5842 CKK_GENERIC_SECRET)) { |
| (...skipping 59 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 5813 SECItem keyblk = { siBuffer, NULL, 0 }; | 5902 SECItem keyblk = { siBuffer, NULL, 0 }; |
| 5814 SECItem master = { siBuffer, NULL, 0 }; | 5903 SECItem master = { siBuffer, NULL, 0 }; |
| 5815 | 5904 |
| 5816 srcr.data = srcrdata; | 5905 srcr.data = srcrdata; |
| 5817 srcr.len = sizeof srcrdata; | 5906 srcr.len = sizeof srcrdata; |
| 5818 keyblk.data = key_block; | 5907 keyblk.data = key_block; |
| 5819 keyblk.len = block_needed; | 5908 keyblk.len = block_needed; |
| 5820 master.data = (unsigned char*)att->attrib.pValue; | 5909 master.data = (unsigned char*)att->attrib.pValue; |
| 5821 master.len = att->attrib.ulValueLen; | 5910 master.len = att->attrib.ulValueLen; |
| 5822 | 5911 |
| 5823 » if (isSHA256) { | 5912 » if (tlsPrfHash != HASH_AlgNULL) { |
| 5824 » » status = TLS_P_hash(HASH_AlgSHA256, &master, "key expansion", | 5913 » » status = TLS_P_hash(tlsPrfHash, &master, "key expansion", |
| 5825 &srcr, &keyblk, isFIPS); | 5914 &srcr, &keyblk, isFIPS); |
| 5826 } else { | 5915 } else { |
| 5827 status = TLS_PRF(&master, "key expansion", &srcr, &keyblk, | 5916 status = TLS_PRF(&master, "key expansion", &srcr, &keyblk, |
| 5828 isFIPS); | 5917 isFIPS); |
| 5829 } | 5918 } |
| 5830 if (status != SECSuccess) { | 5919 if (status != SECSuccess) { |
| 5831 goto key_and_mac_derive_fail; | 5920 goto key_and_mac_derive_fail; |
| 5832 } | 5921 } |
| 5833 } else { | 5922 } else { |
| 5834 unsigned int block_bytes = 0; | 5923 unsigned int block_bytes = 0; |
| (...skipping 595 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 6430 | 6519 |
| 6431 rv = SEC_QuickDERDecodeItem(arena, &newPoint, | 6520 rv = SEC_QuickDERDecodeItem(arena, &newPoint, |
| 6432 SEC_ASN1_GET(SEC_OctetStringTemplate), | 6521 SEC_ASN1_GET(SEC_OctetStringTemplate), |
| 6433 &ecPoint); | 6522 &ecPoint); |
| 6434 if (rv != SECSuccess) { | 6523 if (rv != SECSuccess) { |
| 6435 goto ec_loser; | 6524 goto ec_loser; |
| 6436 } | 6525 } |
| 6437 ecPoint = newPoint; | 6526 ecPoint = newPoint; |
| 6438 } | 6527 } |
| 6439 | 6528 |
| 6440 » if (pMechanism->mechanism == CKM_ECDH1_COFACTOR_DERIVE) { | 6529 » if (mechanism == CKM_ECDH1_COFACTOR_DERIVE) { |
| 6441 withCofactor = PR_TRUE; | 6530 withCofactor = PR_TRUE; |
| 6442 } else { | 6531 } else { |
| 6443 /* When not using cofactor derivation, one should | 6532 /* When not using cofactor derivation, one should |
| 6444 * validate the public key to avoid small subgroup | 6533 * validate the public key to avoid small subgroup |
| 6445 * attacks. | 6534 * attacks. |
| 6446 */ | 6535 */ |
| 6447 if (EC_ValidatePublicKey(&privKey->u.ec.ecParams, &ecPoint) | 6536 if (EC_ValidatePublicKey(&privKey->u.ec.ecParams, &ecPoint) |
| 6448 != SECSuccess) { | 6537 != SECSuccess) { |
| 6449 goto ec_loser; | 6538 goto ec_loser; |
| 6450 } | 6539 } |
| (...skipping 496 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 6947 att = sftk_FindAttribute(key,CKA_VALUE); | 7036 att = sftk_FindAttribute(key,CKA_VALUE); |
| 6948 sftk_FreeObject(key); | 7037 sftk_FreeObject(key); |
| 6949 if (!att) { | 7038 if (!att) { |
| 6950 return CKR_KEY_HANDLE_INVALID; | 7039 return CKR_KEY_HANDLE_INVALID; |
| 6951 } | 7040 } |
| 6952 crv = NSC_DigestUpdate(hSession,(CK_BYTE_PTR)att->attrib.pValue, | 7041 crv = NSC_DigestUpdate(hSession,(CK_BYTE_PTR)att->attrib.pValue, |
| 6953 att->attrib.ulValueLen); | 7042 att->attrib.ulValueLen); |
| 6954 sftk_FreeAttribute(att); | 7043 sftk_FreeAttribute(att); |
| 6955 return crv; | 7044 return crv; |
| 6956 } | 7045 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 23510003:
Implement the TLS 1.2 mechanisms for PKCS #11. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/