OLD | NEW |
1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
4 /* | 4 /* |
5 * This file implements PKCS 11 on top of our existing security modules | 5 * This file implements PKCS 11 on top of our existing security modules |
6 * | 6 * |
7 * For more information about PKCS 11 See PKCS 11 Token Inteface Standard. | 7 * For more information about PKCS 11 See PKCS 11 Token Inteface Standard. |
8 * This implementation has two slots: | 8 * This implementation has two slots: |
9 * slot 1 is our generic crypto support. It does not require login. | 9 * slot 1 is our generic crypto support. It does not require login. |
10 * It supports Public Key ops, and all they bulk ciphers and hashes. | 10 * It supports Public Key ops, and all they bulk ciphers and hashes. |
(...skipping 139 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
150 */ | 150 */ |
151 static CK_RV | 151 static CK_RV |
152 sftk_MapVerifyError(int error) | 152 sftk_MapVerifyError(int error) |
153 { | 153 { |
154 CK_RV crv = sftk_MapCryptError(error); | 154 CK_RV crv = sftk_MapCryptError(error); |
155 if (crv == CKR_DEVICE_ERROR) | 155 if (crv == CKR_DEVICE_ERROR) |
156 crv = CKR_SIGNATURE_INVALID; | 156 crv = CKR_SIGNATURE_INVALID; |
157 return crv; | 157 return crv; |
158 } | 158 } |
159 | 159 |
| 160 static HASH_HashType |
| 161 GetHashTypeFromMechanism(CK_MECHANISM_TYPE mech) |
| 162 { |
| 163 switch (mech) { |
| 164 case CKM_SHA256: |
| 165 return HASH_AlgSHA256; |
| 166 case CKM_SHA384: |
| 167 return HASH_AlgSHA384; |
| 168 case CKM_SHA512: |
| 169 return HASH_AlgSHA512; |
| 170 default: |
| 171 return HASH_AlgNULL; |
| 172 } |
| 173 } |
| 174 |
160 | 175 |
161 /* | 176 /* |
162 * turn a CDMF key into a des key. CDMF is an old IBM scheme to export DES by | 177 * turn a CDMF key into a des key. CDMF is an old IBM scheme to export DES by |
163 * Deprecating a full des key to 40 bit key strenth. | 178 * Deprecating a full des key to 40 bit key strenth. |
164 */ | 179 */ |
165 static CK_RV | 180 static CK_RV |
166 sftk_cdmf2des(unsigned char *cdmfkey, unsigned char *deskey) | 181 sftk_cdmf2des(unsigned char *cdmfkey, unsigned char *deskey) |
167 { | 182 { |
168 unsigned char key1[8] = { 0xc4, 0x08, 0xb0, 0x54, 0x0b, 0xa1, 0xe0, 0xae }; | 183 unsigned char key1[8] = { 0xc4, 0x08, 0xb0, 0x54, 0x0b, 0xa1, 0xe0, 0xae }; |
169 unsigned char key2[8] = { 0xef, 0x2c, 0x04, 0x1c, 0xe6, 0x38, 0x2f, 0xe6 }; | 184 unsigned char key2[8] = { 0xef, 0x2c, 0x04, 0x1c, 0xe6, 0x38, 0x2f, 0xe6 }; |
(...skipping 2070 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2240 | 2255 |
2241 case CKM_SSL3_MD5_MAC: | 2256 case CKM_SSL3_MD5_MAC: |
2242 crv = sftk_doSSLMACInit(context,SEC_OID_MD5,key, | 2257 crv = sftk_doSSLMACInit(context,SEC_OID_MD5,key, |
2243 *(CK_ULONG *)pMechanism->pParameter); | 2258 *(CK_ULONG *)pMechanism->pParameter); |
2244 break; | 2259 break; |
2245 case CKM_SSL3_SHA1_MAC: | 2260 case CKM_SSL3_SHA1_MAC: |
2246 crv = sftk_doSSLMACInit(context,SEC_OID_SHA1,key, | 2261 crv = sftk_doSSLMACInit(context,SEC_OID_SHA1,key, |
2247 *(CK_ULONG *)pMechanism->pParameter); | 2262 *(CK_ULONG *)pMechanism->pParameter); |
2248 break; | 2263 break; |
2249 case CKM_TLS_PRF_GENERAL: | 2264 case CKM_TLS_PRF_GENERAL: |
2250 » crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgNULL); | 2265 » crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgNULL, 0); |
2251 break; | 2266 break; |
| 2267 case CKM_TLS12_MAC: { |
| 2268 CK_TLS12_MAC_PARAMS *tls12_mac_params; |
| 2269 HASH_HashType tlsPrfHash; |
| 2270 const char *label; |
| 2271 |
| 2272 if (pMechanism->ulParameterLen != sizeof(CK_TLS12_MAC_PARAMS)) { |
| 2273 crv = CKR_MECHANISM_PARAM_INVALID; |
| 2274 break; |
| 2275 } |
| 2276 tls12_mac_params = (CK_TLS12_MAC_PARAMS *)pMechanism->pParameter; |
| 2277 if (tls12_mac_params->prfHashMechanism == CKM_TLS_PRF) { |
| 2278 /* The TLS 1.0 and 1.1 PRF */ |
| 2279 tlsPrfHash = HASH_AlgNULL; |
| 2280 if (tls12_mac_params->ulMacLength != 12) { |
| 2281 crv = CKR_MECHANISM_PARAM_INVALID; |
| 2282 break; |
| 2283 } |
| 2284 } else { |
| 2285 /* The hash function for the TLS 1.2 PRF */ |
| 2286 tlsPrfHash = |
| 2287 GetHashTypeFromMechanism(tls12_mac_params->prfHashMechanism); |
| 2288 if (tlsPrfHash == HASH_AlgNULL || |
| 2289 tls12_mac_params->ulMacLength < 12) { |
| 2290 crv = CKR_MECHANISM_PARAM_INVALID; |
| 2291 break; |
| 2292 } |
| 2293 } |
| 2294 if (tls12_mac_params->ulServerOrClient == 1) { |
| 2295 label = "server finished"; |
| 2296 } else if (tls12_mac_params->ulServerOrClient == 2) { |
| 2297 label = "client finished"; |
| 2298 } else { |
| 2299 crv = CKR_MECHANISM_PARAM_INVALID; |
| 2300 break; |
| 2301 } |
| 2302 crv = sftk_TLSPRFInit(context, key, key_type, tlsPrfHash, |
| 2303 tls12_mac_params->ulMacLength); |
| 2304 if (crv == CKR_OK) { |
| 2305 context->hashUpdate(context->hashInfo, label, 15); |
| 2306 } |
| 2307 break; |
| 2308 } |
2252 case CKM_NSS_TLS_PRF_GENERAL_SHA256: | 2309 case CKM_NSS_TLS_PRF_GENERAL_SHA256: |
2253 » crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgSHA256); | 2310 » crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgSHA256, 0); |
2254 break; | 2311 break; |
2255 | 2312 |
2256 case CKM_NSS_HMAC_CONSTANT_TIME: { | 2313 case CKM_NSS_HMAC_CONSTANT_TIME: { |
2257 sftk_MACConstantTimeCtx *ctx = | 2314 sftk_MACConstantTimeCtx *ctx = |
2258 sftk_HMACConstantTime_New(pMechanism,key); | 2315 sftk_HMACConstantTime_New(pMechanism,key); |
2259 CK_ULONG *intpointer; | 2316 CK_ULONG *intpointer; |
2260 | 2317 |
2261 if (ctx == NULL) { | 2318 if (ctx == NULL) { |
2262 crv = CKR_ARGUMENTS_BAD; | 2319 crv = CKR_ARGUMENTS_BAD; |
2263 break; | 2320 break; |
(...skipping 535 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2799 | 2856 |
2800 case CKM_SSL3_MD5_MAC: | 2857 case CKM_SSL3_MD5_MAC: |
2801 crv = sftk_doSSLMACInit(context,SEC_OID_MD5,key, | 2858 crv = sftk_doSSLMACInit(context,SEC_OID_MD5,key, |
2802 *(CK_ULONG *)pMechanism->pParameter); | 2859 *(CK_ULONG *)pMechanism->pParameter); |
2803 break; | 2860 break; |
2804 case CKM_SSL3_SHA1_MAC: | 2861 case CKM_SSL3_SHA1_MAC: |
2805 crv = sftk_doSSLMACInit(context,SEC_OID_SHA1,key, | 2862 crv = sftk_doSSLMACInit(context,SEC_OID_SHA1,key, |
2806 *(CK_ULONG *)pMechanism->pParameter); | 2863 *(CK_ULONG *)pMechanism->pParameter); |
2807 break; | 2864 break; |
2808 case CKM_TLS_PRF_GENERAL: | 2865 case CKM_TLS_PRF_GENERAL: |
2809 » crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgNULL); | 2866 » crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgNULL, 0); |
2810 break; | 2867 break; |
2811 case CKM_NSS_TLS_PRF_GENERAL_SHA256: | 2868 case CKM_NSS_TLS_PRF_GENERAL_SHA256: |
2812 » crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgSHA256); | 2869 » crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgSHA256, 0); |
2813 break; | 2870 break; |
2814 | 2871 |
2815 default: | 2872 default: |
2816 crv = CKR_MECHANISM_INVALID; | 2873 crv = CKR_MECHANISM_INVALID; |
2817 break; | 2874 break; |
2818 } | 2875 } |
2819 | 2876 |
2820 if (crv != CKR_OK) { | 2877 if (crv != CKR_OK) { |
2821 if (info) PORT_Free(info); | 2878 if (info) PORT_Free(info); |
2822 sftk_FreeContext(context); | 2879 sftk_FreeContext(context); |
(...skipping 2646 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
5469 MD2Context * md2; | 5526 MD2Context * md2; |
5470 CK_ULONG macSize; | 5527 CK_ULONG macSize; |
5471 CK_ULONG tmpKeySize; | 5528 CK_ULONG tmpKeySize; |
5472 CK_ULONG IVSize; | 5529 CK_ULONG IVSize; |
5473 CK_ULONG keySize = 0; | 5530 CK_ULONG keySize = 0; |
5474 CK_RV crv = CKR_OK; | 5531 CK_RV crv = CKR_OK; |
5475 CK_BBOOL cktrue = CK_TRUE; | 5532 CK_BBOOL cktrue = CK_TRUE; |
5476 CK_KEY_TYPE keyType = CKK_GENERIC_SECRET; | 5533 CK_KEY_TYPE keyType = CKK_GENERIC_SECRET; |
5477 CK_OBJECT_CLASS classType = CKO_SECRET_KEY; | 5534 CK_OBJECT_CLASS classType = CKO_SECRET_KEY; |
5478 CK_KEY_DERIVATION_STRING_DATA *stringPtr; | 5535 CK_KEY_DERIVATION_STRING_DATA *stringPtr; |
| 5536 CK_MECHANISM_TYPE mechanism = pMechanism->mechanism; |
5479 PRBool isTLS = PR_FALSE; | 5537 PRBool isTLS = PR_FALSE; |
5480 PRBool isSHA256 = PR_FALSE; | |
5481 PRBool isDH = PR_FALSE; | 5538 PRBool isDH = PR_FALSE; |
| 5539 HASH_HashType tlsPrfHash = HASH_AlgNULL; |
5482 SECStatus rv; | 5540 SECStatus rv; |
5483 int i; | 5541 int i; |
5484 unsigned int outLen; | 5542 unsigned int outLen; |
5485 unsigned char sha_out[SHA1_LENGTH]; | 5543 unsigned char sha_out[SHA1_LENGTH]; |
5486 unsigned char key_block[NUM_MIXERS * MD5_LENGTH]; | 5544 unsigned char key_block[NUM_MIXERS * MD5_LENGTH]; |
5487 unsigned char key_block2[MD5_LENGTH]; | 5545 unsigned char key_block2[MD5_LENGTH]; |
5488 PRBool isFIPS; | 5546 PRBool isFIPS; |
5489 HASH_HashType hashType; | 5547 HASH_HashType hashType; |
5490 PRBool extractValue = PR_TRUE; | 5548 PRBool extractValue = PR_TRUE; |
5491 | 5549 |
(...skipping 26 matching lines...) Expand all Loading... |
5518 if (pTemplate[i].type == CKA_VALUE_LEN) { | 5576 if (pTemplate[i].type == CKA_VALUE_LEN) { |
5519 keySize = *(CK_ULONG *)pTemplate[i].pValue; | 5577 keySize = *(CK_ULONG *)pTemplate[i].pValue; |
5520 } | 5578 } |
5521 } | 5579 } |
5522 if (crv != CKR_OK) { sftk_FreeObject(key); return crv; } | 5580 if (crv != CKR_OK) { sftk_FreeObject(key); return crv; } |
5523 | 5581 |
5524 if (keySize == 0) { | 5582 if (keySize == 0) { |
5525 keySize = sftk_MapKeySize(keyType); | 5583 keySize = sftk_MapKeySize(keyType); |
5526 } | 5584 } |
5527 | 5585 |
5528 switch (pMechanism->mechanism) { | 5586 switch (mechanism) { |
5529 case CKM_NSS_JPAKE_ROUND2_SHA1: /* fall through */ | 5587 case CKM_NSS_JPAKE_ROUND2_SHA1: /* fall through */ |
5530 case CKM_NSS_JPAKE_ROUND2_SHA256: /* fall through */ | 5588 case CKM_NSS_JPAKE_ROUND2_SHA256: /* fall through */ |
5531 case CKM_NSS_JPAKE_ROUND2_SHA384: /* fall through */ | 5589 case CKM_NSS_JPAKE_ROUND2_SHA384: /* fall through */ |
5532 case CKM_NSS_JPAKE_ROUND2_SHA512: | 5590 case CKM_NSS_JPAKE_ROUND2_SHA512: |
5533 extractValue = PR_FALSE; | 5591 extractValue = PR_FALSE; |
5534 classType = CKO_PRIVATE_KEY; | 5592 classType = CKO_PRIVATE_KEY; |
5535 break; | 5593 break; |
5536 case CKM_NSS_JPAKE_FINAL_SHA1: /* fall through */ | 5594 case CKM_NSS_JPAKE_FINAL_SHA1: /* fall through */ |
5537 case CKM_NSS_JPAKE_FINAL_SHA256: /* fall through */ | 5595 case CKM_NSS_JPAKE_FINAL_SHA256: /* fall through */ |
5538 case CKM_NSS_JPAKE_FINAL_SHA384: /* fall through */ | 5596 case CKM_NSS_JPAKE_FINAL_SHA384: /* fall through */ |
(...skipping 27 matching lines...) Expand all Loading... |
5566 if (extractValue) { | 5624 if (extractValue) { |
5567 /* get the value of the base key */ | 5625 /* get the value of the base key */ |
5568 att = sftk_FindAttribute(sourceKey,CKA_VALUE); | 5626 att = sftk_FindAttribute(sourceKey,CKA_VALUE); |
5569 if (att == NULL) { | 5627 if (att == NULL) { |
5570 sftk_FreeObject(key); | 5628 sftk_FreeObject(key); |
5571 sftk_FreeObject(sourceKey); | 5629 sftk_FreeObject(sourceKey); |
5572 return CKR_KEY_HANDLE_INVALID; | 5630 return CKR_KEY_HANDLE_INVALID; |
5573 } | 5631 } |
5574 } | 5632 } |
5575 | 5633 |
5576 switch (pMechanism->mechanism) { | 5634 switch (mechanism) { |
5577 /* | 5635 /* |
5578 * generate the master secret | 5636 * generate the master secret |
5579 */ | 5637 */ |
| 5638 case CKM_TLS12_MASTER_KEY_DERIVE: |
| 5639 case CKM_TLS12_MASTER_KEY_DERIVE_DH: |
5580 case CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256: | 5640 case CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256: |
5581 case CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256: | 5641 case CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256: |
5582 isSHA256 = PR_TRUE; | |
5583 /* fall thru */ | |
5584 case CKM_TLS_MASTER_KEY_DERIVE: | 5642 case CKM_TLS_MASTER_KEY_DERIVE: |
5585 case CKM_TLS_MASTER_KEY_DERIVE_DH: | 5643 case CKM_TLS_MASTER_KEY_DERIVE_DH: |
5586 isTLS = PR_TRUE; | |
5587 /* fall thru */ | |
5588 case CKM_SSL3_MASTER_KEY_DERIVE: | 5644 case CKM_SSL3_MASTER_KEY_DERIVE: |
5589 case CKM_SSL3_MASTER_KEY_DERIVE_DH: | 5645 case CKM_SSL3_MASTER_KEY_DERIVE_DH: |
5590 { | 5646 { |
5591 CK_SSL3_MASTER_KEY_DERIVE_PARAMS *ssl3_master; | 5647 CK_SSL3_MASTER_KEY_DERIVE_PARAMS *ssl3_master; |
5592 SSL3RSAPreMasterSecret * rsa_pms; | 5648 SSL3RSAPreMasterSecret * rsa_pms; |
5593 unsigned char crsrdata[SSL3_RANDOM_LENGTH * 2]; | 5649 unsigned char crsrdata[SSL3_RANDOM_LENGTH * 2]; |
5594 | 5650 |
5595 if ((pMechanism->mechanism == CKM_SSL3_MASTER_KEY_DERIVE_DH) || | 5651 » if ((mechanism == CKM_TLS12_MASTER_KEY_DERIVE) || |
5596 (pMechanism->mechanism == CKM_TLS_MASTER_KEY_DERIVE_DH) || | 5652 » (mechanism == CKM_TLS12_MASTER_KEY_DERIVE_DH)) { |
5597 (pMechanism->mechanism == CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256)) | 5653 » CK_TLS12_MASTER_KEY_DERIVE_PARAMS *tls12_master = |
5598 » » isDH = PR_TRUE; | 5654 » » (CK_TLS12_MASTER_KEY_DERIVE_PARAMS *) pMechanism->pParameter; |
| 5655 » tlsPrfHash = GetHashTypeFromMechanism(tls12_master->prfHashMechanism
); |
| 5656 » if (tlsPrfHash == HASH_AlgNULL) { |
| 5657 » » crv = CKR_MECHANISM_PARAM_INVALID; |
| 5658 » » break; |
| 5659 » } |
| 5660 » } else if ((mechanism == CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256) || |
| 5661 » » (mechanism == CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256)) { |
| 5662 » tlsPrfHash = HASH_AlgSHA256; |
| 5663 » } |
| 5664 |
| 5665 » if ((mechanism != CKM_SSL3_MASTER_KEY_DERIVE) && |
| 5666 » (mechanism != CKM_SSL3_MASTER_KEY_DERIVE_DH)) { |
| 5667 » isTLS = PR_TRUE; |
| 5668 » } |
| 5669 » if ((mechanism == CKM_SSL3_MASTER_KEY_DERIVE_DH) || |
| 5670 » (mechanism == CKM_TLS_MASTER_KEY_DERIVE_DH) || |
| 5671 » (mechanism == CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256) || |
| 5672 » (mechanism == CKM_TLS12_MASTER_KEY_DERIVE_DH)) { |
| 5673 » isDH = PR_TRUE; |
| 5674 » } |
5599 | 5675 |
5600 /* first do the consistancy checks */ | 5676 /* first do the consistancy checks */ |
5601 if (!isDH && (att->attrib.ulValueLen != SSL3_PMS_LENGTH)) { | 5677 if (!isDH && (att->attrib.ulValueLen != SSL3_PMS_LENGTH)) { |
5602 crv = CKR_KEY_TYPE_INCONSISTENT; | 5678 crv = CKR_KEY_TYPE_INCONSISTENT; |
5603 break; | 5679 break; |
5604 } | 5680 } |
5605 att2 = sftk_FindAttribute(sourceKey,CKA_KEY_TYPE); | 5681 att2 = sftk_FindAttribute(sourceKey,CKA_KEY_TYPE); |
5606 if ((att2 == NULL) || (*(CK_KEY_TYPE *)att2->attrib.pValue != | 5682 if ((att2 == NULL) || (*(CK_KEY_TYPE *)att2->attrib.pValue != |
5607 CKK_GENERIC_SECRET)) { | 5683 CKK_GENERIC_SECRET)) { |
5608 if (att2) sftk_FreeAttribute(att2); | 5684 if (att2) sftk_FreeAttribute(att2); |
(...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
5655 SECItem master = { siBuffer, NULL, 0 }; | 5731 SECItem master = { siBuffer, NULL, 0 }; |
5656 SECItem pms = { siBuffer, NULL, 0 }; | 5732 SECItem pms = { siBuffer, NULL, 0 }; |
5657 | 5733 |
5658 crsr.data = crsrdata; | 5734 crsr.data = crsrdata; |
5659 crsr.len = sizeof crsrdata; | 5735 crsr.len = sizeof crsrdata; |
5660 master.data = key_block; | 5736 master.data = key_block; |
5661 master.len = SSL3_MASTER_SECRET_LENGTH; | 5737 master.len = SSL3_MASTER_SECRET_LENGTH; |
5662 pms.data = (unsigned char*)att->attrib.pValue; | 5738 pms.data = (unsigned char*)att->attrib.pValue; |
5663 pms.len = att->attrib.ulValueLen; | 5739 pms.len = att->attrib.ulValueLen; |
5664 | 5740 |
5665 » if (isSHA256) { | 5741 » if (tlsPrfHash != HASH_AlgNULL) { |
5666 » » status = TLS_P_hash(HASH_AlgSHA256, &pms, "master secret", | 5742 » » status = TLS_P_hash(tlsPrfHash, &pms, "master secret", |
5667 &crsr, &master, isFIPS); | 5743 &crsr, &master, isFIPS); |
5668 } else { | 5744 } else { |
5669 status = TLS_PRF(&pms, "master secret", &crsr, &master, isFIPS); | 5745 status = TLS_PRF(&pms, "master secret", &crsr, &master, isFIPS); |
5670 } | 5746 } |
5671 if (status != SECSuccess) { | 5747 if (status != SECSuccess) { |
5672 crv = CKR_FUNCTION_FAILED; | 5748 crv = CKR_FUNCTION_FAILED; |
5673 break; | 5749 break; |
5674 } | 5750 } |
5675 } else { | 5751 } else { |
5676 /* now allocate the hash contexts */ | 5752 /* now allocate the hash contexts */ |
(...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
5719 if (crv != CKR_OK) break; | 5795 if (crv != CKR_OK) break; |
5720 crv = sftk_forceAttribute(key,CKA_VERIFY,&cktrue,sizeof(CK_BBOOL)); | 5796 crv = sftk_forceAttribute(key,CKA_VERIFY,&cktrue,sizeof(CK_BBOOL)); |
5721 if (crv != CKR_OK) break; | 5797 if (crv != CKR_OK) break; |
5722 /* While we're here, we might as well force this, too. */ | 5798 /* While we're here, we might as well force this, too. */ |
5723 crv = sftk_forceAttribute(key,CKA_DERIVE,&cktrue,sizeof(CK_BBOOL)); | 5799 crv = sftk_forceAttribute(key,CKA_DERIVE,&cktrue,sizeof(CK_BBOOL)); |
5724 if (crv != CKR_OK) break; | 5800 if (crv != CKR_OK) break; |
5725 } | 5801 } |
5726 break; | 5802 break; |
5727 } | 5803 } |
5728 | 5804 |
| 5805 case CKM_TLS12_KEY_AND_MAC_DERIVE: |
5729 case CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256: | 5806 case CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256: |
5730 isSHA256 = PR_TRUE; | |
5731 /* fall thru */ | |
5732 case CKM_TLS_KEY_AND_MAC_DERIVE: | 5807 case CKM_TLS_KEY_AND_MAC_DERIVE: |
5733 isTLS = PR_TRUE; | |
5734 /* fall thru */ | |
5735 case CKM_SSL3_KEY_AND_MAC_DERIVE: | 5808 case CKM_SSL3_KEY_AND_MAC_DERIVE: |
5736 { | 5809 { |
5737 CK_SSL3_KEY_MAT_PARAMS *ssl3_keys; | 5810 CK_SSL3_KEY_MAT_PARAMS *ssl3_keys; |
5738 CK_SSL3_KEY_MAT_OUT * ssl3_keys_out; | 5811 CK_SSL3_KEY_MAT_OUT * ssl3_keys_out; |
5739 CK_ULONG effKeySize; | 5812 CK_ULONG effKeySize; |
5740 unsigned int block_needed; | 5813 unsigned int block_needed; |
5741 unsigned char srcrdata[SSL3_RANDOM_LENGTH * 2]; | 5814 unsigned char srcrdata[SSL3_RANDOM_LENGTH * 2]; |
5742 unsigned char crsrdata[SSL3_RANDOM_LENGTH * 2]; | 5815 unsigned char crsrdata[SSL3_RANDOM_LENGTH * 2]; |
5743 | 5816 |
| 5817 if (mechanism == CKM_TLS12_KEY_AND_MAC_DERIVE) { |
| 5818 CK_TLS12_KEY_MAT_PARAMS *tls12_keys = |
| 5819 (CK_TLS12_KEY_MAT_PARAMS *) pMechanism->pParameter; |
| 5820 tlsPrfHash = GetHashTypeFromMechanism(tls12_keys->prfHashMechanism); |
| 5821 if (tlsPrfHash == HASH_AlgNULL) { |
| 5822 crv = CKR_MECHANISM_PARAM_INVALID; |
| 5823 break; |
| 5824 } |
| 5825 } else if (mechanism == CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256) { |
| 5826 tlsPrfHash = HASH_AlgSHA256; |
| 5827 } |
| 5828 |
| 5829 if (mechanism != CKM_SSL3_KEY_AND_MAC_DERIVE) { |
| 5830 isTLS = PR_TRUE; |
| 5831 } |
| 5832 |
5744 crv = sftk_DeriveSensitiveCheck(sourceKey,key); | 5833 crv = sftk_DeriveSensitiveCheck(sourceKey,key); |
5745 if (crv != CKR_OK) break; | 5834 if (crv != CKR_OK) break; |
5746 | 5835 |
5747 if (att->attrib.ulValueLen != SSL3_MASTER_SECRET_LENGTH) { | 5836 if (att->attrib.ulValueLen != SSL3_MASTER_SECRET_LENGTH) { |
5748 crv = CKR_KEY_FUNCTION_NOT_PERMITTED; | 5837 crv = CKR_KEY_FUNCTION_NOT_PERMITTED; |
5749 break; | 5838 break; |
5750 } | 5839 } |
5751 att2 = sftk_FindAttribute(sourceKey,CKA_KEY_TYPE); | 5840 att2 = sftk_FindAttribute(sourceKey,CKA_KEY_TYPE); |
5752 if ((att2 == NULL) || (*(CK_KEY_TYPE *)att2->attrib.pValue != | 5841 if ((att2 == NULL) || (*(CK_KEY_TYPE *)att2->attrib.pValue != |
5753 CKK_GENERIC_SECRET)) { | 5842 CKK_GENERIC_SECRET)) { |
(...skipping 59 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
5813 SECItem keyblk = { siBuffer, NULL, 0 }; | 5902 SECItem keyblk = { siBuffer, NULL, 0 }; |
5814 SECItem master = { siBuffer, NULL, 0 }; | 5903 SECItem master = { siBuffer, NULL, 0 }; |
5815 | 5904 |
5816 srcr.data = srcrdata; | 5905 srcr.data = srcrdata; |
5817 srcr.len = sizeof srcrdata; | 5906 srcr.len = sizeof srcrdata; |
5818 keyblk.data = key_block; | 5907 keyblk.data = key_block; |
5819 keyblk.len = block_needed; | 5908 keyblk.len = block_needed; |
5820 master.data = (unsigned char*)att->attrib.pValue; | 5909 master.data = (unsigned char*)att->attrib.pValue; |
5821 master.len = att->attrib.ulValueLen; | 5910 master.len = att->attrib.ulValueLen; |
5822 | 5911 |
5823 » if (isSHA256) { | 5912 » if (tlsPrfHash != HASH_AlgNULL) { |
5824 » » status = TLS_P_hash(HASH_AlgSHA256, &master, "key expansion", | 5913 » » status = TLS_P_hash(tlsPrfHash, &master, "key expansion", |
5825 &srcr, &keyblk, isFIPS); | 5914 &srcr, &keyblk, isFIPS); |
5826 } else { | 5915 } else { |
5827 status = TLS_PRF(&master, "key expansion", &srcr, &keyblk, | 5916 status = TLS_PRF(&master, "key expansion", &srcr, &keyblk, |
5828 isFIPS); | 5917 isFIPS); |
5829 } | 5918 } |
5830 if (status != SECSuccess) { | 5919 if (status != SECSuccess) { |
5831 goto key_and_mac_derive_fail; | 5920 goto key_and_mac_derive_fail; |
5832 } | 5921 } |
5833 } else { | 5922 } else { |
5834 unsigned int block_bytes = 0; | 5923 unsigned int block_bytes = 0; |
(...skipping 595 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
6430 | 6519 |
6431 rv = SEC_QuickDERDecodeItem(arena, &newPoint, | 6520 rv = SEC_QuickDERDecodeItem(arena, &newPoint, |
6432 SEC_ASN1_GET(SEC_OctetStringTemplate), | 6521 SEC_ASN1_GET(SEC_OctetStringTemplate), |
6433 &ecPoint); | 6522 &ecPoint); |
6434 if (rv != SECSuccess) { | 6523 if (rv != SECSuccess) { |
6435 goto ec_loser; | 6524 goto ec_loser; |
6436 } | 6525 } |
6437 ecPoint = newPoint; | 6526 ecPoint = newPoint; |
6438 } | 6527 } |
6439 | 6528 |
6440 » if (pMechanism->mechanism == CKM_ECDH1_COFACTOR_DERIVE) { | 6529 » if (mechanism == CKM_ECDH1_COFACTOR_DERIVE) { |
6441 withCofactor = PR_TRUE; | 6530 withCofactor = PR_TRUE; |
6442 } else { | 6531 } else { |
6443 /* When not using cofactor derivation, one should | 6532 /* When not using cofactor derivation, one should |
6444 * validate the public key to avoid small subgroup | 6533 * validate the public key to avoid small subgroup |
6445 * attacks. | 6534 * attacks. |
6446 */ | 6535 */ |
6447 if (EC_ValidatePublicKey(&privKey->u.ec.ecParams, &ecPoint) | 6536 if (EC_ValidatePublicKey(&privKey->u.ec.ecParams, &ecPoint) |
6448 != SECSuccess) { | 6537 != SECSuccess) { |
6449 goto ec_loser; | 6538 goto ec_loser; |
6450 } | 6539 } |
(...skipping 496 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
6947 att = sftk_FindAttribute(key,CKA_VALUE); | 7036 att = sftk_FindAttribute(key,CKA_VALUE); |
6948 sftk_FreeObject(key); | 7037 sftk_FreeObject(key); |
6949 if (!att) { | 7038 if (!att) { |
6950 return CKR_KEY_HANDLE_INVALID; | 7039 return CKR_KEY_HANDLE_INVALID; |
6951 } | 7040 } |
6952 crv = NSC_DigestUpdate(hSession,(CK_BYTE_PTR)att->attrib.pValue, | 7041 crv = NSC_DigestUpdate(hSession,(CK_BYTE_PTR)att->attrib.pValue, |
6953 att->attrib.ulValueLen); | 7042 att->attrib.ulValueLen); |
6954 sftk_FreeAttribute(att); | 7043 sftk_FreeAttribute(att); |
6955 return crv; | 7044 return crv; |
6956 } | 7045 } |
OLD | NEW |