| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * SSL3 Protocol | 2 * SSL3 Protocol |
| 3 * | 3 * |
| 4 * This Source Code Form is subject to the terms of the Mozilla Public | 4 * This Source Code Form is subject to the terms of the Mozilla Public |
| 5 * License, v. 2.0. If a copy of the MPL was not distributed with this | 5 * License, v. 2.0. If a copy of the MPL was not distributed with this |
| 6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| 7 | 7 |
| 8 /* ECC code moved here from ssl3con.c */ | 8 /* ECC code moved here from ssl3con.c */ |
| 9 | 9 |
| 10 #include "nss.h" | 10 #include "nss.h" |
| (...skipping 14 matching lines...) Expand all Loading... |
| 25 #include "prthread.h" | 25 #include "prthread.h" |
| 26 #include "prinit.h" | 26 #include "prinit.h" |
| 27 | 27 |
| 28 #include "pk11func.h" | 28 #include "pk11func.h" |
| 29 #include "secmod.h" | 29 #include "secmod.h" |
| 30 | 30 |
| 31 #include <stdio.h> | 31 #include <stdio.h> |
| 32 | 32 |
| 33 /* This is a bodge to allow this code to be compiled against older NSS headers | 33 /* This is a bodge to allow this code to be compiled against older NSS headers |
| 34 * that don't contain the TLS 1.2 changes. */ | 34 * that don't contain the TLS 1.2 changes. */ |
| 35 #ifndef CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 | 35 #ifndef CKM_TLS12_MASTER_KEY_DERIVE_DH |
| 36 #define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24) | 36 #define CKM_TLS12_MASTER_KEY_DERIVE_DH 0x000003E2 |
| 37 #endif | 37 #endif |
| 38 | 38 |
| 39 #ifdef NSS_ENABLE_ECC | 39 #ifdef NSS_ENABLE_ECC |
| 40 | 40 |
| 41 /* | 41 /* |
| 42 * In NSS 3.13.2 the definition of the EC_POINT_FORM_UNCOMPRESSED macro | 42 * In NSS 3.13.2 the definition of the EC_POINT_FORM_UNCOMPRESSED macro |
| 43 * was moved from the internal header ec.h to the public header blapit.h. | 43 * was moved from the internal header ec.h to the public header blapit.h. |
| 44 * Define the macro here when compiling against older system NSS headers. | 44 * Define the macro here when compiling against older system NSS headers. |
| 45 */ | 45 */ |
| 46 #ifndef EC_POINT_FORM_UNCOMPRESSED | 46 #ifndef EC_POINT_FORM_UNCOMPRESSED |
| (...skipping 257 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 304 if (!privKey || !pubKey) { | 304 if (!privKey || !pubKey) { |
| 305 ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL); | 305 ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL); |
| 306 rv = SECFailure; | 306 rv = SECFailure; |
| 307 goto loser; | 307 goto loser; |
| 308 } | 308 } |
| 309 PRINT_BUF(50, (ss, "ECDH public value:", | 309 PRINT_BUF(50, (ss, "ECDH public value:", |
| 310 pubKey->u.ec.publicValue.data, | 310 pubKey->u.ec.publicValue.data, |
| 311 pubKey->u.ec.publicValue.len)); | 311 pubKey->u.ec.publicValue.len)); |
| 312 | 312 |
| 313 if (isTLS12) { | 313 if (isTLS12) { |
| 314 » target = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256; | 314 » target = CKM_TLS12_MASTER_KEY_DERIVE_DH; |
| 315 } else if (isTLS) { | 315 } else if (isTLS) { |
| 316 target = CKM_TLS_MASTER_KEY_DERIVE_DH; | 316 target = CKM_TLS_MASTER_KEY_DERIVE_DH; |
| 317 } else { | 317 } else { |
| 318 target = CKM_SSL3_MASTER_KEY_DERIVE_DH; | 318 target = CKM_SSL3_MASTER_KEY_DERIVE_DH; |
| 319 } | 319 } |
| 320 | 320 |
| 321 /* Determine the PMS */ | 321 /* Determine the PMS */ |
| 322 pms = PK11_PubDeriveWithKDF(privKey, svrPubKey, PR_FALSE, NULL, NULL, | 322 pms = PK11_PubDeriveWithKDF(privKey, svrPubKey, PR_FALSE, NULL, NULL, |
| 323 CKM_ECDH1_DERIVE, target, CKA_DERIVE, 0, | 323 CKM_ECDH1_DERIVE, target, CKA_DERIVE, 0, |
| 324 CKD_NULL, NULL, NULL); | 324 CKD_NULL, NULL, NULL); |
| (...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 395 1, &b, &length); | 395 1, &b, &length); |
| 396 if (rv != SECSuccess) { | 396 if (rv != SECSuccess) { |
| 397 SEND_ALERT | 397 SEND_ALERT |
| 398 return SECFailure; /* XXX Who sets the error code?? */ | 398 return SECFailure; /* XXX Who sets the error code?? */ |
| 399 } | 399 } |
| 400 | 400 |
| 401 isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0); | 401 isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0); |
| 402 isTLS12 = (PRBool)(ss->ssl3.prSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2); | 402 isTLS12 = (PRBool)(ss->ssl3.prSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2); |
| 403 | 403 |
| 404 if (isTLS12) { | 404 if (isTLS12) { |
| 405 » target = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256; | 405 » target = CKM_TLS12_MASTER_KEY_DERIVE_DH; |
| 406 } else if (isTLS) { | 406 } else if (isTLS) { |
| 407 target = CKM_TLS_MASTER_KEY_DERIVE_DH; | 407 target = CKM_TLS_MASTER_KEY_DERIVE_DH; |
| 408 } else { | 408 } else { |
| 409 target = CKM_SSL3_MASTER_KEY_DERIVE_DH; | 409 target = CKM_SSL3_MASTER_KEY_DERIVE_DH; |
| 410 } | 410 } |
| 411 | 411 |
| 412 /* Determine the PMS */ | 412 /* Determine the PMS */ |
| 413 pms = PK11_PubDeriveWithKDF(srvrPrivKey, &clntPubKey, PR_FALSE, NULL, NULL, | 413 pms = PK11_PubDeriveWithKDF(srvrPrivKey, &clntPubKey, PR_FALSE, NULL, NULL, |
| 414 CKM_ECDH1_DERIVE, target, CKA_DERIVE, 0, | 414 CKM_ECDH1_DERIVE, target, CKA_DERIVE, 0, |
| 415 CKD_NULL, NULL, NULL); | 415 CKD_NULL, NULL, NULL); |
| (...skipping 855 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1271 ssl3_DisableECCSuites(ss, ecdhe_ecdsa_suites); | 1271 ssl3_DisableECCSuites(ss, ecdhe_ecdsa_suites); |
| 1272 return SECFailure; | 1272 return SECFailure; |
| 1273 | 1273 |
| 1274 loser: | 1274 loser: |
| 1275 /* no common curve supported */ | 1275 /* no common curve supported */ |
| 1276 ssl3_DisableECCSuites(ss, ecSuites); | 1276 ssl3_DisableECCSuites(ss, ecSuites); |
| 1277 return SECFailure; | 1277 return SECFailure; |
| 1278 } | 1278 } |
| 1279 | 1279 |
| 1280 #endif /* NSS_ENABLE_ECC */ | 1280 #endif /* NSS_ENABLE_ECC */ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 23713003:
Use the TLS 1.2 mechanisms for PKCS #11. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/