| OLD | NEW |
|---|
| 1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
| 2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
| 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| 4 /* | 4 /* |
| 5 * This file implements PKCS 11 on top of our existing security modules | 5 * This file implements PKCS 11 on top of our existing security modules |
| 6 * | 6 * |
| 7 * For more information about PKCS 11 See PKCS 11 Token Inteface Standard. | 7 * For more information about PKCS 11 See PKCS 11 Token Inteface Standard. |
| 8 * This implementation has two slots: | 8 * This implementation has two slots: |
| 9 * slot 1 is our generic crypto support. It does not require login. | 9 * slot 1 is our generic crypto support. It does not require login. |
| 10 * It supports Public Key ops, and all they bulk ciphers and hashes. | 10 * It supports Public Key ops, and all they bulk ciphers and hashes. |
| (...skipping 457 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 468 | 468 |
| 469 static SECStatus | 469 static SECStatus |
| 470 sftk_DecryptOAEP(SFTKOAEPDecryptInfo *info, unsigned char *output, | 470 sftk_DecryptOAEP(SFTKOAEPDecryptInfo *info, unsigned char *output, |
| 471 unsigned int *outputLen, unsigned int maxLen, | 471 unsigned int *outputLen, unsigned int maxLen, |
| 472 unsigned char *input, unsigned int inputLen) | 472 unsigned char *input, unsigned int inputLen) |
| 473 { | 473 { |
| 474 return RSA_DecryptOAEP(info->params, info->key, output, outputLen, | 474 return RSA_DecryptOAEP(info->params, info->key, output, outputLen, |
| 475 maxLen, input, inputLen); | 475 maxLen, input, inputLen); |
| 476 } | 476 } |
| 477 | 477 |
| 478 /* sftk_ChaCha20Poly1305_Context saves the key and additional data for a |
| 479 * ChaCha20+Poly1305 AEAD operation. */ |
| 480 struct sftk_ChaCha20Poly1305_Context { |
| 481 unsigned char key[32]; |
| 482 unsigned char nonce[8]; |
| 483 unsigned char ad[16]; |
| 484 unsigned char *adOverflow; |
| 485 unsigned int adLen; |
| 486 unsigned char tagLen; |
| 487 }; |
| 488 |
| 489 static struct sftk_ChaCha20Poly1305_Context* sftk_ChaCha20Poly1305_New( |
| 490 const unsigned char *key, |
| 491 const CK_AEAD_PARAMS* params) { |
| 492 struct sftk_ChaCha20Poly1305_Context* ctx; |
| 493 |
| 494 if (params->ulIvLen != sizeof(ctx->nonce)) |
| 495 return NULL; |
| 496 |
| 497 if (params->ulTagBits == 0 || |
| 498 params->ulTagBits > 128 || |
| 499 (params->ulTagBits & 3) != 0) { |
| 500 return NULL; |
| 501 } |
| 502 |
| 503 ctx = PORT_Alloc(sizeof(struct sftk_ChaCha20Poly1305_Context)); |
| 504 if (ctx == NULL) |
| 505 return NULL; |
| 506 |
| 507 memcpy(ctx->nonce, params->pIv, sizeof(ctx->nonce)); |
| 508 memcpy(ctx->key, key, sizeof(ctx->key)); |
| 509 ctx->tagLen = params->ulTagBits >> 3; |
| 510 |
| 511 if (params->ulAADLen > sizeof(ctx->ad)) { |
| 512 /* Need to allocate an overflow buffer for the additional data. */ |
| 513 ctx->adOverflow = PORT_Alloc(params->ulAADLen); |
| 514 if (!ctx->adOverflow) { |
| 515 PORT_Free(ctx); |
| 516 return NULL; |
| 517 } |
| 518 memcpy(ctx->adOverflow, params->pAAD, params->ulAADLen); |
| 519 } else { |
| 520 ctx->adOverflow = NULL; |
| 521 memcpy(ctx->ad, params->pAAD, params->ulAADLen); |
| 522 } |
| 523 ctx->adLen = params->ulAADLen; |
| 524 |
| 525 return ctx; |
| 526 } |
| 527 |
| 528 static void sftk_ChaCha20Poly1305_Free( |
| 529 struct sftk_ChaCha20Poly1305_Context *ctx) { |
| 530 if (ctx->adOverflow != NULL) { |
| 531 PORT_Free(ctx->adOverflow); |
| 532 } |
| 533 PORT_Free(ctx); |
| 534 } |
| 535 |
| 536 static SECStatus sftk_ChaCha20Poly1305_Seal( |
| 537 const struct sftk_ChaCha20Poly1305_Context *ctx, |
| 538 unsigned char *output, |
| 539 unsigned int *outputLen, |
| 540 unsigned int maxOutputLen, |
| 541 const unsigned char *input, |
| 542 unsigned int inputLen) { |
| 543 const unsigned char* ad = ctx->adOverflow; |
| 544 |
| 545 if (maxOutputLen < inputLen + 16) { |
| 546 return SECFailure; |
| 547 } |
| 548 |
| 549 if (ad == NULL) { |
| 550 ad = ctx->ad; |
| 551 } |
| 552 |
| 553 *outputLen = inputLen + 16; |
| 554 |
| 555 return ChaCha20Poly1305_Seal(output, ad, ctx->adLen, input, inputLen, |
| 556 ctx->tagLen, ctx->key, ctx->nonce); |
| 557 } |
| 558 |
| 559 static SECStatus sftk_ChaCha20Poly1305_Open( |
| 560 const struct sftk_ChaCha20Poly1305_Context *ctx, |
| 561 unsigned char *output, |
| 562 unsigned int *outputLen, |
| 563 unsigned int maxOutputLen, |
| 564 const unsigned char *input, |
| 565 unsigned int inputLen) { |
| 566 const unsigned char* ad = ctx->adOverflow; |
| 567 |
| 568 if (maxOutputLen < inputLen || inputLen < 16) { |
| 569 return SECFailure; |
| 570 } |
| 571 |
| 572 if (ad == NULL) { |
| 573 ad = ctx->ad; |
| 574 } |
| 575 |
| 576 *outputLen = inputLen - 16; |
| 577 |
| 578 return ChaCha20Poly1305_Open(output, ad, ctx->adLen, input, inputLen, |
| 579 ctx->tagLen, ctx->key, ctx->nonce); |
| 580 } |
| 581 |
| 478 /** NSC_CryptInit initializes an encryption/Decryption operation. | 582 /** NSC_CryptInit initializes an encryption/Decryption operation. |
| 479 * | 583 * |
| 480 * Always called by NSC_EncryptInit, NSC_DecryptInit, NSC_WrapKey,NSC_UnwrapKey. | 584 * Always called by NSC_EncryptInit, NSC_DecryptInit, NSC_WrapKey,NSC_UnwrapKey. |
| 481 * Called by NSC_SignInit, NSC_VerifyInit (via sftk_InitCBCMac) only for block | 585 * Called by NSC_SignInit, NSC_VerifyInit (via sftk_InitCBCMac) only for block |
| 482 * ciphers MAC'ing. | 586 * ciphers MAC'ing. |
| 483 */ | 587 */ |
| 484 static CK_RV | 588 static CK_RV |
| 485 sftk_CryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, | 589 sftk_CryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, |
| 486 CK_OBJECT_HANDLE hKey, | 590 CK_OBJECT_HANDLE hKey, |
| 487 CK_ATTRIBUTE_TYPE mechUsage, CK_ATTRIBUTE_TYPE keyUsage, | 591 CK_ATTRIBUTE_TYPE mechUsage, CK_ATTRIBUTE_TYPE keyUsage, |
| (...skipping 375 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 863 isEncrypt, att->attrib.ulValueLen, 16); | 967 isEncrypt, att->attrib.ulValueLen, 16); |
| 864 sftk_FreeAttribute(att); | 968 sftk_FreeAttribute(att); |
| 865 if (context->cipherInfo == NULL) { | 969 if (context->cipherInfo == NULL) { |
| 866 crv = CKR_HOST_MEMORY; | 970 crv = CKR_HOST_MEMORY; |
| 867 break; | 971 break; |
| 868 } | 972 } |
| 869 context->update = (SFTKCipher) (isEncrypt ? AES_Encrypt : AES_Decrypt); | 973 context->update = (SFTKCipher) (isEncrypt ? AES_Encrypt : AES_Decrypt); |
| 870 context->destroy = (SFTKDestroy) AES_DestroyContext; | 974 context->destroy = (SFTKDestroy) AES_DestroyContext; |
| 871 break; | 975 break; |
| 872 | 976 |
| 977 case CKM_NSS_CHACHA20_POLY1305: |
| 978 context->multi = PR_FALSE; |
| 979 if (key_type != CKK_NSS_CHACHA20) { |
| 980 crv = CKR_KEY_TYPE_INCONSISTENT; |
| 981 break; |
| 982 } |
| 983 att = sftk_FindAttribute(key,CKA_VALUE); |
| 984 if (att == NULL) { |
| 985 crv = CKR_KEY_HANDLE_INVALID; |
| 986 break; |
| 987 } |
| 988 context->cipherInfo = sftk_ChaCha20Poly1305_New( |
| 989 (unsigned char*) att->attrib.pValue, |
| 990 (CK_AEAD_PARAMS*) pMechanism->pParameter); |
| 991 sftk_FreeAttribute(att); |
| 992 if (context->cipherInfo == NULL) { |
| 993 crv = CKR_HOST_MEMORY; |
| 994 break; |
| 995 } |
| 996 context->update = (SFTKCipher) (isEncrypt ? sftk_ChaCha20Poly1305_Seal : |
| 997 sftk_ChaCha20Poly1305_Open); |
| 998 context->destroy = (SFTKDestroy) sftk_ChaCha20Poly1305_Free; |
| 999 break; |
| 1000 |
| 873 case CKM_NETSCAPE_AES_KEY_WRAP_PAD: | 1001 case CKM_NETSCAPE_AES_KEY_WRAP_PAD: |
| 874 context->doPad = PR_TRUE; | 1002 context->doPad = PR_TRUE; |
| 875 /* fall thru */ | 1003 /* fall thru */ |
| 876 case CKM_NETSCAPE_AES_KEY_WRAP: | 1004 case CKM_NETSCAPE_AES_KEY_WRAP: |
| 877 context->multi = PR_FALSE; | 1005 context->multi = PR_FALSE; |
| 878 context->blockSize = 8; | 1006 context->blockSize = 8; |
| 879 if (key_type != CKK_AES) { | 1007 if (key_type != CKK_AES) { |
| 880 crv = CKR_KEY_TYPE_INCONSISTENT; | 1008 crv = CKR_KEY_TYPE_INCONSISTENT; |
| 881 break; | 1009 break; |
| 882 } | 1010 } |
| (...skipping 2382 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3265 *key_length = 16; | 3393 *key_length = 16; |
| 3266 break; | 3394 break; |
| 3267 case CKM_CAMELLIA_KEY_GEN: | 3395 case CKM_CAMELLIA_KEY_GEN: |
| 3268 *key_type = CKK_CAMELLIA; | 3396 *key_type = CKK_CAMELLIA; |
| 3269 if (*key_length == 0) crv = CKR_TEMPLATE_INCOMPLETE; | 3397 if (*key_length == 0) crv = CKR_TEMPLATE_INCOMPLETE; |
| 3270 break; | 3398 break; |
| 3271 case CKM_AES_KEY_GEN: | 3399 case CKM_AES_KEY_GEN: |
| 3272 *key_type = CKK_AES; | 3400 *key_type = CKK_AES; |
| 3273 if (*key_length == 0) crv = CKR_TEMPLATE_INCOMPLETE; | 3401 if (*key_length == 0) crv = CKR_TEMPLATE_INCOMPLETE; |
| 3274 break; | 3402 break; |
| 3403 case CKM_NSS_CHACHA20_KEY_GEN: |
| 3404 *key_type = CKK_NSS_CHACHA20; |
| 3405 if (*key_length == 0) crv = CKR_TEMPLATE_INCOMPLETE; |
| 3406 break; |
| 3275 default: | 3407 default: |
| 3276 PORT_Assert(0); | 3408 PORT_Assert(0); |
| 3277 crv = CKR_MECHANISM_INVALID; | 3409 crv = CKR_MECHANISM_INVALID; |
| 3278 break; | 3410 break; |
| 3279 } | 3411 } |
| 3280 | 3412 |
| 3281 return crv; | 3413 return crv; |
| 3282 } | 3414 } |
| 3283 | 3415 |
| 3284 CK_RV | 3416 CK_RV |
| (...skipping 224 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3509 case CKM_DES_KEY_GEN: | 3641 case CKM_DES_KEY_GEN: |
| 3510 case CKM_DES2_KEY_GEN: | 3642 case CKM_DES2_KEY_GEN: |
| 3511 case CKM_DES3_KEY_GEN: | 3643 case CKM_DES3_KEY_GEN: |
| 3512 checkWeak = PR_TRUE; | 3644 checkWeak = PR_TRUE; |
| 3513 case CKM_RC2_KEY_GEN: | 3645 case CKM_RC2_KEY_GEN: |
| 3514 case CKM_RC4_KEY_GEN: | 3646 case CKM_RC4_KEY_GEN: |
| 3515 case CKM_GENERIC_SECRET_KEY_GEN: | 3647 case CKM_GENERIC_SECRET_KEY_GEN: |
| 3516 case CKM_SEED_KEY_GEN: | 3648 case CKM_SEED_KEY_GEN: |
| 3517 case CKM_CAMELLIA_KEY_GEN: | 3649 case CKM_CAMELLIA_KEY_GEN: |
| 3518 case CKM_AES_KEY_GEN: | 3650 case CKM_AES_KEY_GEN: |
| 3651 case CKM_NSS_CHACHA20_KEY_GEN: |
| 3519 #if NSS_SOFTOKEN_DOES_RC5 | 3652 #if NSS_SOFTOKEN_DOES_RC5 |
| 3520 case CKM_RC5_KEY_GEN: | 3653 case CKM_RC5_KEY_GEN: |
| 3521 #endif | 3654 #endif |
| 3522 crv = nsc_SetupBulkKeyGen(pMechanism->mechanism,&key_type,&key_length); | 3655 crv = nsc_SetupBulkKeyGen(pMechanism->mechanism,&key_type,&key_length); |
| 3523 break; | 3656 break; |
| 3524 case CKM_SSL3_PRE_MASTER_KEY_GEN: | 3657 case CKM_SSL3_PRE_MASTER_KEY_GEN: |
| 3525 key_type = CKK_GENERIC_SECRET; | 3658 key_type = CKK_GENERIC_SECRET; |
| 3526 key_length = 48; | 3659 key_length = 48; |
| 3527 key_gen_type = nsc_ssl; | 3660 key_gen_type = nsc_ssl; |
| 3528 break; | 3661 break; |
| (...skipping 3418 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 6947 att = sftk_FindAttribute(key,CKA_VALUE); | 7080 att = sftk_FindAttribute(key,CKA_VALUE); |
| 6948 sftk_FreeObject(key); | 7081 sftk_FreeObject(key); |
| 6949 if (!att) { | 7082 if (!att) { |
| 6950 return CKR_KEY_HANDLE_INVALID; | 7083 return CKR_KEY_HANDLE_INVALID; |
| 6951 } | 7084 } |
| 6952 crv = NSC_DigestUpdate(hSession,(CK_BYTE_PTR)att->attrib.pValue, | 7085 crv = NSC_DigestUpdate(hSession,(CK_BYTE_PTR)att->attrib.pValue, |
| 6953 att->attrib.ulValueLen); | 7086 att->attrib.ulValueLen); |
| 6954 sftk_FreeAttribute(att); | 7087 sftk_FreeAttribute(att); |
| 6955 return crv; | 7088 return crv; |
| 6956 } | 7089 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 27510015:
Support ChaCha20+Poly1305 cipher suites. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/