bug 401928 softoken updates for pkcs5 v2

r= nelsonb
author: rrelyea%redhat.com <devnull@localhost> 2007-12-21 01:30:02 +0000
committer: rrelyea%redhat.com <devnull@localhost> 2007-12-21 01:30:02 +0000
commit: f1ea6a5307ff27f380071e96deef8c80953b9c67 (patch)
tree: 36ddc766b7e4bf95a0df49ffc1757983122c446a
parent: 66a900e967a13822cebaf3ae471724512b75e1d0 (diff)
download: nss-hg-f1ea6a5307ff27f380071e96deef8c80953b9c67.tar.gz
3 files changed, 16 insertions, 7 deletions
diff --git a/security/nss/lib/softoken/lowpbe.c b/security/nss/lib/softoken/lowpbe.c
index e12b3462c..f91839836 100644
--- a/security/nss/lib/softoken/lowpbe.c
+++ b/security/nss/lib/softoken/lowpbe.c
@@ -362,7 +362,7 @@ nsspkcs5_PBKFD2_F(const SECHashObject *hashobj, SECItem *pwitem, SECItem *salt,
     unsigned int lastLength = salt->len + 4;
     unsigned int lastBufLength;
 
-    cx=HMAC_Create(hashobj,pwitem->data,pwitem->len,PR_TRUE);
+    cx=HMAC_Create(hashobj,pwitem->data,pwitem->len,PR_FALSE);
     if (cx == NULL) {
 	goto loser;
     }
@@ -406,7 +406,7 @@ nsspkcs5_PBKDF2(const SECHashObject *hashobj, NSSPKCS5PBEParameter *pbe_param,
     int bytesNeeded = pbe_param->keyLen;
     unsigned int dkLen = bytesNeeded;
     unsigned int hLen = hashobj->length;
-    unsigned int l = (dkLen+hLen-1) / hLen;
+    unsigned int nblocks = (dkLen+hLen-1) / hLen;
     unsigned int i;
     unsigned char *rp;
     unsigned char *T = NULL;
@@ -414,7 +414,7 @@ nsspkcs5_PBKDF2(const SECHashObject *hashobj, NSSPKCS5PBEParameter *pbe_param,
     SECItem *salt = &pbe_param->salt;
     SECStatus rv = SECFailure;
 
-    result = SECITEM_AllocItem(NULL,NULL,l*hLen);
+    result = SECITEM_AllocItem(NULL,NULL,nblocks*hLen);
     if (result == NULL) {
 	return NULL;
     }
@@ -424,7 +424,7 @@ nsspkcs5_PBKDF2(const SECHashObject *hashobj, NSSPKCS5PBEParameter *pbe_param,
 	goto loser;
     }
 
-    for (i=0,rp=result->data; i < l ; i++, rp +=hLen) {
+    for (i=1,rp=result->data; i <= nblocks ; i++, rp +=hLen) {
 	rv = nsspkcs5_PBKFD2_F(hashobj,pwitem,salt,iterations,i,T);
 	if (rv != SECSuccess) {
 	    break;
diff --git a/security/nss/lib/softoken/pkcs11.c b/security/nss/lib/softoken/pkcs11.c
index 953e1bdea..3c48a4506 100644
--- a/security/nss/lib/softoken/pkcs11.c
+++ b/security/nss/lib/softoken/pkcs11.c
@@ -450,6 +450,7 @@ static const struct mechanismList mechanisms[] = {
      {CKM_PBE_SHA1_RC4_40,		     {40,40, CKF_GENERATE}, PR_TRUE},
      {CKM_PBE_SHA1_RC4_128,		     {128,128, CKF_GENERATE}, PR_TRUE},
      {CKM_PBA_SHA1_WITH_SHA1_HMAC,	     {20,20, CKF_GENERATE}, PR_TRUE},
+     {CKM_PKCS5_PBKD2,   		     {1,256, CKF_GENERATE}, PR_TRUE},
      {CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN,    {20,20, CKF_GENERATE}, PR_TRUE},
      {CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN,     {16,16, CKF_GENERATE}, PR_TRUE},
      {CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN,     {16,16, CKF_GENERATE}, PR_TRUE},
diff --git a/security/nss/lib/softoken/pkcs11c.c b/security/nss/lib/softoken/pkcs11c.c
index 857507c48..3a1fde282 100644
--- a/security/nss/lib/softoken/pkcs11c.c
+++ b/security/nss/lib/softoken/pkcs11c.c
@@ -628,8 +628,14 @@ finish_des:
     case CKM_CAMELLIA_CBC_PAD:
 	context->doPad = PR_TRUE;
 	/* fall thru */
-    case CKM_CAMELLIA_ECB:
     case CKM_CAMELLIA_CBC:
+	if (!pMechanism->pParameter ||
+		 pMechanism->ulParameterLen != 16) {
+	    crv = CKR_MECHANISM_PARAM_INVALID;
+	    break;
+	}
+	/* fall thru */
+    case CKM_CAMELLIA_ECB:
 	context->blockSize = 16;
 	if (key_type != CKK_CAMELLIA) {
 	    crv = CKR_KEY_TYPE_INCONSISTENT;
@@ -2630,11 +2636,12 @@ nsc_pbe_key_gen(NSSPKCS5PBEParameter *pkcs5_pbe, CK_MECHANISM_PTR pMechanism,
     if (pMechanism->mechanism == CKM_PKCS5_PBKD2) {
 	pbkd2_params = (CK_PKCS5_PBKD2_PARAMS *)pMechanism->pParameter;
 	pwitem.data = (unsigned char *)pbkd2_params->pPassword;
-	pwitem.len = (unsigned int)pbkd2_params->ulPasswordLen;
+	/* was this a typo in the PKCS #11 spec? */
+	pwitem.len = *pbkd2_params->ulPasswordLen;
     } else {
 	pbe_params = (CK_PBE_PARAMS *)pMechanism->pParameter;
 	pwitem.data = (unsigned char *)pbe_params->pPassword;
-	pwitem.len = (unsigned int)pbe_params->ulPasswordLen;
+	pwitem.len = pbe_params->ulPasswordLen;
     }
     pbe_key = nsspkcs5_ComputeKeyAndIV(pkcs5_pbe, &pwitem, &iv, faulty3DES);
     if (pbe_key == NULL) {
@@ -3053,6 +3060,7 @@ CK_RV NSC_GenerateKey(CK_SESSION_HANDLE hSession,
     case CKM_PBE_SHA1_RC4_40:
     case CKM_PBE_MD5_DES_CBC:
     case CKM_PBE_MD2_DES_CBC:
+    case CKM_PKCS5_PBKD2:
 	key_gen_type = nsc_pbe;
 	crv = nsc_SetupPBEKeyGen(pMechanism,&pbe_param, &key_type, &key_length);
 	break;
author	rrelyea%redhat.com <devnull@localhost>	2007-12-21 01:30:02 +0000
committer	rrelyea%redhat.com <devnull@localhost>	2007-12-21 01:30:02 +0000
commit	f1ea6a5307ff27f380071e96deef8c80953b9c67 (patch)
tree	36ddc766b7e4bf95a0df49ffc1757983122c446a
parent	66a900e967a13822cebaf3ae471724512b75e1d0 (diff)
download	nss-hg-f1ea6a5307ff27f380071e96deef8c80953b9c67.tar.gz