diff options
author | Robert Relyea <rrelyea@redhat.com> | 2020-10-23 15:34:01 -0700 |
---|---|---|
committer | Robert Relyea <rrelyea@redhat.com> | 2020-10-23 15:34:01 -0700 |
commit | a709ad895bea3d3580f8a9ddee86fd7cebe1fcad (patch) | |
tree | 08e7659a33a9244d354d014346e369b1cda7e560 /lib/nss | |
parent | 1e26e71f47e3f74d8b928641c0f8827c6548e72f (diff) | |
download | nss-hg-a709ad895bea3d3580f8a9ddee86fd7cebe1fcad.tar.gz |
Bug 1666891 - Add PK11_Pub{Wrap,Unwrap}SymKeyWithMechanism r=mt,rrelyea
Summary
This is useful for RSA-OAEP support.
The CKM_RSA_PKCS_OAEP mechanism requires a CK_RSA_PKCS_OAEP_PARAMS
be present for PKCS#11 calls. This provides required context for OAEP.
However, PK11_PubWrapSymKey lacks a way of providing this context and
historically silently converted CKM_RSA_PKCS_OAEP to CKM_RSA_PKCS when
a RSA key is provided. Introducing a new call will let us indicate
parameters and potentially support other mechanisms in the future.
This call mirrors the earlier calls introduced for RSA-PSS:
PK11_SignWithMechanism and PK11_VerifyWithMechanism.
The CKM_RSA_PKCS_OAEP mechanism requires a CK_RSA_PKCS_OAEP_PARAMS
be present for PKCS#11 calls. This provides required context for OAEP.
However, PK11_PubUnwrapSymKey lacks a way of providing this context,
and additionally lacked a way of indicating which mechanism type to use
for the unwrap operation (instead detecting it by key type). Introducing
a new call will let us indicate parameters and potentially support other
mechanisms in the future.
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
Differential Revision: https://phabricator.services.mozilla.com/D93424
Diffstat (limited to 'lib/nss')
-rw-r--r-- | lib/nss/nss.def | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/lib/nss/nss.def b/lib/nss/nss.def index dc41a7a8d..5ad688b4e 100644 --- a/lib/nss/nss.def +++ b/lib/nss/nss.def @@ -1208,6 +1208,8 @@ PK11_ImportDataKey; ;+ global: CERT_AddCertToListHeadWithData; CERT_AddCertToListTailWithData; +PK11_PubWrapSymKeyWithMechanism; +PK11_PubUnwrapSymKeyWithMechanism; ;+ local: ;+ *; ;+}; |