diff options
author | Kevin Jacobs <kjacobs@mozilla.com> | 2020-09-24 19:25:32 +0000 |
---|---|---|
committer | Kevin Jacobs <kjacobs@mozilla.com> | 2020-09-24 19:25:32 +0000 |
commit | d5aec324bf14d8903b96cce17ae0f0147f27c238 (patch) | |
tree | 0a13ec623b8069d25d3b198cd3ce77e2b0c26937 /lib/pk11wrap | |
parent | c6f0e26f1752c8e2cf13f3fe7b5ebdb8dcd0803b (diff) | |
download | nss-hg-d5aec324bf14d8903b96cce17ae0f0147f27c238.tar.gz |
Bug 1667153 - Add PK11_ImportDataKey API. r=rrelyea
This patch adds and exports `PK11_ImportDataKey`, and refactors the null PSK TLS 1.3 code to use it.
Differential Revision: https://phabricator.services.mozilla.com/D91316
Diffstat (limited to 'lib/pk11wrap')
-rw-r--r-- | lib/pk11wrap/pk11pub.h | 2 | ||||
-rw-r--r-- | lib/pk11wrap/pk11skey.c | 33 |
2 files changed, 32 insertions, 3 deletions
diff --git a/lib/pk11wrap/pk11pub.h b/lib/pk11wrap/pk11pub.h index 8587ac06c..ebd20fc2b 100644 --- a/lib/pk11wrap/pk11pub.h +++ b/lib/pk11wrap/pk11pub.h @@ -267,6 +267,8 @@ CK_MECHANISM_TYPE PK11_MapSignKeyType(KeyType keyType); **********************************************************************/ void PK11_FreeSymKey(PK11SymKey *key); PK11SymKey *PK11_ReferenceSymKey(PK11SymKey *symKey); +PK11SymKey *PK11_ImportDataKey(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, PK11Origin origin, + CK_ATTRIBUTE_TYPE operation, SECItem *key, void *wincx); PK11SymKey *PK11_ImportSymKey(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, PK11Origin origin, CK_ATTRIBUTE_TYPE operation, SECItem *key, void *wincx); PK11SymKey *PK11_ImportSymKeyWithFlags(PK11SlotInfo *slot, diff --git a/lib/pk11wrap/pk11skey.c b/lib/pk11wrap/pk11skey.c index 996c03950..4570fdb7d 100644 --- a/lib/pk11wrap/pk11skey.c +++ b/lib/pk11wrap/pk11skey.c @@ -506,10 +506,37 @@ PK11_ImportSymKey(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, keyTemplate, templateCount, key, wincx); return symKey; } +/* Import a PKCS #11 data object and return it as a key. This key is + * only useful in a limited number of mechanisms, such as HKDF. */ +PK11SymKey * +PK11_ImportDataKey(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, PK11Origin origin, + CK_ATTRIBUTE_TYPE operation, SECItem *key, void *wincx) +{ + CK_OBJECT_CLASS ckoData = CKO_DATA; + CK_ATTRIBUTE template[2] = { { CKA_CLASS, (CK_BYTE_PTR)&ckoData, sizeof(ckoData) }, + { CKA_VALUE, (CK_BYTE_PTR)key->data, key->len } }; + CK_OBJECT_HANDLE handle; + PK11GenericObject *genObject; -/* - * turn key bits into an appropriate key object - */ + genObject = PK11_CreateGenericObject(slot, template, PR_ARRAY_SIZE(template), PR_FALSE); + if (genObject == NULL) { + return NULL; + } + handle = PK11_GetObjectHandle(PK11_TypeGeneric, genObject, NULL); + if (handle == CK_INVALID_HANDLE) { + return NULL; + } + /* A note about ownership of the PKCS #11 handle: + * PK11_CreateGenericObject() will not destroy the object it creates + * on Free, For that you want PK11_CreateManagedGenericObject(). + * Below we import the handle into the symKey structure. We pass + * PR_TRUE as the owner so that the symKey will destroy the object + * once it's freed. This is way it's safe to free now. */ + PK11_DestroyGenericObject(genObject); + return PK11_SymKeyFromHandle(slot, NULL, origin, type, handle, PR_TRUE, wincx); +} + +/* turn key bits into an appropriate key object */ PK11SymKey * PK11_ImportSymKeyWithFlags(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, PK11Origin origin, CK_ATTRIBUTE_TYPE operation, SECItem *key, |