diff options
| author | ian.mcgreer%sun.com <devnull@localhost> | 2002-11-21 02:21:32 +0000 |
|---|---|---|
| committer | ian.mcgreer%sun.com <devnull@localhost> | 2002-11-21 02:21:32 +0000 |
| commit | 7c1b29ec33ceed71bcac077a81a014577466ffec (patch) | |
| tree | 5ce4c0d284c8831f947834a5d0a7b53e8ab7f129 /security/nss/cmd | |
| parent | dc7ea9a9c98c55aa8654f460d7c2da9e8d3a435c (diff) | |
| download | nss-hg-7c1b29ec33ceed71bcac077a81a014577466ffec.tar.gz | |
get more crypto stuff working, including a self-test
Diffstat (limited to 'security/nss/cmd')
| -rw-r--r-- | security/nss/cmd/atob/atob.c | 19 | ||||
| -rw-r--r-- | security/nss/cmd/atob/manifest.mn | 6 | ||||
| -rw-r--r-- | security/nss/cmd/btoa/btoa.c | 23 | ||||
| -rw-r--r-- | security/nss/cmd/btoa/manifest.mn | 6 | ||||
| -rw-r--r-- | security/nss/cmd/cipher/Makefile | 2 | ||||
| -rw-r--r-- | security/nss/cmd/cipher/cipher.c | 101 | ||||
| -rw-r--r-- | security/nss/cmd/cipher/cipher.h | 35 | ||||
| -rw-r--r-- | security/nss/cmd/cipher/ciphertests.c | 474 | ||||
| -rw-r--r-- | security/nss/cmd/cipher/cipherutil.c | 132 | ||||
| -rw-r--r-- | security/nss/cmd/cipher/manifest.mn | 4 | ||||
| -rw-r--r-- | security/nss/cmd/cmdlib/cmdio.c | 121 | ||||
| -rw-r--r-- | security/nss/cmd/cmdlib/cmdutil.h | 21 | ||||
| -rw-r--r-- | security/nss/cmd/manifest.mn | 3 | ||||
| -rw-r--r-- | security/nss/cmd/nssutil/modutil.c | 6 | ||||
| -rw-r--r-- | security/nss/cmd/nssutil/nssutil.c | 81 | ||||
| -rw-r--r-- | security/nss/cmd/pkiutil/pkiobject.c | 68 |
16 files changed, 843 insertions, 259 deletions
diff --git a/security/nss/cmd/atob/atob.c b/security/nss/cmd/atob/atob.c index 8d632b6bf..ef74573de 100644 --- a/security/nss/cmd/atob/atob.c +++ b/security/nss/cmd/atob/atob.c @@ -32,8 +32,8 @@ */ #include "plgetopt.h" -#include "secutil.h" -#include "nssb64.h" +#include "nssbase.h" +#include "cmdutil.h" #include <errno.h> #if defined(XP_WIN) || (defined(__sun) && !defined(SVR4)) @@ -57,19 +57,18 @@ output_binary (void *arg, const unsigned char *obuf, PRInt32 size) nb = fwrite(obuf, 1, size, outFile); if (nb != size) { - PORT_SetError(SEC_ERROR_IO); return -1; } return nb; } -static SECStatus +static PRStatus decode_file(FILE *outFile, FILE *inFile) { NSSBase64Decoder *cx; int nb; - SECStatus status = SECFailure; + PRStatus status = PR_FAILURE; char ibuf[4096]; cx = NSSBase64Decoder_Create(output_binary, outFile); @@ -83,7 +82,6 @@ decode_file(FILE *outFile, FILE *inFile) if (nb != sizeof(ibuf)) { if (nb == 0) { if (ferror(inFile)) { - PORT_SetError(SEC_ERROR_IO); goto loser; } /* eof */ @@ -92,7 +90,7 @@ decode_file(FILE *outFile, FILE *inFile) } status = NSSBase64Decoder_Update(cx, ibuf, nb); - if (status != SECSuccess) goto loser; + if (status == PR_FAILURE) goto loser; } return NSSBase64Decoder_Destroy(cx, PR_FALSE); @@ -117,7 +115,7 @@ static void Usage(char *progName) int main(int argc, char **argv) { char *progName; - SECStatus rv; + PRStatus rv; FILE *inFile, *outFile; PLOptState *optstate; PLOptStatus status; @@ -168,9 +166,8 @@ int main(int argc, char **argv) outFile = stdout; } rv = decode_file(outFile, inFile); - if (rv != SECSuccess) { - fprintf(stderr, "%s: lossage: error=%d errno=%d\n", - progName, PORT_GetError(), errno); + if (rv == PR_FAILURE) { + CMD_PrintError("lossage (errno=%d)", errno); return -1; } return 0; diff --git a/security/nss/cmd/atob/manifest.mn b/security/nss/cmd/atob/manifest.mn index ed3717be6..d1c87174f 100644 --- a/security/nss/cmd/atob/manifest.mn +++ b/security/nss/cmd/atob/manifest.mn @@ -34,15 +34,13 @@ CORE_DEPTH = ../../.. # MODULE public and private header directories are implicitly REQUIRED. -MODULE = security +MODULE = nss # This next line is used by .mk files # and gets translated into $LINCS in manifest.mnw # The MODULE is always implicitly required. # Listing it here in REQUIRES makes it appear twice in the cc command line. -REQUIRES = seccmd dbm - -DEFINES = -DNSPR20 +REQUIRES = nspr seccmd CSRCS = atob.c diff --git a/security/nss/cmd/btoa/btoa.c b/security/nss/cmd/btoa/btoa.c index d58805c65..8b2cba1a1 100644 --- a/security/nss/cmd/btoa/btoa.c +++ b/security/nss/cmd/btoa/btoa.c @@ -32,8 +32,8 @@ */ #include "plgetopt.h" -#include "secutil.h" -#include "nssb64.h" +#include "nssbase.h" +#include "cmdutil.h" #include <errno.h> #if defined(XP_WIN) || (defined(__sun) && !defined(SVR4)) @@ -57,19 +57,18 @@ output_ascii (void *arg, const char *obuf, PRInt32 size) nb = fwrite(obuf, 1, size, outFile); if (nb != size) { - PORT_SetError(SEC_ERROR_IO); return -1; } return nb; } -static SECStatus +static PRStatus encode_file(FILE *outFile, FILE *inFile) { NSSBase64Encoder *cx; int nb; - SECStatus status = SECFailure; + PRStatus status = PR_FAILURE; unsigned char ibuf[4096]; cx = NSSBase64Encoder_Create(output_ascii, outFile); @@ -83,7 +82,6 @@ encode_file(FILE *outFile, FILE *inFile) if (nb != sizeof(ibuf)) { if (nb == 0) { if (ferror(inFile)) { - PORT_SetError(SEC_ERROR_IO); goto loser; } /* eof */ @@ -92,11 +90,11 @@ encode_file(FILE *outFile, FILE *inFile) } status = NSSBase64Encoder_Update(cx, ibuf, nb); - if (status != SECSuccess) goto loser; + if (status == PR_FAILURE) goto loser; } status = NSSBase64Encoder_Destroy(cx, PR_FALSE); - if (status != SECSuccess) + if (status == PR_FAILURE) return status; /* @@ -105,7 +103,7 @@ encode_file(FILE *outFile, FILE *inFile) * been written out). */ fwrite("\r\n", 1, 2, outFile); - return SECSuccess; + return PR_SUCCESS; loser: (void) NSSBase64Encoder_Destroy(cx, PR_TRUE); @@ -127,7 +125,7 @@ static void Usage(char *progName) int main(int argc, char **argv) { char *progName; - SECStatus rv; + PRStatus rv; FILE *inFile, *outFile; PLOptState *optstate; PLOptStatus status; @@ -187,9 +185,8 @@ int main(int argc, char **argv) if (!outFile) outFile = stdout; rv = encode_file(outFile, inFile); - if (rv != SECSuccess) { - fprintf(stderr, "%s: lossage: error=%d errno=%d\n", - progName, PORT_GetError(), errno); + if (rv == PR_FAILURE) { + CMD_PrintError("lossage (errno=%d)", errno); return -1; } return 0; diff --git a/security/nss/cmd/btoa/manifest.mn b/security/nss/cmd/btoa/manifest.mn index 8bbf6ee00..723fbc481 100644 --- a/security/nss/cmd/btoa/manifest.mn +++ b/security/nss/cmd/btoa/manifest.mn @@ -34,14 +34,12 @@ CORE_DEPTH = ../../.. # MODULE public and private header directories are implicitly REQUIRED. -MODULE = security +MODULE = nss # This next line is used by .mk files # and gets translated into $LINCS in manifest.mnw # MODULE is implicitly REQUIRED, doesn't need to be listed below. -REQUIRES = seccmd dbm - -DEFINES = -DNSPR20 +REQUIRES = nspr seccmd CSRCS = btoa.c diff --git a/security/nss/cmd/cipher/Makefile b/security/nss/cmd/cipher/Makefile index 23afa3799..8650a607d 100644 --- a/security/nss/cmd/cipher/Makefile +++ b/security/nss/cmd/cipher/Makefile @@ -52,7 +52,7 @@ include $(CORE_DEPTH)/coreconf/config.mk # (4) Include "local" platform-dependent assignments (OPTIONAL). # ####################################################################### -include platlibs.mk +include ../platlibs.mk ####################################################################### diff --git a/security/nss/cmd/cipher/cipher.c b/security/nss/cmd/cipher/cipher.c index 8b0f996ea..dfce9f83f 100644 --- a/security/nss/cmd/cipher/cipher.c +++ b/security/nss/cmd/cipher/cipher.c @@ -54,6 +54,7 @@ enum { cmd_KeyGen, cmd_Sign, cmd_Test, + cmd_NewTest, cmd_Verify, cmd_Version, cipher_num_commands @@ -97,6 +98,7 @@ static cmdCommandLineArg cipher_commands[] = CMDBIT(opt_Binary) | 0, 0, 0 }, + "Decrypt data" }, { /* cmd_Encrypt */ 'E', "encrypt", @@ -117,6 +119,7 @@ static cmdCommandLineArg cipher_commands[] = CMDBIT(opt_Binary) | 0, 0, 0 }, + "Encrypt data" }, { /* cmd_Hash */ 'H', "hash", @@ -137,6 +140,7 @@ static cmdCommandLineArg cipher_commands[] = CMDBIT(opt_Binary) | 0, 0, 0 }, + "Digest data" }, { /* cmd_KeyGen */ 'G', "generate-key", @@ -151,6 +155,7 @@ static cmdCommandLineArg cipher_commands[] = CMDBIT(opt_Size) | 0, 0, 0 }, + "Generate key pair" }, { /* cmd_Sign */ 'S', "sign", @@ -171,6 +176,7 @@ static cmdCommandLineArg cipher_commands[] = CMDBIT(opt_Binary) | 0, 0, 0 }, + "Sign data" }, { /* cmd_Test */ 'T', "test", @@ -183,6 +189,22 @@ static cmdCommandLineArg cipher_commands[] = CMDBIT(opt_TokenName) | 0, 0, 0 }, + "Run self-tests" + }, + { /* cmd_NewTest */ + 0 , "new-test", + CMDNoArg, 0, PR_FALSE, + { + CMDBIT(opt_Cipher) | + CMDBIT(opt_Input), + 0, 0, 0 + }, + { + /* CMDBIT(opt_TokenName) */ + CMDBIT(opt_Size), + 0, 0, 0 + }, + "Run self-tests" }, { /* cmd_Verify */ 'V', "verify", @@ -203,12 +225,14 @@ static cmdCommandLineArg cipher_commands[] = CMDBIT(opt_Binary) | 0, 0, 0 }, + "Verify data" }, { /* cmd_Version */ 0, "version", CMDNoArg, 0, PR_FALSE, { 0, 0, 0, 0 }, - { 0, 0, 0, 0 } + { 0, 0, 0, 0 }, + "Report version" } }; @@ -228,43 +252,23 @@ static cmdCommandLineOpt cipher_options[] = { /* opt_Size */ 's', "size", CMDArgReq, 0, PR_FALSE } }; -void cipher_usage(cmdPrintState *ps, - int num, PRBool cmd, PRBool header, PRBool footer) +static char * cipher_options_help[] = { -#define pusg CMD_PrintUsageString - if (header) { - pusg(ps, "utility for managing PKCS#11 objects (certs and keys)\n"); - } else if (footer) { - } else if (cmd) { - switch(num) { - case cmd_Decrypt: - pusg(ps, "Decrypt data"); break; - case cmd_Version: - pusg(ps, "Report version"); break; - default: - pusg(ps, "Unrecognized command"); break; - } - } else { - switch(num) { - case opt_Ascii: - pusg(ps, "Use ascii (base-64 encoded) mode for I/O"); break; - case opt_ProfileDir: - pusg(ps, "Directory containing security databases (def: \".\")"); - break; - case opt_TokenName: - pusg(ps, "Name of PKCS#11 token to use (def: internal)"); break; - case opt_InputFile: - pusg(ps, "File for input (def: stdin)"); break; - case opt_OutputFile: - pusg(ps, "File for output (def: stdout)"); break; - case opt_Binary: - pusg(ps, "Use raw (binary der-encoded) mode for I/O"); break; - case opt_Help: break; - default: - pusg(ps, "Unrecognized option"); - } - } -} + "get help for command", + "use ascii (base-64 encoded) mode for I/O", + "name of cipher to use", + "directory containing security databases (def: \".\")", + "name of PKCS#11 token to use (def: internal)", + "XXX", + "file for input (def: stdin)", + "file for output (def: stdout)", + "XXX", + "use raw (binary der-encoded) mode for I/O", + "XXX" +}; + +static char * cipher_description = +"perform crypto operations"; int main(int argc, char **argv) @@ -279,14 +283,19 @@ main(int argc, char **argv) cipher.nopt = cipher_num_options; cipher.cmd = cipher_commands; cipher.opt = cipher_options; + cipher.optHelp = cipher_options_help; + cipher.description = cipher_description; progName = strrchr(argv[0], '/'); + if (!progName) { + progName = strrchr(argv[0], '\\'); + } progName = progName ? progName+1 : argv[0]; cmdToRun = CMD_ParseCommandLine(argc, argv, progName, &cipher); if (cipher.opt[opt_Help].on) - CMD_LongUsage(progName, &cipher, cipher_usage); + CMD_LongUsage(progName, &cipher); if (cmdToRun < 0) CMD_Usage(progName, &cipher); @@ -313,8 +322,16 @@ main(int argc, char **argv) NSS_InitReadWrite(profiledir); } + /* XXX */ + rv = NSS_EnablePKIXCertificates(); + if (rv == PR_FAILURE) { + CMD_PrintError("Failed to load PKIX module"); + goto shutdown; + } + rv = cipher_command_dispatcher(&cipher, cmdToRun); +shutdown: NSS_Shutdown(); return rv; @@ -428,8 +445,14 @@ NSSSymmetricKey *symkey; break; #endif case cmd_Test: - status = Test1(); + status = SelfTest(); break; + case cmd_NewTest: + if (cipher->opt[opt_Size].on) { + size = atoi(cipher->opt[opt_Size].arg); + } else size = 0; + status = CreateASelfTest(cipher->opt[opt_Cipher].arg, size, + cipher->opt[opt_Input].arg); default: status = PR_FAILURE; break; diff --git a/security/nss/cmd/cipher/cipher.h b/security/nss/cmd/cipher/cipher.h index 021b14bd9..f0894b36a 100644 --- a/security/nss/cmd/cipher/cipher.h +++ b/security/nss/cmd/cipher/cipher.h @@ -1,3 +1,35 @@ +/* + * The contents of this file are subject to the Mozilla Public + * License Version 1.1 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS + * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + * implied. See the License for the specific language governing + * rights and limitations under the License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is Netscape + * Communications Corporation. Portions created by Netscape are + * Copyright (C) 1994-2000 Netscape Communications Corporation. All + * Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the + * terms of the GNU General Public License Version 2 or later (the + * "GPL"), in which case the provisions of the GPL are applicable + * instead of those above. If you wish to allow use of your + * version of this file only under the terms of the GPL and not to + * allow others to use your version of this file under the MPL, + * indicate your decision by deleting the provisions above and + * replace them with the notice and other provisions required by + * the GPL. If you do not delete the provisions above, a recipient + * may use your version of this file under either the MPL or the + * GPL. + */ #include "cmdutil.h" #include "nssdev.h" @@ -53,3 +85,6 @@ GenerateKeyPair NSSPublicKey **publicKey ); +PRStatus +CreateASelfTest(char *cipher, int keysize, char *input); + diff --git a/security/nss/cmd/cipher/ciphertests.c b/security/nss/cmd/cipher/ciphertests.c index 87f9fe037..3c408da35 100644 --- a/security/nss/cmd/cipher/ciphertests.c +++ b/security/nss/cmd/cipher/ciphertests.c @@ -1,119 +1,431 @@ +/* + * The contents of this file are subject to the Mozilla Public + * License Version 1.1 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS + * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + * implied. See the License for the specific language governing + * rights and limitations under the License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is Netscape + * Communications Corporation. Portions created by Netscape are + * Copyright (C) 1994-2000 Netscape Communications Corporation. All + * Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the + * terms of the GNU General Public License Version 2 or later (the + * "GPL"), in which case the provisions of the GPL are applicable + * instead of those above. If you wish to allow use of your + * version of this file only under the terms of the GPL and not to + * allow others to use your version of this file under the MPL, + * indicate your decision by deleting the provisions above and + * replace them with the notice and other provisions required by + * the GPL. If you do not delete the provisions above, a recipient + * may use your version of this file under either the MPL or the + * GPL. + */ #include <string.h> +#include "nsspki1.h" #include "cipher.h" +#define WRAPKEY_PW "asdf" +#define UNWRAPPING_KEY_FILE "wrapkey.txt" +#define WRAPPING_CERT_FILE "wrapcert.txt" +#define SYMKEY_TEST_FILE "symtests.txt" + PRStatus -Test1() +EncryptionTest(NSSSymmetricKey *symKey, + NSSAlgorithmAndParameters *cipher, + NSSItem *plaintext, + NSSItem *ciphertext) { + NSSItem *encryptedData, *decryptedData; + NSSCryptoContext *cc; + + /* Create a crypto context for encryption with the symkey */ + cc = NSSSymmetricKey_CreateCryptoContext(symKey, cipher, NULL); + if (!cc) { + CMD_PrintError("Failed to create crypto context"); + return PR_FAILURE; + } + + /* Encrypt with the key and alg/param */ + encryptedData = NSSCryptoContext_Encrypt(cc, NULL, plaintext, + NULL, NULL, NULL); + if (!encryptedData || !NSSItem_Equal(encryptedData, ciphertext, NULL)) + { + NSSItem_Destroy(encryptedData); + NSSCryptoContext_Destroy(cc); + CMD_PrintError("Encryption failed"); + return PR_FAILURE; + } + NSSItem_Destroy(encryptedData); + + /* repeat using symkey directly */ + encryptedData = NSSSymmetricKey_Encrypt(symKey, cipher, + plaintext, + NULL, NULL, NULL); + if (!encryptedData || !NSSItem_Equal(encryptedData, ciphertext, NULL)) + { + NSSItem_Destroy(encryptedData); + NSSCryptoContext_Destroy(cc); + CMD_PrintError("Encryption failed"); + return PR_FAILURE; + } + NSSItem_Destroy(encryptedData); + + /* Decrypt with the key and alg/param */ + decryptedData = NSSCryptoContext_Decrypt(cc, NULL, ciphertext, + NULL, NULL, NULL); + if (!decryptedData || !NSSItem_Equal(decryptedData, plaintext, NULL)) + { + NSSItem_Destroy(decryptedData); + NSSCryptoContext_Destroy(cc); + CMD_PrintError("Decryption failed"); + return PR_FAILURE; + } + NSSItem_Destroy(decryptedData); + + /* repeat using symkey directly */ + decryptedData = NSSSymmetricKey_Decrypt(symKey, cipher, + ciphertext, + NULL, NULL, NULL); + if (!decryptedData || !NSSItem_Equal(decryptedData, plaintext, NULL)) + { + NSSItem_Destroy(decryptedData); + CMD_PrintError("Decryption failed"); + return PR_FAILURE; + } + NSSItem_Destroy(decryptedData); + + NSSCryptoContext_Destroy(cc); + return PR_SUCCESS; +} + +enum { + cipherAlgID = 0, + cipherKey, + cipherPlaintext, + cipherCiphertext +}; + +static const char *cipherArgs[] = { + "ALGID", + "KEY", + "PTXT", + "CTXT" +}; + +static int numCipherArgs = sizeof(cipherArgs) / sizeof(cipherArgs[0]); + +static NSSSymmetricKey * +unwrap_symkey(NSSVolatileDomain *vd, NSSPrivateKey *unwrapKey, + NSSAlgorithmAndParameters *wrapAP, + const NSSOID *keyAlg, char *value) +{ + NSSSymmetricKey *symKey = NULL; + NSSItem *wrappedKey; + wrappedKey = CMD_ConvertHex(value, strlen(value), NULL); + if (wrappedKey) { + symKey = NSSVolatileDomain_UnwrapSymmetricKey(vd, wrapAP, + unwrapKey, + wrappedKey, + keyAlg, + NULL, 0, 0); + NSSItem_Destroy(wrappedKey); + } + return symKey; +} + +PRStatus +SymmetricCipherTests(CMDRunTimeData *rtData, + NSSVolatileDomain *vd, + NSSPrivateKey *unwrapKey, + NSSAlgorithmAndParameters *wrapAP) +{ + int arg; + char *value; PRStatus status; - char *message = "Test Message 1"; - char *iv = "abcdefgh"; - NSSPrivateKey *privateKey = NULL; - NSSPublicKey *publicKey = NULL; + NSSArena *arena; NSSSymmetricKey *symKey = NULL; - NSSItem data, *encryptedData, *decryptedData; + NSSAlgorithmAndParameters *ap = NULL; + NSSItem *plaintext = NULL; + NSSItem *ciphertext = NULL; + NSSItem *algID; + const NSSOID *alg; + CMDReadBuf buf; + + arena = NSSArena_Create(); + if (!arena) { + CMD_PrintError("memory"); + } + + buf.start = buf.finish = 0; + while ((arg = CMD_ReadArgValue(rtData, &buf, &value, + cipherArgs, numCipherArgs)) >= 0) + { + switch (arg) { + case cipherAlgID: + if (ap) { + NSSAlgorithmAndParameters_Destroy(ap); ap = NULL; + } + algID = CMD_ConvertHex(value, strlen(value), arena); + if (!algID) { + goto loser; + } + ap = NSSAlgorithmAndParameters_Decode(algID, arena); + NSSItem_Destroy(algID); + if (!ap) { + goto loser; + } + break; + case cipherKey: + if (symKey) { + NSSSymmetricKey_Destroy(symKey); symKey = NULL; + NSSArena_Destroy(arena); + plaintext = NULL; + ciphertext = NULL; + /* start a new test */ + arena = NSSArena_Create(); + if (!arena) { + CMD_PrintError("memory"); + goto loser; + } + } + alg = NSSAlgorithmAndParameters_GetAlgorithm(ap); + symKey = unwrap_symkey(vd, unwrapKey, wrapAP, alg, value); + if (!symKey) { + goto loser; + } + break; + case cipherPlaintext: + plaintext = CMD_ConvertHex(value, strlen(value), arena); + if (!plaintext) { + goto loser; + } + break; + case cipherCiphertext: + ciphertext = CMD_ConvertHex(value, strlen(value), arena); + if (!ciphertext) { + goto loser; + } + status = EncryptionTest(symKey, ap, plaintext, ciphertext); + if (status == PR_SUCCESS) { + PR_fprintf(PR_STDOUT, "test successful\n"); + } else { + PR_fprintf(PR_STDOUT, "test failed\n"); + } + break; + default: + goto loser; + } + } + + NSSArena_Destroy(arena); + return PR_SUCCESS; +loser: + NSSArena_Destroy(arena); + return PR_FAILURE; +} + +static NSSToken * +GetInternalCryptoToken() +{ +/* NSSTrustDomain *td = NSS_GetDefaultTrustDomain(); - NSSCryptoContext *cc; - NSSToken *softoken = GetSoftwareToken(); - NSSAlgorithmAndParameters *desEncrypt; - NSSAlgorithmAndParameters *rsaKeyGen; - const NSSAlgorithmAndParameters *desKeyGen = - NSSAlgorithmAndParameters_DESKeyGen; + return NSSTrustDomain_FindTokenByName(td, "NSS Generic Crypto Services"); +*/ + return GetSoftwareToken(); +} + +PRStatus +SelfTest() +{ + PRStatus status; + NSSVolatileDomain *vd; + NSSTrustDomain *td = NSS_GetDefaultTrustDomain(); + NSSToken *token = GetInternalCryptoToken(); + CMDRunTimeData rtData; + NSSPrivateKey *unwrapKey; + NSSOID *alg; + NSSAlgorithmAndParameters *wrapAP; + NSSOID *anRSAkey = NSSOID_CreateFromTag(NSS_OID_PKCS1_RSA_ENCRYPTION); + NSSItem *encodedKey; + + status = CMD_SetRunTimeData(UNWRAPPING_KEY_FILE, NULL, "ascii", + NULL, "binary", &rtData); + if (status == PR_FAILURE) { + return PR_FAILURE; + } + encodedKey = CMD_GetInput(&rtData); + CMD_FinishRunTimeData(&rtData); + if (!encodedKey) { + PR_fprintf(PR_STDERR, "failed to extract encoded key\n"); + return PR_FAILURE; + } + + /* create a volatile domain for the temp objects */ + vd = NSSTrustDomain_CreateVolatileDomain(td, NULL); + if (!vd) { + CMD_PrintError("failed to create volatile domain"); + return PR_FAILURE; + } + + /* decode the key in the volatile domain */ + unwrapKey = NSSVolatileDomain_ImportEncodedPrivateKey(vd, encodedKey, + anRSAkey, 0, 0, + NULL, + CMD_PWCallbackForKeyEncoding(WRAPKEY_PW), + token /*, NULL*/); + NSSItem_Destroy(encodedKey); + if (!unwrapKey) { + NSSVolatileDomain_Destroy(vd); + CMD_PrintError("failed to import unwrapping key"); + return PR_FAILURE; + } + + status = CMD_SetRunTimeData(SYMKEY_TEST_FILE, NULL, "binary", + NULL, "binary", &rtData); + if (status == PR_FAILURE) { + NSSPrivateKey_Destroy(unwrapKey); + return PR_FAILURE; + } + + alg = NSSOID_CreateFromTag(NSS_OID_PKCS1_RSA_ENCRYPTION); + wrapAP = NSSOID_CreateAlgorithmAndParameters(alg, NULL, NULL); + if (!wrapAP) { + NSSPrivateKey_Destroy(unwrapKey); + CMD_PrintError("failed to create alg/param for unwrap"); + return PR_FAILURE; + } + + status = SymmetricCipherTests(&rtData, vd, unwrapKey, wrapAP); + return status; +} + +PRStatus +CreateASelfTest(char *cipher, int keysize, char *input) +{ + PRStatus status; + NSSVolatileDomain *vd; + NSSTrustDomain *td = NSS_GetDefaultTrustDomain(); + CMDRunTimeData rtData; + NSSOID *alg; + NSSAlgorithmAndParameters *ap, *wrapAP; + NSSSymmetricKey *symKey; + NSSItem *wrappedKey, *algID, plaintext, *ciphertext; + NSSToken *token = GetInternalCryptoToken(); NSSParameters params; + NSSCertificate *wrapCert; + NSSItem *encodedCert; + + plaintext.data = input; plaintext.size = strlen(input); - /* 0a. Set up parameters for DES encryption */ - params.des.iv.data = iv; - params.des.iv.size = strlen(iv); - desEncrypt = NSSAlgorithmAndParameters_Create(NULL, - NSSAlgorithmType_DES, - ¶ms); - if (!desEncrypt) { - fprintf(stderr, "Failed to create algorithm and parameters.\n"); + status = CMD_SetRunTimeData(WRAPPING_CERT_FILE, NULL, "ascii", + NULL, "binary", &rtData); + if (status == PR_FAILURE) { + return PR_FAILURE; + } + encodedCert = CMD_GetInput(&rtData); + CMD_FinishRunTimeData(&rtData); + if (!encodedCert) { + PR_fprintf(PR_STDERR, "failed to extract encoded cert\n"); return PR_FAILURE; } - /* 0b. Set up parameters for RSA keygen */ - params.rsakg.modulusBits = 1024; - params.rsakg.publicExponent = 65537; - rsaKeyGen = NSSAlgorithmAndParameters_CreateKeyGen(NULL, - NSSAlgorithmType_RSA, - ¶ms); - if (!rsaKeyGen) { - fprintf(stderr, "Failed to create algorithm and parameters.\n"); + /* create a volatile domain for the temp objects */ + vd = NSSTrustDomain_CreateVolatileDomain(td, NULL); + if (!vd) { + CMD_PrintError("failed to create volatile domain"); return PR_FAILURE; } - /* 1. Generate an RSA key pair in the default trust domain */ - status = NSSTrustDomain_GenerateKeyPair(td, rsaKeyGen, - &publicKey, &privateKey, - "Test1 Key Pair", 0, 0, - softoken, NULL); - if (status == PR_SUCCESS) { - printf("Generated RSA key pair in trust domain.\n"); - } else { - fprintf(stderr, "Failed to generate key pair.\n"); + /* import the cert into the volatile domain */ + wrapCert = NSSVolatileDomain_ImportEncodedCertificate(vd, + encodedCert, + NULL); + NSSItem_Destroy(encodedCert); + if (!wrapCert) { + NSSVolatileDomain_Destroy(vd); + CMD_PrintError("failed to import wrapping cert"); return PR_FAILURE; } - /* 2. Create a crypto context for DES encryption */ - cc = NSSTrustDomain_CreateCryptoContext(td, desEncrypt, NULL); - if (cc) { - printf("Created crypto context for DES encryption.\n"); - } else { - fprintf(stderr, "Failed to create crypto context.\n"); + status = CMD_SetRunTimeData(NULL, NULL, "binary", + NULL, "binary", &rtData); + if (status == PR_FAILURE) { + NSSCertificate_Destroy(wrapCert); return PR_FAILURE; } - /* 3. Generate a DES key in the crypto context */ - symKey = NSSCryptoContext_GenerateSymmetricKey(cc, desKeyGen, 0, - softoken, NULL); - if (symKey) { - printf("Generated symmetric key in crypto context.\n"); - } else { - fprintf(stderr, "Failed to generate symmetric key.\n"); + alg = NSSOID_CreateFromTag(NSS_OID_PKCS1_RSA_ENCRYPTION); + wrapAP = NSSOID_CreateAlgorithmAndParameters(alg, NULL, NULL); + if (!wrapAP) { + NSSCertificate_Destroy(wrapCert); + CMD_PrintError("failed to create alg/param for unwrap"); return PR_FAILURE; } - /* 4. Encrypt with the DES key and iv */ - data.data = message; - data.size = strlen(message) + 1; - encryptedData = NSSCryptoContext_Encrypt(cc, NULL, &data, - NULL, NULL, NULL); - if (status == PR_SUCCESS) { - printf("Encrypted message.\n"); - } else { - fprintf(stderr, "Encryption failed.\n"); + alg = NSSOID_CreateFromTag(NSS_OID_DES_CBC); + + ap = NSSOID_CreateAlgorithmAndParametersForKeyGen(alg, NULL, NULL); + if (!ap) { + CMD_PrintError("failed to create alg/param for key gen"); return PR_FAILURE; } - /* 5. Decrypt same */ - decryptedData = NSSSymmetricKey_Decrypt(symKey, desEncrypt, - encryptedData, - NULL, NULL, NULL); - if (status == PR_SUCCESS) { - printf("Decrypted message.\n"); - } else { - fprintf(stderr, "Decryption failed.\n"); + symKey = NSSVolatileDomain_GenerateSymmetricKey(vd, ap, keysize, NULL, + 0, 0, token, NULL); + NSSAlgorithmAndParameters_Destroy(ap); + if (!symKey) { + CMD_PrintError("failed to generate symkey"); + return PR_FAILURE; + } + +#define DES_IV_SIZE 8 + NSSItem_Create(NULL, ¶ms.iv, DES_IV_SIZE, NULL); + if (NSS_GenerateRandom(DES_IV_SIZE, params.iv.data, NULL) == NULL) { + CMD_PrintError("failed to generate IV"); return PR_FAILURE; } - /* 6. Compare results */ - if (NSSItem_Equal(&data, decryptedData, NULL)) { - printf("Results matched.\n"); - } else { - fprintf(stderr, "Results did not match.\n"); + ap = NSSOID_CreateAlgorithmAndParameters(alg, ¶ms, NULL); + if (!ap) { + CMD_PrintError("failed to create alg/param for cipher"); + return PR_FAILURE; } - NSSItem_Destroy(encryptedData); - NSSItem_Destroy(decryptedData); - NSSAlgorithmAndParameters_Destroy(desEncrypt); - NSSAlgorithmAndParameters_Destroy(rsaKeyGen); - NSSSymmetricKey_Destroy(symKey); - NSSPublicKey_Destroy(publicKey); - NSSPrivateKey_Destroy(privateKey); - NSSCryptoContext_Destroy(cc); + ciphertext = NSSSymmetricKey_Encrypt(symKey, ap, &plaintext, + NULL, NULL, NULL); + if (!ciphertext) { + CMD_PrintError("failed to create alg/param for cipher"); + return PR_FAILURE; + } - return status; + wrappedKey = NSSCertificate_WrapSymmetricKey(wrapCert, wrapAP, + symKey, + NSSTime_Now(), NULL, NULL, + NULL, NULL, NULL); + + algID = NSSAlgorithmAndParameters_Encode(ap, NULL, NULL); + + CMD_WriteArgValue(&rtData, cipherArgs[cipherAlgID], + algID, CMDFileMode_Hex); + CMD_WriteArgValue(&rtData, cipherArgs[cipherKey], + wrappedKey, CMDFileMode_Hex); + CMD_WriteArgValue(&rtData, cipherArgs[cipherPlaintext], + &plaintext, CMDFileMode_Hex); + CMD_WriteArgValue(&rtData, cipherArgs[cipherCiphertext], + ciphertext, CMDFileMode_Hex); + + return PR_SUCCESS; } diff --git a/security/nss/cmd/cipher/cipherutil.c b/security/nss/cmd/cipher/cipherutil.c index ea6530a3d..2934b343e 100644 --- a/security/nss/cmd/cipher/cipherutil.c +++ b/security/nss/cmd/cipher/cipherutil.c @@ -1,6 +1,39 @@ +/* + * The contents of this file are subject to the Mozilla Public + * License Version 1.1 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS + * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + * implied. See the License for the specific language governing + * rights and limitations under the License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is Netscape + * Communications Corporation. Portions created by Netscape are + * Copyright (C) 1994-2000 Netscape Communications Corporation. All + * Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the + * terms of the GNU General Public License Version 2 or later (the + * "GPL"), in which case the provisions of the GPL are applicable + * instead of those above. If you wish to allow use of your + * version of this file only under the terms of the GPL and not to + * allow others to use your version of this file under the MPL, + * indicate your decision by deleting the provisions above and + * replace them with the notice and other provisions required by + * the GPL. If you do not delete the provisions above, a recipient + * may use your version of this file under either the MPL or the + * GPL. + */ #include <string.h> +#include "nsspki1.h" #include "cipher.h" NSSToken * @@ -10,21 +43,23 @@ GetSoftwareToken() return NSSTrustDomain_FindTokenByName(td, SOFTOKEN_NAME); } -static const NSSAlgorithmAndParameters * -get_hash_algorithm(char *cipher) +NSSAlgorithmAndParameters * +GetHashAP(char *cipher) { + NSSOID *alg; if (strcmp(cipher, "sha") == 0 || strcmp(cipher, "sha1") == 0 || strcmp(cipher, "sha-1") == 0) { - return NSSAlgorithmAndParameters_SHA1; + alg = NSSOID_CreateFromTag(NSS_OID_SHA1); } else if (strcmp(cipher, "md5") == 0) { - return NSSAlgorithmAndParameters_MD5; + alg = NSSOID_CreateFromTag(NSS_OID_MD5); } else if (strcmp(cipher, "md2") == 0) { - return NSSAlgorithmAndParameters_MD2; + alg = NSSOID_CreateFromTag(NSS_OID_MD2); } else { fprintf(stderr, "Unknown hashing algorithm \"%s\"\n", cipher); return NULL; } + return NSSOID_CreateAlgorithmAndParameters(alg, NULL, NULL); } PRStatus @@ -36,13 +71,13 @@ Hash ) { NSSItem *input, *output; - const NSSAlgorithmAndParameters *hasher; + NSSAlgorithmAndParameters *hasher; input = CMD_GetInput(rtData); if (!input) { return PR_FAILURE; } - hasher = get_hash_algorithm(cipher); + hasher = GetHashAP(cipher); if (!hasher) { NSSItem_Destroy(input); return PR_FAILURE; @@ -56,26 +91,31 @@ Hash CMD_DumpOutput(output, rtData); NSSItem_Destroy(input); NSSItem_Destroy(output); + NSSAlgorithmAndParameters_Destroy(hasher); return PR_SUCCESS; } -static const NSSAlgorithmAndParameters * -get_symmetric_keygen_algorithm(char *cipher) +NSSAlgorithmAndParameters * +GetSymKeyGenAP(char *cipher) { + NSSOID *alg; if (strcmp(cipher, "des") == 0) { - return NSSAlgorithmAndParameters_DESKeyGen; + alg = NSSOID_CreateFromTag(NSS_OID_DES_ECB); } else if (strcmp(cipher, "des3") == 0) { - return NSSAlgorithmAndParameters_3DESKeyGen; + alg = NSSOID_CreateFromTag(NSS_OID_DES_EDE3_CBC); /* XXX cbc? */ } else if (strcmp(cipher, "rc2") == 0) { - return NSSAlgorithmAndParameters_RC2KeyGen; + alg = NSSOID_CreateFromTag(NSS_OID_RC2_CBC); /* XXX cbc? */ } else if (strcmp(cipher, "rc4") == 0) { - return NSSAlgorithmAndParameters_RC4KeyGen; + alg = NSSOID_CreateFromTag(NSS_OID_RC4); +#if 0 } else if (strcmp(cipher, "rc5") == 0) { - return NSSAlgorithmAndParameters_RC5KeyGen; + alg = ; +#endif } else { fprintf(stderr, "Unknown symmetric key algorithm \"%s\"\n", cipher); - return (const NSSAlgorithmAndParameters *)NULL; + return NULL; } + return NSSOID_CreateAlgorithmAndParametersForKeyGen(alg, NULL, NULL); } NSSSymmetricKey * @@ -89,11 +129,10 @@ GenerateSymmetricKey char *name ) { - NSSItem *input, *output; - const NSSAlgorithmAndParameters *keygen; + NSSAlgorithmAndParameters *keygen; NSSSymmetricKey *skey; - keygen = get_symmetric_keygen_algorithm(cipher); + keygen = GetSymKeyGenAP(cipher); if (!keygen) { return NULL; } @@ -101,17 +140,19 @@ GenerateSymmetricKey skey = NSSTrustDomain_GenerateSymmetricKey(td, keygen, length, token, NULL); + NSSAlgorithmAndParameters_Destroy(keygen); + return skey; } -static NSSAlgorithmAndParameters * -get_symmetric_key_ap(char *cipher, char *iv) +NSSAlgorithmAndParameters * +GetSymCipherAP(char *cipher, char *iv) { char *paramStr; NSSItem cbcIV = { 0 }; NSSParameters params; NSSParameters *pParams = NULL; - NSSAlgorithmType algType = NSSAlgorithmType_NULL; + NSSOID *alg; memset(¶ms, 0, sizeof(params)); @@ -124,25 +165,27 @@ get_symmetric_key_ap(char *cipher, char *iv) cbcIV.size = strlen(iv); } if (strcmp(cipher, "des") == 0) { - algType = NSSAlgorithmType_DES; - if (iv || paramStr) { - if (strcmp(paramStr, "pkcs")) { - params.des.pkcsPad = PR_TRUE; - } else { - fprintf(stderr, "DES parameters \"%s\" invalid.\n", paramStr); - } + if (iv) { + alg = NSSOID_CreateFromTag(NSS_OID_DES_CBC); params.des.iv = cbcIV; pParams = ¶ms; + } else { + alg = NSSOID_CreateFromTag(NSS_OID_DES_ECB); } } else if (strcmp(cipher, "des3") == 0) { + return NULL; } else if (strcmp(cipher, "aes") == 0) { + return NULL; } else if (strcmp(cipher, "rc2") == 0) { + return NULL; } else if (strcmp(cipher, "rc4") == 0) { + return NULL; } else if (strcmp(cipher, "rc5") == 0) { + return NULL; } else { fprintf(stderr, "algorithm type \"%s\" unknown.\n", cipher); } - return NSSAlgorithmAndParameters_Create(NULL, algType, pParams); + return NSSOID_CreateAlgorithmAndParameters(alg, pParams, NULL); } PRStatus @@ -162,7 +205,7 @@ Encrypt if (!input) { return PR_FAILURE; } - cryptor = get_symmetric_key_ap(cipher, iv); + cryptor = GetSymCipherAP(cipher, iv); if (!cryptor) { NSSItem_Destroy(input); return PR_FAILURE; @@ -179,12 +222,13 @@ Encrypt return PR_SUCCESS; } -static NSSAlgorithmAndParameters * -get_keypair_gen_algorithm(char *cipher) +NSSAlgorithmAndParameters * +GetKeyPairGenAP(char *cipher) { + PRStatus status; char *paramStr, *param; NSSParameters params; - NSSAlgorithmType algType = NSSAlgorithmType_NULL; + NSSOID *alg; memset(¶ms, 0, sizeof(params)); @@ -193,7 +237,8 @@ get_keypair_gen_algorithm(char *cipher) *paramStr++ = '\0'; } if (strcmp(cipher, "rsa") == 0) { - algType = NSSAlgorithmType_RSA; + int pe; + alg = NSSOID_CreateFromTag(NSS_OID_PKCS1_RSA_ENCRYPTION); if (paramStr) { param = paramStr; paramStr = strchr(paramStr, '-'); @@ -204,13 +249,13 @@ get_keypair_gen_algorithm(char *cipher) } else { params.rsakg.modulusBits = 1024; } - if (paramStr) { - params.rsakg.publicExponent = atoi(paramStr); - } else { - params.rsakg.publicExponent = 65537; + pe = paramStr ? atoi(paramStr) : 65537; + status = CMD_SetRSAPE(¶ms.rsakg.publicExponent, pe); + if (status == PR_FAILURE) { + return NULL; } } else if (strcmp(cipher, "dsa") == 0) { - algType = NSSAlgorithmType_DSA; + alg = NSSOID_CreateFromTag(NSS_OID_ANSIX9_DSA_SIGNATURE); if (paramStr) { param = paramStr; paramStr = strchr(paramStr, '-'); @@ -223,7 +268,7 @@ get_keypair_gen_algorithm(char *cipher) } /* XXX pqg from file */ } else if (strcmp(cipher, "dh") == 0) { - algType = NSSAlgorithmType_DH; + alg = NSSOID_CreateFromTag(NSS_OID_X942_DIFFIE_HELLMAN_KEY); if (paramStr) { param = paramStr; paramStr = strchr(paramStr, '-'); @@ -249,7 +294,7 @@ get_keypair_gen_algorithm(char *cipher) fprintf(stderr, "Unknown keypair type\"%s\"\n", cipher); return (NSSAlgorithmAndParameters *)NULL; } - return NSSAlgorithmAndParameters_CreateKeyGen(NULL, algType, ¶ms); + return NSSOID_CreateAlgorithmAndParametersForKeyGen(alg, ¶ms, NULL); } PRStatus @@ -267,14 +312,15 @@ GenerateKeyPair PRStatus status; const NSSAlgorithmAndParameters *keygen; - keygen = get_keypair_gen_algorithm(cipher); + keygen = GetKeyPairGenAP(cipher); if (!keygen) { return PR_FAILURE; } status = NSSTrustDomain_GenerateKeyPair(td, keygen, publicKey, privateKey, - PR_TRUE, token, NULL); + name, 0, 0, + token, NULL); return status; } diff --git a/security/nss/cmd/cipher/manifest.mn b/security/nss/cmd/cipher/manifest.mn index 480ecb11b..85b91a213 100644 --- a/security/nss/cmd/cipher/manifest.mn +++ b/security/nss/cmd/cipher/manifest.mn @@ -34,7 +34,7 @@ CORE_DEPTH = ../../.. # MODULE public and private header directories are implicitly REQUIRED. -MODULE = security +MODULE = nss CSRCS = \ ciphertests.c \ @@ -44,6 +44,6 @@ CSRCS = \ # The MODULE is always implicitly required. # Listing it here in REQUIRES makes it appear twice in the cc command line. -REQUIRES = dbm seccmd +REQUIRES = nspr seccmd PROGRAM = cipher diff --git a/security/nss/cmd/cmdlib/cmdio.c b/security/nss/cmd/cmdlib/cmdio.c index efb0f3e26..88e1ac5d0 100644 --- a/security/nss/cmd/cmdlib/cmdio.c +++ b/security/nss/cmd/cmdlib/cmdio.c @@ -150,9 +150,10 @@ byte_from_str(unsigned char *byteval, unsigned char *str) } NSSItem * -CMD_ConvertHexData(char *stream, unsigned int streamLen, CMDFileMode *mode) +CMD_ConvertHexData(char *stream, unsigned int streamLen, + CMDFileMode *mode, NSSArena *arenaOpt) { - int kind; + int kind = -1; int guess_len, actual_len; unsigned char *output = NULL; PRStatus status; @@ -208,7 +209,7 @@ CMD_ConvertHexData(char *stream, unsigned int streamLen, CMDFileMode *mode) } } } - rvIt = NSSItem_Create(NULL, NULL, actual_len, output); + rvIt = NSSItem_Create(arenaOpt, NULL, actual_len, output); free(output); return rvIt; failure: @@ -223,6 +224,13 @@ failure: return NULL; } +NSSItem * +CMD_ConvertHex(char *stream, unsigned int streamLen, NSSArena *arenaOpt) +{ + CMDFileMode mode = CMDFileMode_Hex; + return CMD_ConvertHexData(stream, streamLen, &mode, arenaOpt); +} + unsigned char * CMD_ReadFile(PRFileDesc *file, int *flen) { @@ -251,7 +259,7 @@ CMD_GetDataFromBuffer(unsigned char *buffer, unsigned int bufLen, /* Convert the input to binary */ if (*mode == CMDFileMode_Hex) { /* from one of the hex flavors, mode may change */ - rvIt = CMD_ConvertHexData(buffer, bufLen, mode); + rvIt = CMD_ConvertHexData(buffer, bufLen, mode, NULL); } else if (*mode == CMDFileMode_Ascii) { /* from base-64 encoded */ rvIt = NSSBase64_DecodeBuffer(NULL, NULL, buffer, bufLen); @@ -329,3 +337,108 @@ CMD_DumpOutput(NSSItem *output, CMDRunTimeData *rtData) } } +int get_arg(char *str, const char **validArgs, int numValidArgs) +{ + int i; + for (i=0; i<numValidArgs; i++) { + if (strcmp(str, validArgs[i]) == 0) return i; + } + return -1; +} + +int +CMD_ReadArgValue(CMDRunTimeData *rtData, CMDReadBuf *readBuf, + char **value, const char **validArgs, int numValidArgs) +{ + int rv = -1; + char *val = NULL; + char *buf; + char *mark; + int nb, len = 0; + + while (PR_TRUE) { + if (readBuf->finish > readBuf->start) { + nb = readBuf->finish - readBuf->start; + } else { + nb = PR_Read(rtData->input.file, + readBuf->buf, sizeof readBuf->buf); + readBuf->start = 0; + readBuf->finish = nb; + } + buf = &readBuf->buf[readBuf->start]; + if (nb < 0) { + if (val) PR_Free(val); + return -1; + } else if (nb == 0) { + return rv; + } else if (*buf == '\n') { + /* skip leading newline, or exit on terminating newline */ + if (rv >= 0) { + return rv; + } else { + readBuf->start++; + continue; + } + } + if (rv < 0) { + mark = memchr(buf, '=', nb); + if (mark) { + *mark++ = '\0'; + rv = get_arg(buf, validArgs, numValidArgs); + } + if (rv < 0) + return rv; + readBuf->start += (strlen(buf) + 1); + nb -= (strlen(buf) + 1); + buf = mark; + } + mark = memchr(buf, '\n', nb); + if (mark) { + *mark = '\0'; + nb = strlen(buf) + 1; + } + if (val) { + val = PR_Realloc(val, len + nb); + } else { + val = PR_Malloc(nb); + } + memcpy(val + len, buf, nb); + len += nb; + readBuf->start += nb; + if (mark) { + break; + } + } + *value = val; + return rv; +} + +PRStatus +CMD_WriteArgValue(CMDRunTimeData *rtData, const char *arg, NSSItem *value, + CMDFileMode outMode) +{ + CMDFileMode mode = rtData->output.mode; + rtData->output.mode = outMode; + PR_fprintf(rtData->output.file, "%s=", arg); + CMD_DumpOutput(value, rtData); + PR_fprintf(rtData->output.file, "\n"); + rtData->output.mode = mode; + return PR_SUCCESS; +} + +/* XXX move this */ +PRStatus +CMD_SetRSAPE(NSSItem *peIt, PRUint32 pe) +{ + PRUint32 bepe; + peIt->data = nss_ZAlloc(NULL, sizeof(PRUint32)); /* XXX */ + if (!peIt->data) { + CMD_PrintError("memory"); + return PR_FAILURE; + } + bepe = PR_htonl(pe); + memcpy(peIt->data, &bepe, sizeof(PRUint32)); + peIt->size = sizeof(PRUint32); + return PR_SUCCESS; +} + diff --git a/security/nss/cmd/cmdlib/cmdutil.h b/security/nss/cmd/cmdlib/cmdutil.h index 66ead9c5e..99390117e 100644 --- a/security/nss/cmd/cmdlib/cmdutil.h +++ b/security/nss/cmd/cmdlib/cmdutil.h @@ -99,6 +99,24 @@ CMD_GetInput(CMDRunTimeData *rtData); void CMD_DumpOutput(NSSItem *output, CMDRunTimeData *rtData); +NSSItem * +CMD_ConvertHex(char *stream, unsigned int streamLen, NSSArena *arenaOpt); + +typedef struct +{ + PRUint8 buf[256]; + PRUint32 start, finish; +} +CMDReadBuf; + +int +CMD_ReadArgValue(CMDRunTimeData *rtData, CMDReadBuf *readBuf, + char **value, const char **validArgs, int numValidArgs); + +PRStatus +CMD_WriteArgValue(CMDRunTimeData *rtData, const char *arg, NSSItem *value, + CMDFileMode outMode); + /* * Command Line Parsing routines * @@ -201,4 +219,7 @@ CMD_PrintPKIXCertificate(CMDPrinter *printer, NSSPKIXCertificate *pkixCert, void CMD_PrintError(char *message, ...); +PRStatus +CMD_SetRSAPE(NSSItem *peIt, PRUint32 pe); + #endif /* _CMDUTIL_H_ */ diff --git a/security/nss/cmd/manifest.mn b/security/nss/cmd/manifest.mn index 05f30aa20..12cabcb09 100644 --- a/security/nss/cmd/manifest.mn +++ b/security/nss/cmd/manifest.mn @@ -38,6 +38,9 @@ REQUIRES = security nspr libdbm DIRS = \ cmdlib \ + atob \ + btoa \ + nssutil \ pkiutil \ $(NULL) diff --git a/security/nss/cmd/nssutil/modutil.c b/security/nss/cmd/nssutil/modutil.c index 3ade43c60..e7d9f0c57 100644 --- a/security/nss/cmd/nssutil/modutil.c +++ b/security/nss/cmd/nssutil/modutil.c @@ -82,7 +82,7 @@ DumpModuleInfo(char *moduleName, CMDRunTimeData *rtData) PR_fprintf(fData->file, "\n"); NSSModule_Destroy(module); - return PR_FAILURE; + return PR_SUCCESS; } #if 0 @@ -155,7 +155,7 @@ DumpSlotInfo(char *slotName, NSSTrustDomain *td, CMDRunTimeData *rtData) PR_fprintf(fData->file, "\n"); NSSSlot_Destroy(slot); - return PR_FAILURE; + return PR_SUCCESS; } PRStatus @@ -205,6 +205,6 @@ DumpTokenInfo(char *tokenName, NSSTrustDomain *td, CMDRunTimeData *rtData) PR_fprintf(fData->file, "\n"); NSSToken_Destroy(token); - return PR_FAILURE; + return PR_SUCCESS; } diff --git a/security/nss/cmd/nssutil/nssutil.c b/security/nss/cmd/nssutil/nssutil.c index 0b448d0b8..d8b4e682c 100644 --- a/security/nss/cmd/nssutil/nssutil.c +++ b/security/nss/cmd/nssutil/nssutil.c @@ -80,6 +80,7 @@ static cmdCommandLineArg nssutil_commands[] = CMDBIT(opt_Name), 0, 0, 0 }, + "Add a module to the profile" }, { /* cmd_DumpModule */ 0 , "dump-module", @@ -92,6 +93,7 @@ static cmdCommandLineArg nssutil_commands[] = CMDBIT(opt_ProfileDir), 0, 0, 0 }, + "Dump info about a module" }, { /* cmd_DumpSlot */ 0 , "dump-slot", @@ -104,8 +106,9 @@ static cmdCommandLineArg nssutil_commands[] = CMDBIT(opt_ProfileDir), 0, 0, 0 }, + "dumps" }, - { /* cmd_DumpSlot */ + { /* cmd_DumpToken */ 0 , "dump-token", CMDNoArg, 0, PR_FALSE, { @@ -116,6 +119,7 @@ static cmdCommandLineArg nssutil_commands[] = CMDBIT(opt_ProfileDir), 0, 0, 0 }, + "dumpt" }, { /* cmd_ListModules */ 'L', "list-modules", @@ -127,6 +131,7 @@ static cmdCommandLineArg nssutil_commands[] = CMDBIT(opt_ProfileDir), 0, 0, 0 }, + "List modules in the profile" }, { /* cmd_ListSlots */ 0 , "list-slots", @@ -138,12 +143,14 @@ static cmdCommandLineArg nssutil_commands[] = CMDBIT(opt_ProfileDir), 0, 0, 0 }, + "lists" }, { /* cmd_Version */ 0, "version", CMDNoArg, 0, PR_FALSE, { 0, 0, 0, 0 }, - { 0, 0, 0, 0 } + { 0, 0, 0, 0 }, + "Report version" } }; @@ -156,43 +163,17 @@ static cmdCommandLineOpt nssutil_options[] = { /* opt_Name */ 'n', "name", CMDArgReq, 0, PR_FALSE } }; -void nssutil_usage(cmdPrintState *ps, - int num, PRBool cmd, PRBool header, PRBool footer) +static char * nssutil_options_help[] = { -#define pusg CMD_PrintUsageString - if (header) { - pusg(ps, "utility for managing NSS profiles\n"); - } else if (footer) { - } else if (cmd) { - switch(num) { - case cmd_AddModule: - pusg(ps, "Add a module to the profile"); break; - case cmd_ListModules: - pusg(ps, "List modules in the profile"); break; - case cmd_DumpModule: - pusg(ps, "Dump info about a module"); break; - case cmd_Version: - pusg(ps, "Report version"); break; - default: - pusg(ps, "Unrecognized command"); break; - } - } else { - switch(num) { - case opt_ProfileDir: - pusg(ps, "Directory containing security databases (def: \".\")"); - break; - case opt_TokenName: - pusg(ps, "Name of PKCS#11 token to use (def: internal)"); break; - case opt_LibraryFile: - pusg(ps, "Path to library to load"); break; - case opt_Name: - pusg(ps, "Name of module/slot/token"); break; - case opt_Help: break; - default: - pusg(ps, "Unrecognized option"); - } - } -} + "get help for command", + "Directory containing security databases (def: \".\")", + "Name of PKCS#11 token to use (def: internal)", + "Path to library to load", + "Name of module/slot/token" +}; + +static char nssutil_description[] = +"utility for managing NSS config"; int main(int argc, char **argv) @@ -206,17 +187,37 @@ main(int argc, char **argv) nssutil.nopt = nssutil_num_options; nssutil.cmd = nssutil_commands; nssutil.opt = nssutil_options; + nssutil.optHelp = nssutil_options_help; + nssutil.description = nssutil_description; progName = strrchr(argv[0], '/'); + if (!progName) { + progName = strrchr(argv[0], '\\'); + } progName = progName ? progName+1 : argv[0]; cmdToRun = CMD_ParseCommandLine(argc, argv, progName, &nssutil); +#if 0 + { int i, nc; + for (i=0; i<nssutil.ncmd; i++) + printf("%s: %s <%s>\n", nssutil.cmd[i].s, + (nssutil.cmd[i].on) ? "on" : "off", + nssutil.cmd[i].arg); + for (i=0; i<nssutil.nopt; i++) + printf("%s: %s <%s>\n", nssutil.opt[i].s, + (nssutil.opt[i].on) ? "on" : "off", + nssutil.opt[i].arg); + } +#endif + if (nssutil.opt[opt_Help].on) - CMD_LongUsage(progName, &nssutil, nssutil_usage); + CMD_LongUsage(progName, &nssutil); - if (cmdToRun < 0) + if (cmdToRun < 0) { CMD_Usage(progName, &nssutil); + exit(1); + } /* -d */ if (nssutil.opt[opt_ProfileDir].on) { diff --git a/security/nss/cmd/pkiutil/pkiobject.c b/security/nss/cmd/pkiutil/pkiobject.c index d3d8be315..6f2841f41 100644 --- a/security/nss/cmd/pkiutil/pkiobject.c +++ b/security/nss/cmd/pkiutil/pkiobject.c @@ -1,3 +1,35 @@ +/* + * The contents of this file are subject to the Mozilla Public + * License Version 1.1 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS + * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + * implied. See the License for the specific language governing + * rights and limitations under the License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is Netscape + * Communications Corporation. Portions created by Netscape are + * Copyright (C) 1994-2000 Netscape Communications Corporation. All + * Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the + * terms of the GNU General Public License Version 2 or later (the + * "GPL"), in which case the provisions of the GPL are applicable + * instead of those above. If you wish to allow use of your + * version of this file only under the terms of the GPL and not to + * allow others to use your version of this file under the MPL, + * indicate your decision by deleting the provisions above and + * replace them with the notice and other provisions required by + * the GPL. If you do not delete the provisions above, a recipient + * may use your version of this file under either the MPL or the + * GPL. + */ #include <string.h> #include "nss.h" @@ -53,6 +85,22 @@ get_key_pair_type(char *type) } } +static NSSOID * +get_key_pair_alg(char *type) +{ + NSSKeyPairType kpType = get_key_pair_type(type); + switch (kpType) { + case NSSKeyPairType_RSA: + return NSSOID_CreateFromTag(NSS_OID_PKCS1_RSA_ENCRYPTION); + case NSSKeyPairType_DSA: + return NSSOID_CreateFromTag(NSS_OID_ANSIX9_DSA_SIGNATURE); + case NSSKeyPairType_DH: + return NSSOID_CreateFromTag(NSS_OID_X942_DIFFIE_HELLMAN_KEY); + default: + return NULL; + } +} + /* XXX */ static NSSItem * get_cert_serial_number(NSSCertificate *c) @@ -619,25 +667,25 @@ import_private_key PRStatus status; NSSItem *encoding; NSSPrivateKey *vkey; - NSSKeyPairType keyPairType; + NSSOID *keyPairAlg; if (keyTypeOpt) { - keyPairType = get_key_pair_type(keyTypeOpt); - if (keyPairType == NSSKeyPairType_Unknown) { + keyPairAlg = get_key_pair_alg(keyTypeOpt); + if (!keyPairAlg) { PR_fprintf(PR_STDERR, "%s is not a valid key type.\n", keyTypeOpt); return PR_FAILURE; } } else { /* default to RSA */ - keyPairType = NSSKeyPairType_RSA; + keyPairAlg = NSSOID_CreateFromTag(NSS_OID_PKCS1_RSA_ENCRYPTION); } /* get the encoded key from the input source */ encoding = CMD_GetInput(rtData); /* import into trust domain */ vkey = NSSTrustDomain_ImportEncodedPrivateKey(td, encoding, - keyPairType, 0, 0, + keyPairAlg, 0, 0, NULL, CMD_PWCallbackForKeyEncoding(keypass), token/*, nickname */); @@ -883,7 +931,6 @@ get_rsa_key_gen_params(PRUint32 keySizeInBits, PRUint32 pubExp) { NSSOID *kpAlg; NSSParameters params; - PRUint32 bepe; kpAlg = NSSOID_CreateFromTag(NSS_OID_PKCS1_RSA_ENCRYPTION); if (!kpAlg) { @@ -892,15 +939,8 @@ get_rsa_key_gen_params(PRUint32 keySizeInBits, PRUint32 pubExp) } params.rsakg.modulusBits = keySizeInBits; - - params.rsakg.publicExponent.data = nss_ZAlloc(NULL, sizeof(pubExp)); /* XXX */ - if (!params.rsakg.publicExponent.data) { - CMD_PrintError("memory"); + if (CMD_SetRSAPE(¶ms.rsakg.publicExponent, pubExp) == PR_FAILURE) return NULL; - } - bepe = PR_htonl(pubExp); - memcpy(params.rsakg.publicExponent.data, &bepe, sizeof(pubExp)); - params.rsakg.publicExponent.size = sizeof(pubExp); return NSSOID_CreateAlgorithmAndParametersForKeyGen(kpAlg, ¶ms, NULL); |