Implement new AES Key Wrap mechanisms. Bug 167818.

3 files changed, 36 insertions, 5 deletions

diff --git a/security/nss/lib/softoken/pkcs11.c b/security/nss/lib/softoken/pkcs11.c
index 90809a9c4..247d82943 100644
--- a/security/nss/lib/softoken/pkcs11.c
+++ b/security/nss/lib/softoken/pkcs11.c
@@ -406,6 +406,9 @@ static const struct mechanismList mechanisms[] = {
      {CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN,    {20,20, CKF_GENERATE}, PR_TRUE},
      {CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN,     {16,16, CKF_GENERATE}, PR_TRUE},
      {CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN,     {16,16, CKF_GENERATE}, PR_TRUE},
+     /* ------------------ AES Key Wrap (also encrypt)  ------------------- */
+     {CKM_NETSCAPE_AES_KEY_WRAP,	{16, 32, CKF_EN_DE_WR_UN},  PR_TRUE},
+     {CKM_NETSCAPE_AES_KEY_WRAP_PAD,	{16, 32, CKF_EN_DE_WR_UN},  PR_TRUE},
 };
 static const CK_ULONG mechanismCount = sizeof(mechanisms)/sizeof(mechanisms[0]);
 
diff --git a/security/nss/lib/softoken/pkcs11c.c b/security/nss/lib/softoken/pkcs11c.c
index a38eb35d9..294eb9cab 100644
--- a/security/nss/lib/softoken/pkcs11c.c
+++ b/security/nss/lib/softoken/pkcs11c.c
@@ -170,11 +170,6 @@ pk11_cdmf2des(unsigned char *cdmfkey, unsigned char *deskey)
 }
 
 
-static CK_RV
-pk11_CryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
-		 CK_OBJECT_HANDLE hKey, CK_ATTRIBUTE_TYPE etype,
-		 PK11ContextType contextType, PRBool isEncrypt);
-
 /* NSC_DestroyObject destroys an object. */
 CK_RV
 NSC_DestroyObject(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject)
@@ -651,8 +646,37 @@ finish_des:
 	}
 	context->update = (PK11Cipher) (isEncrypt ? AES_Encrypt : AES_Decrypt);
 	context->destroy = (PK11Destroy) AES_DestroyContext;
+	break;
 
+    case CKM_NETSCAPE_AES_KEY_WRAP_PAD:
+    	context->doPad = PR_TRUE;
+	/* fall thru */
+    case CKM_NETSCAPE_AES_KEY_WRAP:
+	context->multi = PR_FALSE;
+	context->blockSize = 8;
+	if (key_type != CKK_AES) {
+	    crv = CKR_KEY_TYPE_INCONSISTENT;
+	    break;
+	}
+	att = pk11_FindAttribute(key,CKA_VALUE);
+	if (att == NULL) {
+	    crv = CKR_KEY_HANDLE_INVALID;
+	    break;
+	}
+	context->cipherInfo = AESKeyWrap_CreateContext(
+	    (unsigned char*)att->attrib.pValue,
+	    (unsigned char*)pMechanism->pParameter,
+	    isEncrypt, att->attrib.ulValueLen);
+	pk11_FreeAttribute(att);
+	if (context->cipherInfo == NULL) {
+	    crv = CKR_HOST_MEMORY;
+	    break;
+	}
+	context->update = (PK11Cipher) (isEncrypt ? AESKeyWrap_Encrypt 
+	                                          : AESKeyWrap_Decrypt);
+	context->destroy = (PK11Destroy) AESKeyWrap_DestroyContext;
 	break;
+
     default:
 	crv = CKR_MECHANISM_INVALID;
 	break;
diff --git a/security/nss/lib/softoken/pkcs11n.h b/security/nss/lib/softoken/pkcs11n.h
index 82dcddd2a..4aaa8a8fb 100644
--- a/security/nss/lib/softoken/pkcs11n.h
+++ b/security/nss/lib/softoken/pkcs11n.h
@@ -146,6 +146,10 @@ static const char CKT_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
  *
  */
 #define CKM_NETSCAPE (CKM_VENDOR_DEFINED|NSSCK_VENDOR_NETSCAPE)
+
+#define CKM_NETSCAPE_AES_KEY_WRAP      (CKM_NETSCAPE + 1)
+#define CKM_NETSCAPE_AES_KEY_WRAP_PAD  (CKM_NETSCAPE + 2)
+
 /*
  * HISTORICAL:
  * Do not attempt to use these. They are only used by NETSCAPE's internal