diff options
Diffstat (limited to 'security/nss/lib/softoken/pkcs11c.c')
-rw-r--r-- | security/nss/lib/softoken/pkcs11c.c | 96 |
1 files changed, 73 insertions, 23 deletions
diff --git a/security/nss/lib/softoken/pkcs11c.c b/security/nss/lib/softoken/pkcs11c.c index 8979b6dac..46c554617 100644 --- a/security/nss/lib/softoken/pkcs11c.c +++ b/security/nss/lib/softoken/pkcs11c.c @@ -1999,32 +1999,34 @@ pk11_HashSign(PK11HashSignInfo *info,unsigned char *sig,unsigned int *sigLen, } static SECStatus -nsc_DSA_Verify_Stub(void *ctx, CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen, - CK_BYTE_PTR pData, CK_ULONG ulDataLen) +nsc_DSA_Verify_Stub(void *ctx, void *sigBuf, unsigned int sigLen, + void *dataBuf, unsigned int dataLen) { SECItem signature, digest; + SECKEYLowPublicKey *key = (SECKEYLowPublicKey *)ctx; - signature.data = pSignature; - signature.len = ulSignatureLen; - digest.data = pData; - digest.len = ulDataLen; - return DSA_VerifyDigest((DSAPublicKey *)ctx, &signature, &digest); + signature.data = (unsigned char *)sigBuf; + signature.len = sigLen; + digest.data = (unsigned char *)dataBuf; + digest.len = dataLen; + return DSA_VerifyDigest(&(key->u.dsa), &signature, &digest); } static SECStatus -nsc_DSA_Sign_Stub(void *ctx, CK_BYTE_PTR pSignature, - CK_ULONG_PTR ulSignatureLen, CK_ULONG maxulSignatureLen, - CK_BYTE_PTR pData, CK_ULONG ulDataLen) +nsc_DSA_Sign_Stub(void *ctx, void *sigBuf, + unsigned int *sigLen, unsigned int maxSigLen, + void *dataBuf, unsigned int dataLen) { SECItem signature = { 0 }, digest; SECStatus rv; - - (void)SECITEM_AllocItem(NULL, &signature, maxulSignatureLen); - digest.data = pData; - digest.len = ulDataLen; - rv = DSA_SignDigest((DSAPrivateKey *)ctx, &signature, &digest); - *ulSignatureLen = signature.len; - PORT_Memcpy(pSignature, signature.data, signature.len); + SECKEYLowPrivateKey *key = (SECKEYLowPrivateKey *)ctx; + + (void)SECITEM_AllocItem(NULL, &signature, maxSigLen); + digest.data = (unsigned char *)dataBuf; + digest.len = dataLen; + rv = DSA_SignDigest(&(key->u.dsa), &signature, &digest); + *sigLen = signature.len; + PORT_Memcpy(sigBuf, signature.data, signature.len); SECITEM_FreeItem(&signature, PR_FALSE); return rv; } @@ -2171,11 +2173,11 @@ finish_rsa: crv = CKR_HOST_MEMORY; break; } - context->cipherInfo = &(privKey->u.dsa); + context->cipherInfo = privKey; context->update = (PK11Cipher) nsc_DSA_Sign_Stub; - context->destroy = pk11_Null; + context->destroy = (privKey == key->objectInfo) ? + (PK11Destroy) pk11_Null:(PK11Destroy)pk11_FreePrivKey; - if (key->objectInfo != privKey) SECKEY_LowDestroyPrivateKey(privKey); break; case CKM_MD2_HMAC_GENERAL: crv = pk11_doHMACInit(context,SEC_OID_MD2,key, @@ -2577,7 +2579,7 @@ finish_rsa: crv = CKR_HOST_MEMORY; break; } - context->cipherInfo = &(pubKey->u.dsa); + context->cipherInfo = pubKey; context->verify = (PK11Verify) nsc_DSA_Verify_Stub; context->destroy = pk11_Null; break; @@ -2830,6 +2832,40 @@ CK_RV NSC_GenerateRandom(CK_SESSION_HANDLE hSession, **************************** Key Functions: ************************ */ +CK_RV +pk11_pbe_hmac_key_gen(CK_MECHANISM_PTR pMechanism, char *buf, + unsigned long *len, PRBool faultyPBE3DES) +{ + PBEBitGenContext *pbeCx; + SECItem pwd, salt, *key; + SECOidTag hashAlg; + unsigned long keylenbits; + CK_PBE_PARAMS *pbe_params = NULL; + pbe_params = (CK_PBE_PARAMS *)pMechanism->pParameter; + pwd.data = (unsigned char *)pbe_params->pPassword; + pwd.len = (unsigned int)pbe_params->ulPasswordLen; + salt.data = (unsigned char *)pbe_params->pSalt; + salt.len = (unsigned int)pbe_params->ulSaltLen; + switch (pMechanism->mechanism) { + case CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN: + hashAlg = SEC_OID_SHA1; keylenbits = 160; break; + case CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN: + hashAlg = SEC_OID_MD5; keylenbits = 128; break; + case CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN: + hashAlg = SEC_OID_MD2; keylenbits = 128; break; + default: + return CKR_MECHANISM_INVALID; + } + pbeCx = PBE_CreateContext(hashAlg, pbeBitGenIntegrityKey, &pwd, + &salt, keylenbits, pbe_params->ulIteration); + key = PBE_GenerateBits(pbeCx); + PORT_Memcpy(buf, key->data, key->len); + *len = key->len; + PBE_DestroyContext(pbeCx); + SECITEM_ZfreeItem(key, PR_TRUE); + return CKR_OK; +} + /* * generate a password based encryption key. This code uses * PKCS5 to do the work. Note that it calls PBE_PK11ParamToAlgid, which is @@ -3032,14 +3068,14 @@ CK_RV NSC_GenerateKey(CK_SESSION_HANDLE hSession, PK11Session *session; PRBool checkWeak = PR_FALSE; CK_ULONG key_length = 0; - CK_KEY_TYPE key_type; + CK_KEY_TYPE key_type = -1; CK_OBJECT_CLASS objclass = CKO_SECRET_KEY; CK_RV crv = CKR_OK; CK_BBOOL cktrue = CK_TRUE; int i; PK11Slot *slot = pk11_SlotFromSessionHandle(hSession); char buf[MAX_KEY_LEN]; - enum {pk11_pbe, pk11_ssl, pk11_bulk} key_gen_type; + enum {pk11_pbe, pk11_pbe_hmac, pk11_ssl, pk11_bulk} key_gen_type; SECOidTag algtag = SEC_OID_UNKNOWN; SSL3RSAPreMasterSecret *rsa_pms; CK_VERSION *version; @@ -3104,6 +3140,12 @@ CK_RV NSC_GenerateKey(CK_SESSION_HANDLE hSession, break; case CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC: faultyPBE3DES = PR_TRUE; + case CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN: + case CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN: + case CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN: + key_gen_type = pk11_pbe_hmac; + key_type = CKK_GENERIC_SECRET; + break; case CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC: case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC: case CKM_NETSCAPE_PBE_SHA1_DES_CBC: @@ -3136,10 +3178,18 @@ CK_RV NSC_GenerateKey(CK_SESSION_HANDLE hSession, if (crv != CKR_OK) { pk11_FreeObject(key); return crv; } + /* if there was no error, + * key_type *MUST* be set in the switch statement above */ + PORT_Assert( key_type != -1 ); + /* * now to the actual key gen. */ switch (key_gen_type) { + case pk11_pbe_hmac: + crv = pk11_pbe_hmac_key_gen(pMechanism, buf, &key_length, + faultyPBE3DES); + break; case pk11_pbe: crv = pk11_pbe_key_gen(algtag, pMechanism, buf, &key_length, faultyPBE3DES); |