diff options
Diffstat (limited to 'security/nss/lib/ssl/prelib.c')
-rw-r--r-- | security/nss/lib/ssl/prelib.c | 253 |
1 files changed, 0 insertions, 253 deletions
diff --git a/security/nss/lib/ssl/prelib.c b/security/nss/lib/ssl/prelib.c deleted file mode 100644 index b6ea428e2..000000000 --- a/security/nss/lib/ssl/prelib.c +++ /dev/null @@ -1,253 +0,0 @@ -/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil -*- */ - -/* - * Functions used by https servers to send (download) pre-encrypted files - * over SSL connections that use Fortezza ciphersuites. - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - * - * $Id$ - */ - -#include "cert.h" -#include "ssl.h" -#include "keyhi.h" -#include "secitem.h" -#include "sslimpl.h" -#include "pkcs11t.h" -#include "preenc.h" -#include "pk11func.h" - -static unsigned char fromHex(char x) { - if ((x >= '0') && (x <= '9')) return x-'0'; - if ((x >= 'a') && (x <= 'f')) return x-'a'+10; - return x-'A'+10; -} - -PEHeader *SSL_PreencryptedStreamToFile(PRFileDesc *fd, PEHeader *inHeader, - int *headerSize) -{ - PK11SymKey *key, *tek, *Ks; - sslSocket *ss; - PK11SlotInfo *slot; - CK_TOKEN_INFO info; - int oldHeaderSize; - PEHeader *header; - SECStatus rv; - SECItem item; - int i; - - if (fd == NULL) { - /* XXX set an error */ - return NULL; - } - - ss = ssl_FindSocket(fd); - if (ss == NULL) { - /* XXX set an error */ - return NULL; - } - - PORT_Assert(ss->ssl3 != NULL); - if (ss->ssl3 == NULL) { - return NULL; - } - - if (GetInt2(inHeader->magic) != PRE_MAGIC) { - return NULL; - } - - oldHeaderSize = GetInt2(inHeader->len); - header = (PEHeader *) PORT_ZAlloc(oldHeaderSize); - if (header == NULL) { - return NULL; - } - - switch (GetInt2(inHeader->type)) { - case PRE_FORTEZZA_FILE: - case PRE_FORTEZZA_GEN_STREAM: - case PRE_FIXED_FILE: - case PRE_RSA_FILE: - default: - *headerSize = oldHeaderSize; - PORT_Memcpy(header,inHeader,oldHeaderSize); - return header; - - case PRE_FORTEZZA_STREAM: - *headerSize = PE_BASE_HEADER_LEN + sizeof(PEFortezzaHeader); - PutInt2(header->magic,PRE_MAGIC); - PutInt2(header->len,*headerSize); - PutInt2(header->type, PRE_FORTEZZA_FILE); - PORT_Memcpy(header->version,inHeader->version,sizeof(header->version)); - PORT_Memcpy(header->u.fortezza.hash,inHeader->u.fortezza.hash, - sizeof(header->u.fortezza.hash)); - PORT_Memcpy(header->u.fortezza.iv,inHeader->u.fortezza.iv, - sizeof(header->u.fortezza.iv)); - - /* get the kea context from the session */ - tek = ss->ssl3->fortezza.tek; - if (tek == NULL) { - PORT_Free(header); - return NULL; - } - - - /* get the slot and the serial number */ - slot = PK11_GetSlotFromKey(tek); - if (slot == NULL) { - PORT_Free(header); - return NULL; - } - rv = PK11_GetTokenInfo(slot,&info); - if (rv != SECSuccess) { - PORT_Free(header); - PK11_FreeSlot(slot); - return NULL; - } - - /* Look up the Token Fixed Key */ - Ks = PK11_FindFixedKey(slot, CKM_SKIPJACK_WRAP, NULL, ss->pkcs11PinArg); - PK11_FreeSlot(slot); - if (Ks == NULL) { - PORT_Free(header); - return NULL; - } - - /* unwrap the key with the TEK */ - item.data = inHeader->u.fortezza.key; - item.len = sizeof(inHeader->u.fortezza.key); - key = PK11_UnwrapSymKey(tek,CKM_SKIPJACK_WRAP, - NULL, &item, CKM_SKIPJACK_CBC64, CKA_DECRYPT, 0); - if (key == NULL) { - PORT_Free(header); - PK11_FreeSymKey(Ks); - return NULL; - } - - /* rewrap with the local Ks */ - item.data = header->u.fortezza.key; - item.len = sizeof(header->u.fortezza.key); - rv = PK11_WrapSymKey(CKM_SKIPJACK_WRAP, NULL, Ks, key, &item); - PK11_FreeSymKey(Ks); - PK11_FreeSymKey(key); - if (rv != SECSuccess) { - PORT_Free(header); - return NULL; - } - - /* copy our local serial number into header */ - for (i=0; i < sizeof(header->u.fortezza.serial); i++) { - header->u.fortezza.serial[i] = - (fromHex(info.serialNumber[i*2]) << 4) | - fromHex(info.serialNumber[i*2 + 1]); - } - break; - case PRE_FIXED_STREAM: - /* not implemented yet */ - PORT_Free(header); - return NULL; - } - - return(header); -} - -/* - * this one needs to allocate space and work for RSA & FIXED key files as well - */ -PEHeader *SSL_PreencryptedFileToStream(PRFileDesc *fd, PEHeader *header, - int *headerSize) -{ - PK11SymKey *key, *tek, *Ks; - sslSocket *ss; - PK11SlotInfo *slot; - SECStatus rv; - SECItem item; - - *headerSize = 0; /* hack */ - - if (fd == NULL) { - /* XXX set an error */ - return NULL; - } - - ss = ssl_FindSocket(fd); - if (ss == NULL) { - /* XXX set an error */ - return NULL; - } - - PORT_Assert(ss->ssl3 != NULL); - if (ss->ssl3 == NULL) { - return NULL; - } - - /* get the kea context from the session */ - tek = ss->ssl3->fortezza.tek; - if (tek == NULL) { - return NULL; - } - - slot = PK11_GetSlotFromKey(tek); - if (slot == NULL) return NULL; - Ks = PK11_FindFixedKey(slot, CKM_SKIPJACK_WRAP, NULL, PK11_GetWindow(tek)); - PK11_FreeSlot(slot); - if (Ks == NULL) return NULL; - - - /* unwrap with the local Ks */ - item.data = header->u.fortezza.key; - item.len = sizeof(header->u.fortezza.key); - /* rewrap the key with the TEK */ - key = PK11_UnwrapSymKey(Ks,CKM_SKIPJACK_WRAP, - NULL, &item, CKM_SKIPJACK_CBC64, CKA_DECRYPT, 0); - if (key == NULL) { - PK11_FreeSymKey(Ks); - return NULL; - } - - rv = PK11_WrapSymKey(CKM_SKIPJACK_WRAP, NULL, tek, key, &item); - PK11_FreeSymKey(Ks); - PK11_FreeSymKey(key); - if (rv != SECSuccess) { - return NULL; - } - - /* copy over our local serial number */ - PORT_Memset(header->u.fortezza.serial,0,sizeof(header->u.fortezza.serial)); - - /* change type to stream */ - PutInt2(header->type, PRE_FORTEZZA_STREAM); - - return(header); -} - - |