File: | s/lib/pk11wrap/pk11skey.c |
Warning: | line 382, column 9 Value stored to 'type' is never read |
Press '?' to see keyboard shortcuts
Keyboard shortcuts:
1 | /* This Source Code Form is subject to the terms of the Mozilla Public |
2 | * License, v. 2.0. If a copy of the MPL was not distributed with this |
3 | * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
4 | /* |
5 | * This file implements the Symkey wrapper and the PKCS context |
6 | * Interfaces. |
7 | */ |
8 | |
9 | #include <stddef.h> |
10 | #include <limits.h> |
11 | |
12 | #include "seccomon.h" |
13 | #include "secmod.h" |
14 | #include "nssilock.h" |
15 | #include "secmodi.h" |
16 | #include "secmodti.h" |
17 | #include "pkcs11.h" |
18 | #include "pk11func.h" |
19 | #include "secitem.h" |
20 | #include "secoid.h" |
21 | #include "secerr.h" |
22 | #include "hasht.h" |
23 | |
24 | static ECPointEncoding pk11_ECGetPubkeyEncoding(const SECKEYPublicKey *pubKey); |
25 | |
26 | static void |
27 | pk11_EnterKeyMonitor(PK11SymKey *symKey) |
28 | { |
29 | if (!symKey->sessionOwner || !(symKey->slot->isThreadSafe)) |
30 | PK11_EnterSlotMonitor(symKey->slot); |
31 | } |
32 | |
33 | static void |
34 | pk11_ExitKeyMonitor(PK11SymKey *symKey) |
35 | { |
36 | if (!symKey->sessionOwner || !(symKey->slot->isThreadSafe)) |
37 | PK11_ExitSlotMonitor(symKey->slot); |
38 | } |
39 | |
40 | /* |
41 | * pk11_getKeyFromList returns a symKey that has a session (if needSession |
42 | * was specified), or explicitly does not have a session (if needSession |
43 | * was not specified). |
44 | */ |
45 | static PK11SymKey * |
46 | pk11_getKeyFromList(PK11SlotInfo *slot, PRBool needSession) |
47 | { |
48 | PK11SymKey *symKey = NULL((void*)0); |
49 | |
50 | PZ_Lock(slot->freeListLock)PR_Lock((slot->freeListLock)); |
51 | /* own session list are symkeys with sessions that the symkey owns. |
52 | * 'most' symkeys will own their own session. */ |
53 | if (needSession) { |
54 | if (slot->freeSymKeysWithSessionHead) { |
55 | symKey = slot->freeSymKeysWithSessionHead; |
56 | slot->freeSymKeysWithSessionHead = symKey->next; |
57 | slot->keyCount--; |
58 | } |
59 | } |
60 | /* if we don't need a symkey with its own session, or we couldn't find |
61 | * one on the owner list, get one from the non-owner free list. */ |
62 | if (!symKey) { |
63 | if (slot->freeSymKeysHead) { |
64 | symKey = slot->freeSymKeysHead; |
65 | slot->freeSymKeysHead = symKey->next; |
66 | slot->keyCount--; |
67 | } |
68 | } |
69 | PZ_Unlock(slot->freeListLock)PR_Unlock((slot->freeListLock)); |
70 | if (symKey) { |
71 | symKey->next = NULL((void*)0); |
72 | if (!needSession) { |
73 | return symKey; |
74 | } |
75 | /* if we are getting an owner key, make sure we have a valid session. |
76 | * session could be invalid if the token has been removed or because |
77 | * we got it from the non-owner free list */ |
78 | if ((symKey->series != slot->series) || |
79 | (symKey->session == CK_INVALID_HANDLE0)) { |
80 | symKey->session = pk11_GetNewSession(slot, &symKey->sessionOwner); |
81 | } |
82 | PORT_Assert(symKey->session != CK_INVALID_HANDLE)((symKey->session != 0)?((void)0):PR_Assert("symKey->session != CK_INVALID_HANDLE" ,"pk11skey.c",82)); |
83 | if (symKey->session != CK_INVALID_HANDLE0) |
84 | return symKey; |
85 | PK11_FreeSymKey(symKey); |
86 | /* if we are here, we need a session, but couldn't get one, it's |
87 | * unlikely we pk11_GetNewSession will succeed if we call it a second |
88 | * time. */ |
89 | return NULL((void*)0); |
90 | } |
91 | |
92 | symKey = PORT_New(PK11SymKey)(PK11SymKey *)PORT_Alloc_Util(sizeof(PK11SymKey)); |
93 | if (symKey == NULL((void*)0)) { |
94 | return NULL((void*)0); |
95 | } |
96 | |
97 | symKey->next = NULL((void*)0); |
98 | if (needSession) { |
99 | symKey->session = pk11_GetNewSession(slot, &symKey->sessionOwner); |
100 | PORT_Assert(symKey->session != CK_INVALID_HANDLE)((symKey->session != 0)?((void)0):PR_Assert("symKey->session != CK_INVALID_HANDLE" ,"pk11skey.c",100)); |
101 | if (symKey->session == CK_INVALID_HANDLE0) { |
102 | PK11_FreeSymKey(symKey); |
103 | symKey = NULL((void*)0); |
104 | } |
105 | } else { |
106 | symKey->session = CK_INVALID_HANDLE0; |
107 | } |
108 | return symKey; |
109 | } |
110 | |
111 | /* Caller MUST hold slot->freeListLock (or ref count == 0?) !! */ |
112 | void |
113 | PK11_CleanKeyList(PK11SlotInfo *slot) |
114 | { |
115 | PK11SymKey *symKey = NULL((void*)0); |
116 | |
117 | while (slot->freeSymKeysWithSessionHead) { |
118 | symKey = slot->freeSymKeysWithSessionHead; |
119 | slot->freeSymKeysWithSessionHead = symKey->next; |
120 | pk11_CloseSession(slot, symKey->session, symKey->sessionOwner); |
121 | PORT_FreePORT_Free_Util(symKey); |
122 | } |
123 | while (slot->freeSymKeysHead) { |
124 | symKey = slot->freeSymKeysHead; |
125 | slot->freeSymKeysHead = symKey->next; |
126 | pk11_CloseSession(slot, symKey->session, symKey->sessionOwner); |
127 | PORT_FreePORT_Free_Util(symKey); |
128 | } |
129 | return; |
130 | } |
131 | |
132 | /* |
133 | * create a symetric key: |
134 | * Slot is the slot to create the key in. |
135 | * type is the mechanism type |
136 | * owner is does this symKey structure own it's object handle (rare |
137 | * that this is false). |
138 | * needSession means the returned symKey will return with a valid session |
139 | * allocated already. |
140 | */ |
141 | static PK11SymKey * |
142 | pk11_CreateSymKey(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, |
143 | PRBool owner, PRBool needSession, void *wincx) |
144 | { |
145 | |
146 | PK11SymKey *symKey = pk11_getKeyFromList(slot, needSession); |
147 | |
148 | if (symKey == NULL((void*)0)) { |
149 | return NULL((void*)0); |
150 | } |
151 | /* if needSession was specified, make sure we have a valid session. |
152 | * callers which specify needSession as false should do their own |
153 | * check of the session before returning the symKey */ |
154 | if (needSession && symKey->session == CK_INVALID_HANDLE0) { |
155 | PK11_FreeSymKey(symKey); |
156 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_LIBRARY_FAILURE); |
157 | return NULL((void*)0); |
158 | } |
159 | |
160 | symKey->type = type; |
161 | symKey->data.type = siBuffer; |
162 | symKey->data.data = NULL((void*)0); |
163 | symKey->data.len = 0; |
164 | symKey->owner = owner; |
165 | symKey->objectID = CK_INVALID_HANDLE0; |
166 | symKey->slot = slot; |
167 | symKey->series = slot->series; |
168 | symKey->cx = wincx; |
169 | symKey->size = 0; |
170 | symKey->refCount = 1; |
171 | symKey->origin = PK11_OriginNULL; |
172 | symKey->parent = NULL((void*)0); |
173 | symKey->freeFunc = NULL((void*)0); |
174 | symKey->userData = NULL((void*)0); |
175 | PK11_ReferenceSlot(slot); |
176 | return symKey; |
177 | } |
178 | |
179 | /* |
180 | * destroy a symetric key |
181 | */ |
182 | void |
183 | PK11_FreeSymKey(PK11SymKey *symKey) |
184 | { |
185 | PK11SlotInfo *slot; |
186 | PRBool freeit = PR_TRUE1; |
187 | |
188 | if (!symKey) { |
189 | return; |
190 | } |
191 | |
192 | if (PR_ATOMIC_DECREMENT(&symKey->refCount)__sync_sub_and_fetch(&symKey->refCount, 1) == 0) { |
193 | PK11SymKey *parent = symKey->parent; |
194 | |
195 | symKey->parent = NULL((void*)0); |
196 | if ((symKey->owner) && symKey->objectID != CK_INVALID_HANDLE0) { |
197 | pk11_EnterKeyMonitor(symKey); |
198 | (void)PK11_GETTAB(symKey->slot)((CK_FUNCTION_LIST_3_0_PTR)((symKey->slot)->functionList ))->C_DestroyObject(symKey->session, symKey->objectID); |
199 | pk11_ExitKeyMonitor(symKey); |
200 | } |
201 | if (symKey->data.data) { |
202 | PORT_Memsetmemset(symKey->data.data, 0, symKey->data.len); |
203 | PORT_FreePORT_Free_Util(symKey->data.data); |
204 | } |
205 | /* free any existing data */ |
206 | if (symKey->userData && symKey->freeFunc) { |
207 | (*symKey->freeFunc)(symKey->userData); |
208 | } |
209 | slot = symKey->slot; |
210 | PZ_Lock(slot->freeListLock)PR_Lock((slot->freeListLock)); |
211 | if (slot->keyCount < slot->maxKeyCount) { |
212 | /* |
213 | * freeSymkeysWithSessionHead contain a list of reusable |
214 | * SymKey structures with valid sessions. |
215 | * sessionOwner must be true. |
216 | * session must be valid. |
217 | * freeSymKeysHead contain a list of SymKey structures without |
218 | * valid session. |
219 | * session must be CK_INVALID_HANDLE. |
220 | * though sessionOwner is false, callers should not depend on |
221 | * this fact. |
222 | */ |
223 | if (symKey->sessionOwner) { |
224 | PORT_Assert(symKey->session != CK_INVALID_HANDLE)((symKey->session != 0)?((void)0):PR_Assert("symKey->session != CK_INVALID_HANDLE" ,"pk11skey.c",224)); |
225 | symKey->next = slot->freeSymKeysWithSessionHead; |
226 | slot->freeSymKeysWithSessionHead = symKey; |
227 | } else { |
228 | symKey->session = CK_INVALID_HANDLE0; |
229 | symKey->next = slot->freeSymKeysHead; |
230 | slot->freeSymKeysHead = symKey; |
231 | } |
232 | slot->keyCount++; |
233 | symKey->slot = NULL((void*)0); |
234 | freeit = PR_FALSE0; |
235 | } |
236 | PZ_Unlock(slot->freeListLock)PR_Unlock((slot->freeListLock)); |
237 | if (freeit) { |
238 | pk11_CloseSession(symKey->slot, symKey->session, |
239 | symKey->sessionOwner); |
240 | PORT_FreePORT_Free_Util(symKey); |
241 | } |
242 | PK11_FreeSlot(slot); |
243 | |
244 | if (parent) { |
245 | PK11_FreeSymKey(parent); |
246 | } |
247 | } |
248 | } |
249 | |
250 | PK11SymKey * |
251 | PK11_ReferenceSymKey(PK11SymKey *symKey) |
252 | { |
253 | PR_ATOMIC_INCREMENT(&symKey->refCount)__sync_add_and_fetch(&symKey->refCount, 1); |
254 | return symKey; |
255 | } |
256 | |
257 | /* |
258 | * Accessors |
259 | */ |
260 | CK_MECHANISM_TYPE |
261 | PK11_GetMechanism(PK11SymKey *symKey) |
262 | { |
263 | return symKey->type; |
264 | } |
265 | |
266 | /* |
267 | * return the slot associated with a symetric key |
268 | */ |
269 | PK11SlotInfo * |
270 | PK11_GetSlotFromKey(PK11SymKey *symKey) |
271 | { |
272 | return PK11_ReferenceSlot(symKey->slot); |
273 | } |
274 | |
275 | CK_KEY_TYPE |
276 | PK11_GetSymKeyType(PK11SymKey *symKey) |
277 | { |
278 | return PK11_GetKeyType(symKey->type, symKey->size); |
279 | } |
280 | |
281 | PK11SymKey * |
282 | PK11_GetNextSymKey(PK11SymKey *symKey) |
283 | { |
284 | return symKey ? symKey->next : NULL((void*)0); |
285 | } |
286 | |
287 | char * |
288 | PK11_GetSymKeyNickname(PK11SymKey *symKey) |
289 | { |
290 | return PK11_GetObjectNickname(symKey->slot, symKey->objectID); |
291 | } |
292 | |
293 | SECStatus |
294 | PK11_SetSymKeyNickname(PK11SymKey *symKey, const char *nickname) |
295 | { |
296 | return PK11_SetObjectNickname(symKey->slot, symKey->objectID, nickname); |
297 | } |
298 | |
299 | void * |
300 | PK11_GetSymKeyUserData(PK11SymKey *symKey) |
301 | { |
302 | return symKey->userData; |
303 | } |
304 | |
305 | void |
306 | PK11_SetSymKeyUserData(PK11SymKey *symKey, void *userData, |
307 | PK11FreeDataFunc freeFunc) |
308 | { |
309 | /* free any existing data */ |
310 | if (symKey->userData && symKey->freeFunc) { |
311 | (*symKey->freeFunc)(symKey->userData); |
312 | } |
313 | symKey->userData = userData; |
314 | symKey->freeFunc = freeFunc; |
315 | return; |
316 | } |
317 | |
318 | /* |
319 | * turn key handle into an appropriate key object |
320 | */ |
321 | PK11SymKey * |
322 | PK11_SymKeyFromHandle(PK11SlotInfo *slot, PK11SymKey *parent, PK11Origin origin, |
323 | CK_MECHANISM_TYPE type, CK_OBJECT_HANDLE keyID, PRBool owner, void *wincx) |
324 | { |
325 | PK11SymKey *symKey; |
326 | PRBool needSession = !(owner && parent); |
327 | |
328 | if (keyID == CK_INVALID_HANDLE0) { |
329 | return NULL((void*)0); |
330 | } |
331 | |
332 | symKey = pk11_CreateSymKey(slot, type, owner, needSession, wincx); |
333 | if (symKey == NULL((void*)0)) { |
334 | return NULL((void*)0); |
335 | } |
336 | |
337 | symKey->objectID = keyID; |
338 | symKey->origin = origin; |
339 | |
340 | /* adopt the parent's session */ |
341 | /* This is only used by SSL. What we really want here is a session |
342 | * structure with a ref count so the session goes away only after all the |
343 | * keys do. */ |
344 | if (!needSession) { |
345 | symKey->sessionOwner = PR_FALSE0; |
346 | symKey->session = parent->session; |
347 | symKey->parent = PK11_ReferenceSymKey(parent); |
348 | /* This is the only case where pk11_CreateSymKey does not explicitly |
349 | * check symKey->session. We need to assert here to make sure. |
350 | * the session isn't invalid. */ |
351 | PORT_Assert(parent->session != CK_INVALID_HANDLE)((parent->session != 0)?((void)0):PR_Assert("parent->session != CK_INVALID_HANDLE" ,"pk11skey.c",351)); |
352 | if (parent->session == CK_INVALID_HANDLE0) { |
353 | PK11_FreeSymKey(symKey); |
354 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_LIBRARY_FAILURE); |
355 | return NULL((void*)0); |
356 | } |
357 | } |
358 | |
359 | return symKey; |
360 | } |
361 | |
362 | /* |
363 | * Restore a symmetric wrapping key that was saved using PK11_SetWrapKey. |
364 | * |
365 | * This function is provided for ABI compatibility; see PK11_SetWrapKey below. |
366 | */ |
367 | PK11SymKey * |
368 | PK11_GetWrapKey(PK11SlotInfo *slot, int wrap, CK_MECHANISM_TYPE type, |
369 | int series, void *wincx) |
370 | { |
371 | PK11SymKey *symKey = NULL((void*)0); |
372 | CK_OBJECT_HANDLE keyHandle; |
373 | |
374 | PK11_EnterSlotMonitor(slot); |
375 | if (slot->series != series || |
376 | slot->refKeys[wrap] == CK_INVALID_HANDLE0) { |
377 | PK11_ExitSlotMonitor(slot); |
378 | return NULL((void*)0); |
379 | } |
380 | |
381 | if (type == CKM_INVALID_MECHANISM0xffffffffUL) { |
382 | type = slot->wrapMechanism; |
Value stored to 'type' is never read | |
383 | } |
384 | |
385 | keyHandle = slot->refKeys[wrap]; |
386 | PK11_ExitSlotMonitor(slot); |
387 | symKey = PK11_SymKeyFromHandle(slot, NULL((void*)0), PK11_OriginDerive, |
388 | slot->wrapMechanism, keyHandle, PR_FALSE0, wincx); |
389 | return symKey; |
390 | } |
391 | |
392 | /* |
393 | * This function sets an attribute on the current slot with a wrapping key. The |
394 | * data saved is ephemeral; it needs to be run every time the program is |
395 | * invoked. |
396 | * |
397 | * Since NSS 3.45, this function is marginally more thread safe. It uses the |
398 | * slot lock (if present) and fails silently if a value is already set. Use |
399 | * PK11_GetWrapKey() after calling this function to get the current wrapping key |
400 | * in case there was an update on another thread. |
401 | * |
402 | * Either way, using this function is inadvisable. It's provided for ABI |
403 | * compatibility only. |
404 | */ |
405 | void |
406 | PK11_SetWrapKey(PK11SlotInfo *slot, int wrap, PK11SymKey *wrapKey) |
407 | { |
408 | PK11_EnterSlotMonitor(slot); |
409 | if (wrap >= 0) { |
410 | size_t uwrap = (size_t)wrap; |
411 | if (uwrap < PR_ARRAY_SIZE(slot->refKeys)(sizeof(slot->refKeys)/sizeof((slot->refKeys)[0])) && |
412 | slot->refKeys[uwrap] == CK_INVALID_HANDLE0) { |
413 | /* save the handle and mechanism for the wrapping key */ |
414 | /* mark the key and session as not owned by us so they don't get |
415 | * freed when the key goes way... that lets us reuse the key |
416 | * later */ |
417 | slot->refKeys[uwrap] = wrapKey->objectID; |
418 | wrapKey->owner = PR_FALSE0; |
419 | wrapKey->sessionOwner = PR_FALSE0; |
420 | slot->wrapMechanism = wrapKey->type; |
421 | } |
422 | } |
423 | PK11_ExitSlotMonitor(slot); |
424 | } |
425 | |
426 | /* |
427 | * figure out if a key is still valid or if it is stale. |
428 | */ |
429 | PRBool |
430 | PK11_VerifyKeyOK(PK11SymKey *key) |
431 | { |
432 | if (!PK11_IsPresent(key->slot)) { |
433 | return PR_FALSE0; |
434 | } |
435 | return (PRBool)(key->series == key->slot->series); |
436 | } |
437 | |
438 | static PK11SymKey * |
439 | pk11_ImportSymKeyWithTempl(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, |
440 | PK11Origin origin, PRBool isToken, CK_ATTRIBUTE *keyTemplate, |
441 | unsigned int templateCount, SECItem *key, void *wincx) |
442 | { |
443 | PK11SymKey *symKey; |
444 | SECStatus rv; |
445 | |
446 | symKey = pk11_CreateSymKey(slot, type, !isToken, PR_TRUE1, wincx); |
447 | if (symKey == NULL((void*)0)) { |
448 | return NULL((void*)0); |
449 | } |
450 | |
451 | symKey->size = key->len; |
452 | |
453 | PK11_SETATTRS(&keyTemplate[templateCount], CKA_VALUE, key->data, key->len)(&keyTemplate[templateCount])->type = (0x00000011UL); ( &keyTemplate[templateCount])->pValue = (key->data); (&keyTemplate[templateCount])->ulValueLen = (key-> len);; |
454 | templateCount++; |
455 | |
456 | if (SECITEM_CopyItemSECITEM_CopyItem_Util(NULL((void*)0), &symKey->data, key) != SECSuccess) { |
457 | PK11_FreeSymKey(symKey); |
458 | return NULL((void*)0); |
459 | } |
460 | |
461 | symKey->origin = origin; |
462 | |
463 | /* import the keys */ |
464 | rv = PK11_CreateNewObject(slot, symKey->session, keyTemplate, |
465 | templateCount, isToken, &symKey->objectID); |
466 | if (rv != SECSuccess) { |
467 | PK11_FreeSymKey(symKey); |
468 | return NULL((void*)0); |
469 | } |
470 | |
471 | return symKey; |
472 | } |
473 | |
474 | /* |
475 | * turn key bits into an appropriate key object |
476 | */ |
477 | PK11SymKey * |
478 | PK11_ImportSymKey(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, |
479 | PK11Origin origin, CK_ATTRIBUTE_TYPE operation, SECItem *key, void *wincx) |
480 | { |
481 | PK11SymKey *symKey; |
482 | unsigned int templateCount = 0; |
483 | CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY0x00000004UL; |
484 | CK_KEY_TYPE keyType = CKK_GENERIC_SECRET0x00000010UL; |
485 | CK_BBOOL cktrue = CK_TRUE1; /* sigh */ |
486 | CK_ATTRIBUTE keyTemplate[5]; |
487 | CK_ATTRIBUTE *attrs = keyTemplate; |
488 | |
489 | /* CKA_NSS_MESSAGE is a fake operation to distinguish between |
490 | * Normal Encrypt/Decrypt and MessageEncrypt/Decrypt. Don't try to set |
491 | * it as a real attribute */ |
492 | if ((operation & CKA_NSS_MESSAGE_MASK0xff000000L) == CKA_NSS_MESSAGE0x82000000L) { |
493 | /* Message is or'd with a real Attribute (CKA_ENCRYPT, CKA_DECRYPT), |
494 | * etc. Strip out the real attribute here */ |
495 | operation &= ~CKA_NSS_MESSAGE_MASK0xff000000L; |
496 | } |
497 | |
498 | PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, sizeof(keyClass))(attrs)->type = (0x00000000UL); (attrs)->pValue = (& keyClass); (attrs)->ulValueLen = (sizeof(keyClass));; |
499 | attrs++; |
500 | PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof(keyType))(attrs)->type = (0x00000100UL); (attrs)->pValue = (& keyType); (attrs)->ulValueLen = (sizeof(keyType));; |
501 | attrs++; |
502 | PK11_SETATTRS(attrs, operation, &cktrue, 1)(attrs)->type = (operation); (attrs)->pValue = (&cktrue ); (attrs)->ulValueLen = (1);; |
503 | attrs++; |
504 | templateCount = attrs - keyTemplate; |
505 | PR_ASSERT(templateCount + 1 <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE))((templateCount + 1 <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE ))?((void)0):PR_Assert("templateCount + 1 <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE)" ,"pk11skey.c",505)); |
506 | |
507 | keyType = PK11_GetKeyType(type, key->len); |
508 | symKey = pk11_ImportSymKeyWithTempl(slot, type, origin, PR_FALSE0, |
509 | keyTemplate, templateCount, key, wincx); |
510 | return symKey; |
511 | } |
512 | /* Import a PKCS #11 data object and return it as a key. This key is |
513 | * only useful in a limited number of mechanisms, such as HKDF. */ |
514 | PK11SymKey * |
515 | PK11_ImportDataKey(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, PK11Origin origin, |
516 | CK_ATTRIBUTE_TYPE operation, SECItem *key, void *wincx) |
517 | { |
518 | CK_OBJECT_CLASS ckoData = CKO_DATA0x00000000UL; |
519 | CK_ATTRIBUTE template[2] = { { CKA_CLASS0x00000000UL, (CK_BYTE_PTR)&ckoData, sizeof(ckoData) }, |
520 | { CKA_VALUE0x00000011UL, (CK_BYTE_PTR)key->data, key->len } }; |
521 | CK_OBJECT_HANDLE handle; |
522 | PK11GenericObject *genObject; |
523 | |
524 | genObject = PK11_CreateGenericObject(slot, template, PR_ARRAY_SIZE(template)(sizeof(template)/sizeof((template)[0])), PR_FALSE0); |
525 | if (genObject == NULL((void*)0)) { |
526 | return NULL((void*)0); |
527 | } |
528 | handle = PK11_GetObjectHandle(PK11_TypeGeneric, genObject, NULL((void*)0)); |
529 | /* A note about ownership of the PKCS #11 handle: |
530 | * PK11_CreateGenericObject() will not destroy the object it creates |
531 | * on Free, For that you want PK11_CreateManagedGenericObject(). |
532 | * Below we import the handle into the symKey structure. We pass |
533 | * PR_TRUE as the owner so that the symKey will destroy the object |
534 | * once it's freed. This is why it's safe to destroy genObject now. */ |
535 | PK11_DestroyGenericObject(genObject); |
536 | if (handle == CK_INVALID_HANDLE0) { |
537 | return NULL((void*)0); |
538 | } |
539 | return PK11_SymKeyFromHandle(slot, NULL((void*)0), origin, type, handle, PR_TRUE1, wincx); |
540 | } |
541 | |
542 | /* turn key bits into an appropriate key object */ |
543 | PK11SymKey * |
544 | PK11_ImportSymKeyWithFlags(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, |
545 | PK11Origin origin, CK_ATTRIBUTE_TYPE operation, SECItem *key, |
546 | CK_FLAGS flags, PRBool isPerm, void *wincx) |
547 | { |
548 | PK11SymKey *symKey; |
549 | unsigned int templateCount = 0; |
550 | CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY0x00000004UL; |
551 | CK_KEY_TYPE keyType = CKK_GENERIC_SECRET0x00000010UL; |
552 | CK_BBOOL cktrue = CK_TRUE1; /* sigh */ |
553 | CK_ATTRIBUTE keyTemplate[MAX_TEMPL_ATTRS16]; |
554 | CK_ATTRIBUTE *attrs = keyTemplate; |
555 | |
556 | /* CKA_NSS_MESSAGE is a fake operation to distinguish between |
557 | * Normal Encrypt/Decrypt and MessageEncrypt/Decrypt. Don't try to set |
558 | * it as a real attribute */ |
559 | if ((operation & CKA_NSS_MESSAGE_MASK0xff000000L) == CKA_NSS_MESSAGE0x82000000L) { |
560 | /* Message is or'd with a real Attribute (CKA_ENCRYPT, CKA_DECRYPT), |
561 | * etc. Strip out the real attribute here */ |
562 | operation &= ~CKA_NSS_MESSAGE_MASK0xff000000L; |
563 | } |
564 | |
565 | PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, sizeof(keyClass))(attrs)->type = (0x00000000UL); (attrs)->pValue = (& keyClass); (attrs)->ulValueLen = (sizeof(keyClass));; |
566 | attrs++; |
567 | PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof(keyType))(attrs)->type = (0x00000100UL); (attrs)->pValue = (& keyType); (attrs)->ulValueLen = (sizeof(keyType));; |
568 | attrs++; |
569 | if (isPerm) { |
570 | PK11_SETATTRS(attrs, CKA_TOKEN, &cktrue, sizeof(cktrue))(attrs)->type = (0x00000001UL); (attrs)->pValue = (& cktrue); (attrs)->ulValueLen = (sizeof(cktrue));; |
571 | attrs++; |
572 | /* sigh some tokens think CKA_PRIVATE = false is a reasonable |
573 | * default for secret keys */ |
574 | PK11_SETATTRS(attrs, CKA_PRIVATE, &cktrue, sizeof(cktrue))(attrs)->type = (0x00000002UL); (attrs)->pValue = (& cktrue); (attrs)->ulValueLen = (sizeof(cktrue));; |
575 | attrs++; |
576 | } |
577 | attrs += pk11_OpFlagsToAttributes(flags, attrs, &cktrue); |
578 | if ((operation != CKA_FLAGS_ONLY0) && |
579 | !pk11_FindAttrInTemplate(keyTemplate, attrs - keyTemplate, operation)) { |
580 | PK11_SETATTRS(attrs, operation, &cktrue, sizeof(cktrue))(attrs)->type = (operation); (attrs)->pValue = (&cktrue ); (attrs)->ulValueLen = (sizeof(cktrue));; |
581 | attrs++; |
582 | } |
583 | templateCount = attrs - keyTemplate; |
584 | PR_ASSERT(templateCount + 1 <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE))((templateCount + 1 <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE ))?((void)0):PR_Assert("templateCount + 1 <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE)" ,"pk11skey.c",584)); |
585 | |
586 | keyType = PK11_GetKeyType(type, key->len); |
587 | symKey = pk11_ImportSymKeyWithTempl(slot, type, origin, isPerm, |
588 | keyTemplate, templateCount, key, wincx); |
589 | if (symKey && isPerm) { |
590 | symKey->owner = PR_FALSE0; |
591 | } |
592 | return symKey; |
593 | } |
594 | |
595 | PK11SymKey * |
596 | PK11_FindFixedKey(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, SECItem *keyID, |
597 | void *wincx) |
598 | { |
599 | CK_ATTRIBUTE findTemp[4]; |
600 | CK_ATTRIBUTE *attrs; |
601 | CK_BBOOL ckTrue = CK_TRUE1; |
602 | CK_OBJECT_CLASS keyclass = CKO_SECRET_KEY0x00000004UL; |
603 | size_t tsize = 0; |
604 | CK_OBJECT_HANDLE key_id; |
605 | |
606 | attrs = findTemp; |
607 | PK11_SETATTRS(attrs, CKA_CLASS, &keyclass, sizeof(keyclass))(attrs)->type = (0x00000000UL); (attrs)->pValue = (& keyclass); (attrs)->ulValueLen = (sizeof(keyclass));; |
608 | attrs++; |
609 | PK11_SETATTRS(attrs, CKA_TOKEN, &ckTrue, sizeof(ckTrue))(attrs)->type = (0x00000001UL); (attrs)->pValue = (& ckTrue); (attrs)->ulValueLen = (sizeof(ckTrue));; |
610 | attrs++; |
611 | if (keyID) { |
612 | PK11_SETATTRS(attrs, CKA_ID, keyID->data, keyID->len)(attrs)->type = (0x00000102UL); (attrs)->pValue = (keyID ->data); (attrs)->ulValueLen = (keyID->len);; |
613 | attrs++; |
614 | } |
615 | tsize = attrs - findTemp; |
616 | PORT_Assert(tsize <= sizeof(findTemp) / sizeof(CK_ATTRIBUTE))((tsize <= sizeof(findTemp) / sizeof(CK_ATTRIBUTE))?((void )0):PR_Assert("tsize <= sizeof(findTemp) / sizeof(CK_ATTRIBUTE)" ,"pk11skey.c",616)); |
617 | |
618 | key_id = pk11_FindObjectByTemplate(slot, findTemp, tsize); |
619 | if (key_id == CK_INVALID_HANDLE0) { |
620 | return NULL((void*)0); |
621 | } |
622 | return PK11_SymKeyFromHandle(slot, NULL((void*)0), PK11_OriginDerive, type, key_id, |
623 | PR_FALSE0, wincx); |
624 | } |
625 | |
626 | PK11SymKey * |
627 | PK11_ListFixedKeysInSlot(PK11SlotInfo *slot, char *nickname, void *wincx) |
628 | { |
629 | CK_ATTRIBUTE findTemp[4]; |
630 | CK_ATTRIBUTE *attrs; |
631 | CK_BBOOL ckTrue = CK_TRUE1; |
632 | CK_OBJECT_CLASS keyclass = CKO_SECRET_KEY0x00000004UL; |
633 | int tsize = 0; |
634 | int objCount = 0; |
635 | CK_OBJECT_HANDLE *key_ids; |
636 | PK11SymKey *nextKey = NULL((void*)0); |
637 | PK11SymKey *topKey = NULL((void*)0); |
638 | int i, len; |
639 | |
640 | attrs = findTemp; |
641 | PK11_SETATTRS(attrs, CKA_CLASS, &keyclass, sizeof(keyclass))(attrs)->type = (0x00000000UL); (attrs)->pValue = (& keyclass); (attrs)->ulValueLen = (sizeof(keyclass));; |
642 | attrs++; |
643 | PK11_SETATTRS(attrs, CKA_TOKEN, &ckTrue, sizeof(ckTrue))(attrs)->type = (0x00000001UL); (attrs)->pValue = (& ckTrue); (attrs)->ulValueLen = (sizeof(ckTrue));; |
644 | attrs++; |
645 | if (nickname) { |
646 | len = PORT_Strlen(nickname)strlen(nickname); |
647 | PK11_SETATTRS(attrs, CKA_LABEL, nickname, len)(attrs)->type = (0x00000003UL); (attrs)->pValue = (nickname ); (attrs)->ulValueLen = (len);; |
648 | attrs++; |
649 | } |
650 | tsize = attrs - findTemp; |
651 | PORT_Assert(tsize <= sizeof(findTemp) / sizeof(CK_ATTRIBUTE))((tsize <= sizeof(findTemp) / sizeof(CK_ATTRIBUTE))?((void )0):PR_Assert("tsize <= sizeof(findTemp) / sizeof(CK_ATTRIBUTE)" ,"pk11skey.c",651)); |
652 | |
653 | key_ids = pk11_FindObjectsByTemplate(slot, findTemp, tsize, &objCount); |
654 | if (key_ids == NULL((void*)0)) { |
655 | return NULL((void*)0); |
656 | } |
657 | |
658 | for (i = 0; i < objCount; i++) { |
659 | SECItem typeData; |
660 | CK_KEY_TYPE type = CKK_GENERIC_SECRET0x00000010UL; |
661 | SECStatus rv = PK11_ReadAttribute(slot, key_ids[i], |
662 | CKA_KEY_TYPE0x00000100UL, NULL((void*)0), &typeData); |
663 | if (rv == SECSuccess) { |
664 | if (typeData.len == sizeof(CK_KEY_TYPE)) { |
665 | type = *(CK_KEY_TYPE *)typeData.data; |
666 | } |
667 | PORT_FreePORT_Free_Util(typeData.data); |
668 | } |
669 | nextKey = PK11_SymKeyFromHandle(slot, NULL((void*)0), PK11_OriginDerive, |
670 | PK11_GetKeyMechanism(type), key_ids[i], PR_FALSE0, wincx); |
671 | if (nextKey) { |
672 | nextKey->next = topKey; |
673 | topKey = nextKey; |
674 | } |
675 | } |
676 | PORT_FreePORT_Free_Util(key_ids); |
677 | return topKey; |
678 | } |
679 | |
680 | void * |
681 | PK11_GetWindow(PK11SymKey *key) |
682 | { |
683 | return key->cx; |
684 | } |
685 | |
686 | /* |
687 | * extract a symmetric key value. NOTE: if the key is sensitive, we will |
688 | * not be able to do this operation. This function is used to move |
689 | * keys from one token to another */ |
690 | SECStatus |
691 | PK11_ExtractKeyValue(PK11SymKey *symKey) |
692 | { |
693 | SECStatus rv; |
694 | |
695 | if (symKey == NULL((void*)0)) { |
696 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); |
697 | return SECFailure; |
698 | } |
699 | |
700 | if (symKey->data.data != NULL((void*)0)) { |
701 | if (symKey->size == 0) { |
702 | symKey->size = symKey->data.len; |
703 | } |
704 | return SECSuccess; |
705 | } |
706 | |
707 | if (symKey->slot == NULL((void*)0)) { |
708 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_KEY); |
709 | return SECFailure; |
710 | } |
711 | |
712 | rv = PK11_ReadAttribute(symKey->slot, symKey->objectID, CKA_VALUE0x00000011UL, NULL((void*)0), |
713 | &symKey->data); |
714 | if (rv == SECSuccess) { |
715 | symKey->size = symKey->data.len; |
716 | } |
717 | return rv; |
718 | } |
719 | |
720 | SECStatus |
721 | PK11_DeleteTokenSymKey(PK11SymKey *symKey) |
722 | { |
723 | if (!PK11_IsPermObject(symKey->slot, symKey->objectID)) { |
724 | return SECFailure; |
725 | } |
726 | PK11_DestroyTokenObject(symKey->slot, symKey->objectID); |
727 | symKey->objectID = CK_INVALID_HANDLE0; |
728 | return SECSuccess; |
729 | } |
730 | |
731 | SECItem * |
732 | PK11_GetKeyData(PK11SymKey *symKey) |
733 | { |
734 | return &symKey->data; |
735 | } |
736 | |
737 | /* This symbol is exported for backward compatibility. */ |
738 | SECItem * |
739 | __PK11_GetKeyData(PK11SymKey *symKey) |
740 | { |
741 | return PK11_GetKeyData(symKey); |
742 | } |
743 | |
744 | /* |
745 | * PKCS #11 key Types with predefined length |
746 | */ |
747 | unsigned int |
748 | pk11_GetPredefinedKeyLength(CK_KEY_TYPE keyType) |
749 | { |
750 | int length = 0; |
751 | switch (keyType) { |
752 | case CKK_DES0x00000013UL: |
753 | length = 8; |
754 | break; |
755 | case CKK_DES20x00000014UL: |
756 | length = 16; |
757 | break; |
758 | case CKK_DES30x00000015UL: |
759 | length = 24; |
760 | break; |
761 | case CKK_SKIPJACK0x0000001BUL: |
762 | length = 10; |
763 | break; |
764 | case CKK_BATON0x0000001CUL: |
765 | length = 20; |
766 | break; |
767 | case CKK_JUNIPER0x0000001DUL: |
768 | length = 20; |
769 | break; |
770 | default: |
771 | break; |
772 | } |
773 | return length; |
774 | } |
775 | |
776 | /* return the keylength if possible. '0' if not */ |
777 | unsigned int |
778 | PK11_GetKeyLength(PK11SymKey *key) |
779 | { |
780 | CK_KEY_TYPE keyType; |
781 | |
782 | if (key->size != 0) |
783 | return key->size; |
784 | |
785 | /* First try to figure out the key length from its type */ |
786 | keyType = PK11_ReadULongAttribute(key->slot, key->objectID, CKA_KEY_TYPE0x00000100UL); |
787 | key->size = pk11_GetPredefinedKeyLength(keyType); |
788 | if ((keyType == CKK_GENERIC_SECRET0x00000010UL) && |
789 | (key->type == CKM_SSL3_PRE_MASTER_KEY_GEN0x00000370UL)) { |
790 | key->size = 48; |
791 | } |
792 | |
793 | if (key->size != 0) |
794 | return key->size; |
795 | |
796 | if (key->data.data == NULL((void*)0)) { |
797 | PK11_ExtractKeyValue(key); |
798 | } |
799 | /* key is probably secret. Look up its length */ |
800 | /* this is new PKCS #11 version 2.0 functionality. */ |
801 | if (key->size == 0) { |
802 | CK_ULONG keyLength; |
803 | |
804 | keyLength = PK11_ReadULongAttribute(key->slot, key->objectID, CKA_VALUE_LEN0x00000161UL); |
805 | if (keyLength != CK_UNAVAILABLE_INFORMATION(~0UL)) { |
806 | key->size = (unsigned int)keyLength; |
807 | } |
808 | } |
809 | |
810 | return key->size; |
811 | } |
812 | |
813 | /* return the strength of a key. This is different from length in that |
814 | * 1) it returns the size in bits, and 2) it returns only the secret portions |
815 | * of the key minus any checksums or parity. |
816 | */ |
817 | unsigned int |
818 | PK11_GetKeyStrength(PK11SymKey *key, SECAlgorithmID *algid) |
819 | { |
820 | int size = 0; |
821 | CK_MECHANISM_TYPE mechanism = CKM_INVALID_MECHANISM0xffffffffUL; /* RC2 only */ |
822 | SECItem *param = NULL((void*)0); /* RC2 only */ |
823 | CK_RC2_CBC_PARAMS *rc2_params = NULL((void*)0); /* RC2 ONLY */ |
824 | unsigned int effectiveBits = 0; /* RC2 ONLY */ |
825 | |
826 | switch (PK11_GetKeyType(key->type, 0)) { |
827 | case CKK_CDMF0x0000001EUL: |
828 | return 40; |
829 | case CKK_DES0x00000013UL: |
830 | return 56; |
831 | case CKK_DES30x00000015UL: |
832 | case CKK_DES20x00000014UL: |
833 | size = PK11_GetKeyLength(key); |
834 | if (size == 16) { |
835 | /* double des */ |
836 | return 112; /* 16*7 */ |
837 | } |
838 | return 168; |
839 | /* |
840 | * RC2 has is different than other ciphers in that it allows the user |
841 | * to deprecating keysize while still requiring all the bits for the |
842 | * original key. The info |
843 | * on what the effective key strength is in the parameter for the key. |
844 | * In S/MIME this parameter is stored in the DER encoded algid. In Our |
845 | * other uses of RC2, effectiveBits == keyBits, so this code functions |
846 | * correctly without an algid. |
847 | */ |
848 | case CKK_RC20x00000011UL: |
849 | /* if no algid was provided, fall through to default */ |
850 | if (!algid) { |
851 | break; |
852 | } |
853 | /* verify that the algid is for RC2 */ |
854 | mechanism = PK11_AlgtagToMechanism(SECOID_GetAlgorithmTagSECOID_GetAlgorithmTag_Util(algid)); |
855 | if ((mechanism != CKM_RC2_CBC0x00000102UL) && (mechanism != CKM_RC2_ECB0x00000101UL)) { |
856 | break; |
857 | } |
858 | |
859 | /* now get effective bits from the algorithm ID. */ |
860 | param = PK11_ParamFromAlgid(algid); |
861 | /* if we couldn't get memory just use key length */ |
862 | if (param == NULL((void*)0)) { |
863 | break; |
864 | } |
865 | |
866 | rc2_params = (CK_RC2_CBC_PARAMS *)param->data; |
867 | /* paranoia... shouldn't happen */ |
868 | PORT_Assert(param->data != NULL)((param->data != ((void*)0))?((void)0):PR_Assert("param->data != NULL" ,"pk11skey.c",868)); |
869 | if (param->data == NULL((void*)0)) { |
870 | SECITEM_FreeItemSECITEM_FreeItem_Util(param, PR_TRUE1); |
871 | break; |
872 | } |
873 | effectiveBits = (unsigned int)rc2_params->ulEffectiveBits; |
874 | SECITEM_FreeItemSECITEM_FreeItem_Util(param, PR_TRUE1); |
875 | param = NULL((void*)0); |
876 | rc2_params = NULL((void*)0); /* paranoia */ |
877 | |
878 | /* we have effective bits, is and allocated memory is free, now |
879 | * we need to return the smaller of effective bits and keysize */ |
880 | size = PK11_GetKeyLength(key); |
881 | if ((unsigned int)size * 8 > effectiveBits) { |
882 | return effectiveBits; |
883 | } |
884 | |
885 | return size * 8; /* the actual key is smaller, the strength can't be |
886 | * greater than the actual key size */ |
887 | |
888 | default: |
889 | break; |
890 | } |
891 | return PK11_GetKeyLength(key) * 8; |
892 | } |
893 | |
894 | /* |
895 | * The next three utilities are to deal with the fact that a given operation |
896 | * may be a multi-slot affair. This creates a new key object that is copied |
897 | * into the new slot. |
898 | */ |
899 | PK11SymKey * |
900 | pk11_CopyToSlotPerm(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, |
901 | CK_ATTRIBUTE_TYPE operation, CK_FLAGS flags, |
902 | PRBool isPerm, PK11SymKey *symKey) |
903 | { |
904 | SECStatus rv; |
905 | PK11SymKey *newKey = NULL((void*)0); |
906 | |
907 | /* Extract the raw key data if possible */ |
908 | if (symKey->data.data == NULL((void*)0)) { |
909 | rv = PK11_ExtractKeyValue(symKey); |
910 | /* KEY is sensitive, we're try key exchanging it. */ |
911 | if (rv != SECSuccess) { |
912 | return pk11_KeyExchange(slot, type, operation, |
913 | flags, isPerm, symKey); |
914 | } |
915 | } |
916 | |
917 | newKey = PK11_ImportSymKeyWithFlags(slot, type, symKey->origin, |
918 | operation, &symKey->data, flags, isPerm, symKey->cx); |
919 | if (newKey == NULL((void*)0)) { |
920 | newKey = pk11_KeyExchange(slot, type, operation, flags, isPerm, symKey); |
921 | } |
922 | return newKey; |
923 | } |
924 | |
925 | PK11SymKey * |
926 | pk11_CopyToSlot(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, |
927 | CK_ATTRIBUTE_TYPE operation, PK11SymKey *symKey) |
928 | { |
929 | return pk11_CopyToSlotPerm(slot, type, operation, 0, PR_FALSE0, symKey); |
930 | } |
931 | |
932 | /* |
933 | * Make sure the slot we are in is the correct slot for the operation |
934 | * by verifying that it supports all of the specified mechanism types. |
935 | */ |
936 | PK11SymKey * |
937 | pk11_ForceSlotMultiple(PK11SymKey *symKey, CK_MECHANISM_TYPE *type, |
938 | int mechCount, CK_ATTRIBUTE_TYPE operation) |
939 | { |
940 | PK11SlotInfo *slot = symKey->slot; |
941 | PK11SymKey *newKey = NULL((void*)0); |
942 | PRBool needToCopy = PR_FALSE0; |
943 | int i; |
944 | |
945 | if (slot == NULL((void*)0)) { |
946 | needToCopy = PR_TRUE1; |
947 | } else { |
948 | i = 0; |
949 | while ((i < mechCount) && (needToCopy == PR_FALSE0)) { |
950 | if (!PK11_DoesMechanism(slot, type[i])) { |
951 | needToCopy = PR_TRUE1; |
952 | } |
953 | i++; |
954 | } |
955 | } |
956 | |
957 | if (needToCopy == PR_TRUE1) { |
958 | slot = PK11_GetBestSlotMultiple(type, mechCount, symKey->cx); |
959 | if (slot == NULL((void*)0)) { |
960 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MODULE); |
961 | return NULL((void*)0); |
962 | } |
963 | newKey = pk11_CopyToSlot(slot, type[0], operation, symKey); |
964 | PK11_FreeSlot(slot); |
965 | } |
966 | return newKey; |
967 | } |
968 | |
969 | /* |
970 | * Make sure the slot we are in is the correct slot for the operation |
971 | */ |
972 | PK11SymKey * |
973 | pk11_ForceSlot(PK11SymKey *symKey, CK_MECHANISM_TYPE type, |
974 | CK_ATTRIBUTE_TYPE operation) |
975 | { |
976 | return pk11_ForceSlotMultiple(symKey, &type, 1, operation); |
977 | } |
978 | |
979 | PK11SymKey * |
980 | PK11_MoveSymKey(PK11SlotInfo *slot, CK_ATTRIBUTE_TYPE operation, |
981 | CK_FLAGS flags, PRBool perm, PK11SymKey *symKey) |
982 | { |
983 | if (symKey->slot == slot) { |
984 | if (perm) { |
985 | return PK11_ConvertSessionSymKeyToTokenSymKey(symKey, symKey->cx); |
986 | } else { |
987 | return PK11_ReferenceSymKey(symKey); |
988 | } |
989 | } |
990 | |
991 | return pk11_CopyToSlotPerm(slot, symKey->type, |
992 | operation, flags, perm, symKey); |
993 | } |
994 | |
995 | /* |
996 | * Use the token to generate a key. |
997 | * |
998 | * keySize must be 'zero' for fixed key length algorithms. A nonzero |
999 | * keySize causes the CKA_VALUE_LEN attribute to be added to the template |
1000 | * for the key. Most PKCS #11 modules fail if you specify the CKA_VALUE_LEN |
1001 | * attribute for keys with fixed length. The exception is DES2. If you |
1002 | * select a CKM_DES3_CBC mechanism, this code will not add the CKA_VALUE_LEN |
1003 | * parameter and use the key size to determine which underlying DES keygen |
1004 | * function to use (CKM_DES2_KEY_GEN or CKM_DES3_KEY_GEN). |
1005 | * |
1006 | * keyType must be -1 for most algorithms. Some PBE algorthims cannot |
1007 | * determine the correct key type from the mechanism or the parameters, |
1008 | * so key type must be specified. Other PKCS #11 mechanisms may do so in |
1009 | * the future. Currently there is no need to export this publically. |
1010 | * Keep it private until there is a need in case we need to expand the |
1011 | * keygen parameters again... |
1012 | * |
1013 | * CK_FLAGS flags: key operation flags |
1014 | * PK11AttrFlags attrFlags: PK11_ATTR_XXX key attribute flags |
1015 | */ |
1016 | PK11SymKey * |
1017 | pk11_TokenKeyGenWithFlagsAndKeyType(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, |
1018 | SECItem *param, CK_KEY_TYPE keyType, int keySize, SECItem *keyid, |
1019 | CK_FLAGS opFlags, PK11AttrFlags attrFlags, void *wincx) |
1020 | { |
1021 | PK11SymKey *symKey; |
1022 | CK_ATTRIBUTE genTemplate[MAX_TEMPL_ATTRS16]; |
1023 | CK_ATTRIBUTE *attrs = genTemplate; |
1024 | int count = sizeof(genTemplate) / sizeof(genTemplate[0]); |
1025 | CK_MECHANISM_TYPE keyGenType; |
1026 | CK_BBOOL cktrue = CK_TRUE1; |
1027 | CK_BBOOL ckfalse = CK_FALSE0; |
1028 | CK_ULONG ck_key_size; /* only used for variable-length keys */ |
1029 | |
1030 | if (pk11_BadAttrFlags(attrFlags)) { |
1031 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); |
1032 | return NULL((void*)0); |
1033 | } |
1034 | |
1035 | if ((keySize != 0) && (type != CKM_DES3_CBC0x00000133UL) && |
1036 | (type != CKM_DES3_CBC_PAD0x00000136UL) && (type != CKM_DES3_ECB0x00000132UL)) { |
1037 | ck_key_size = keySize; /* Convert to PK11 type */ |
1038 | |
1039 | PK11_SETATTRS(attrs, CKA_VALUE_LEN, &ck_key_size, sizeof(ck_key_size))(attrs)->type = (0x00000161UL); (attrs)->pValue = (& ck_key_size); (attrs)->ulValueLen = (sizeof(ck_key_size));; |
1040 | attrs++; |
1041 | } |
1042 | |
1043 | if (keyType != -1) { |
1044 | PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof(CK_KEY_TYPE))(attrs)->type = (0x00000100UL); (attrs)->pValue = (& keyType); (attrs)->ulValueLen = (sizeof(CK_KEY_TYPE));; |
1045 | attrs++; |
1046 | } |
1047 | |
1048 | /* Include key id value if provided */ |
1049 | if (keyid) { |
1050 | PK11_SETATTRS(attrs, CKA_ID, keyid->data, keyid->len)(attrs)->type = (0x00000102UL); (attrs)->pValue = (keyid ->data); (attrs)->ulValueLen = (keyid->len);; |
1051 | attrs++; |
1052 | } |
1053 | |
1054 | attrs += pk11_AttrFlagsToAttributes(attrFlags, attrs, &cktrue, &ckfalse); |
1055 | attrs += pk11_OpFlagsToAttributes(opFlags, attrs, &cktrue); |
1056 | |
1057 | count = attrs - genTemplate; |
1058 | PR_ASSERT(count <= sizeof(genTemplate) / sizeof(CK_ATTRIBUTE))((count <= sizeof(genTemplate) / sizeof(CK_ATTRIBUTE))?((void )0):PR_Assert("count <= sizeof(genTemplate) / sizeof(CK_ATTRIBUTE)" ,"pk11skey.c",1058)); |
1059 | |
1060 | keyGenType = PK11_GetKeyGenWithSize(type, keySize); |
1061 | if (keyGenType == CKM_FAKE_RANDOM0x80000efeUL) { |
1062 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MODULE); |
1063 | return NULL((void*)0); |
1064 | } |
1065 | symKey = PK11_KeyGenWithTemplate(slot, type, keyGenType, |
1066 | param, genTemplate, count, wincx); |
1067 | if (symKey != NULL((void*)0)) { |
1068 | symKey->size = keySize; |
1069 | } |
1070 | return symKey; |
1071 | } |
1072 | |
1073 | /* |
1074 | * Use the token to generate a key. - Public |
1075 | * |
1076 | * keySize must be 'zero' for fixed key length algorithms. A nonzero |
1077 | * keySize causes the CKA_VALUE_LEN attribute to be added to the template |
1078 | * for the key. Most PKCS #11 modules fail if you specify the CKA_VALUE_LEN |
1079 | * attribute for keys with fixed length. The exception is DES2. If you |
1080 | * select a CKM_DES3_CBC mechanism, this code will not add the CKA_VALUE_LEN |
1081 | * parameter and use the key size to determine which underlying DES keygen |
1082 | * function to use (CKM_DES2_KEY_GEN or CKM_DES3_KEY_GEN). |
1083 | * |
1084 | * CK_FLAGS flags: key operation flags |
1085 | * PK11AttrFlags attrFlags: PK11_ATTR_XXX key attribute flags |
1086 | */ |
1087 | PK11SymKey * |
1088 | PK11_TokenKeyGenWithFlags(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, |
1089 | SECItem *param, int keySize, SECItem *keyid, CK_FLAGS opFlags, |
1090 | PK11AttrFlags attrFlags, void *wincx) |
1091 | { |
1092 | return pk11_TokenKeyGenWithFlagsAndKeyType(slot, type, param, -1, keySize, |
1093 | keyid, opFlags, attrFlags, wincx); |
1094 | } |
1095 | |
1096 | /* |
1097 | * Use the token to generate a key. keySize must be 'zero' for fixed key |
1098 | * length algorithms. A nonzero keySize causes the CKA_VALUE_LEN attribute |
1099 | * to be added to the template for the key. PKCS #11 modules fail if you |
1100 | * specify the CKA_VALUE_LEN attribute for keys with fixed length. |
1101 | * NOTE: this means to generate a DES2 key from this interface you must |
1102 | * specify CKM_DES2_KEY_GEN as the mechanism directly; specifying |
1103 | * CKM_DES3_CBC as the mechanism and 16 as keySize currently doesn't work. |
1104 | */ |
1105 | PK11SymKey * |
1106 | PK11_TokenKeyGen(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, SECItem *param, |
1107 | int keySize, SECItem *keyid, PRBool isToken, void *wincx) |
1108 | { |
1109 | PK11SymKey *symKey; |
1110 | PRBool weird = PR_FALSE0; /* hack for fortezza */ |
1111 | CK_FLAGS opFlags = CKF_SIGN0x00000800UL; |
1112 | PK11AttrFlags attrFlags = 0; |
1113 | |
1114 | if ((keySize == -1) && (type == CKM_SKIPJACK_CBC640x00001002UL)) { |
1115 | weird = PR_TRUE1; |
1116 | keySize = 0; |
1117 | } |
1118 | |
1119 | opFlags |= weird ? CKF_DECRYPT0x00000200UL : CKF_ENCRYPT0x00000100UL; |
1120 | |
1121 | if (isToken) { |
1122 | attrFlags |= (PK11_ATTR_TOKEN0x00000001L | PK11_ATTR_PRIVATE0x00000004L); |
1123 | } |
1124 | |
1125 | symKey = pk11_TokenKeyGenWithFlagsAndKeyType(slot, type, param, |
1126 | -1, keySize, keyid, opFlags, attrFlags, wincx); |
1127 | if (symKey && weird) { |
1128 | PK11_SetFortezzaHack(symKey); |
1129 | } |
1130 | |
1131 | return symKey; |
1132 | } |
1133 | |
1134 | PK11SymKey * |
1135 | PK11_KeyGen(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, SECItem *param, |
1136 | int keySize, void *wincx) |
1137 | { |
1138 | return PK11_TokenKeyGen(slot, type, param, keySize, 0, PR_FALSE0, wincx); |
1139 | } |
1140 | |
1141 | PK11SymKey * |
1142 | PK11_KeyGenWithTemplate(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, |
1143 | CK_MECHANISM_TYPE keyGenType, |
1144 | SECItem *param, CK_ATTRIBUTE *attrs, |
1145 | unsigned int attrsCount, void *wincx) |
1146 | { |
1147 | PK11SymKey *symKey; |
1148 | CK_SESSION_HANDLE session; |
1149 | CK_MECHANISM mechanism; |
1150 | CK_RV crv; |
1151 | PRBool isToken = CK_FALSE0; |
1152 | CK_ULONG keySize = 0; |
1153 | unsigned i; |
1154 | |
1155 | /* Extract the template's CKA_VALUE_LEN into keySize and CKA_TOKEN into |
1156 | isToken. */ |
1157 | for (i = 0; i < attrsCount; ++i) { |
1158 | switch (attrs[i].type) { |
1159 | case CKA_VALUE_LEN0x00000161UL: |
1160 | if (attrs[i].pValue == NULL((void*)0) || |
1161 | attrs[i].ulValueLen != sizeof(CK_ULONG)) { |
1162 | PORT_SetErrorPORT_SetError_Util(PK11_MapError(CKR_TEMPLATE_INCONSISTENT0x000000D1UL)); |
1163 | return NULL((void*)0); |
1164 | } |
1165 | keySize = *(CK_ULONG *)attrs[i].pValue; |
1166 | break; |
1167 | case CKA_TOKEN0x00000001UL: |
1168 | if (attrs[i].pValue == NULL((void*)0) || |
1169 | attrs[i].ulValueLen != sizeof(CK_BBOOL)) { |
1170 | PORT_SetErrorPORT_SetError_Util(PK11_MapError(CKR_TEMPLATE_INCONSISTENT0x000000D1UL)); |
1171 | return NULL((void*)0); |
1172 | } |
1173 | isToken = (*(CK_BBOOL *)attrs[i].pValue) ? PR_TRUE1 : PR_FALSE0; |
1174 | break; |
1175 | } |
1176 | } |
1177 | |
1178 | /* find a slot to generate the key into */ |
1179 | /* Only do slot management if this is not a token key */ |
1180 | if (!isToken && (slot == NULL((void*)0) || !PK11_DoesMechanism(slot, type))) { |
1181 | PK11SlotInfo *bestSlot = PK11_GetBestSlot(type, wincx); |
1182 | if (bestSlot == NULL((void*)0)) { |
1183 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MODULE); |
1184 | return NULL((void*)0); |
1185 | } |
1186 | symKey = pk11_CreateSymKey(bestSlot, type, !isToken, PR_TRUE1, wincx); |
1187 | PK11_FreeSlot(bestSlot); |
1188 | } else { |
1189 | symKey = pk11_CreateSymKey(slot, type, !isToken, PR_TRUE1, wincx); |
1190 | } |
1191 | if (symKey == NULL((void*)0)) |
1192 | return NULL((void*)0); |
1193 | |
1194 | symKey->size = keySize; |
1195 | symKey->origin = PK11_OriginGenerated; |
1196 | |
1197 | /* Set the parameters for the key gen if provided */ |
1198 | mechanism.mechanism = keyGenType; |
1199 | mechanism.pParameter = NULL((void*)0); |
1200 | mechanism.ulParameterLen = 0; |
1201 | if (param) { |
1202 | mechanism.pParameter = param->data; |
1203 | mechanism.ulParameterLen = param->len; |
1204 | } |
1205 | |
1206 | /* Get session and perform locking */ |
1207 | if (isToken) { |
1208 | PK11_Authenticate(symKey->slot, PR_TRUE1, wincx); |
1209 | /* Should always be original slot */ |
1210 | session = PK11_GetRWSession(symKey->slot); |
1211 | symKey->owner = PR_FALSE0; |
1212 | } else { |
1213 | session = symKey->session; |
1214 | if (session != CK_INVALID_HANDLE0) |
1215 | pk11_EnterKeyMonitor(symKey); |
1216 | } |
1217 | if (session == CK_INVALID_HANDLE0) { |
1218 | PK11_FreeSymKey(symKey); |
1219 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_BAD_DATA); |
1220 | return NULL((void*)0); |
1221 | } |
1222 | |
1223 | crv = PK11_GETTAB(symKey->slot)((CK_FUNCTION_LIST_3_0_PTR)((symKey->slot)->functionList ))->C_GenerateKey(session, &mechanism, attrs, attrsCount, &symKey->objectID); |
1224 | |
1225 | /* Release lock and session */ |
1226 | if (isToken) { |
1227 | PK11_RestoreROSession(symKey->slot, session); |
1228 | } else { |
1229 | pk11_ExitKeyMonitor(symKey); |
1230 | } |
1231 | |
1232 | if (crv != CKR_OK0x00000000UL) { |
1233 | PK11_FreeSymKey(symKey); |
1234 | PORT_SetErrorPORT_SetError_Util(PK11_MapError(crv)); |
1235 | return NULL((void*)0); |
1236 | } |
1237 | |
1238 | return symKey; |
1239 | } |
1240 | |
1241 | /* --- */ |
1242 | PK11SymKey * |
1243 | PK11_GenDES3TokenKey(PK11SlotInfo *slot, SECItem *keyid, void *cx) |
1244 | { |
1245 | return PK11_TokenKeyGen(slot, CKM_DES3_CBC0x00000133UL, 0, 0, keyid, PR_TRUE1, cx); |
1246 | } |
1247 | |
1248 | PK11SymKey * |
1249 | PK11_ConvertSessionSymKeyToTokenSymKey(PK11SymKey *symk, void *wincx) |
1250 | { |
1251 | PK11SlotInfo *slot = symk->slot; |
1252 | CK_ATTRIBUTE template[1]; |
1253 | CK_ATTRIBUTE *attrs = template; |
1254 | CK_BBOOL cktrue = CK_TRUE1; |
1255 | CK_RV crv; |
1256 | CK_OBJECT_HANDLE newKeyID; |
1257 | CK_SESSION_HANDLE rwsession; |
1258 | |
1259 | PK11_SETATTRS(attrs, CKA_TOKEN, &cktrue, sizeof(cktrue))(attrs)->type = (0x00000001UL); (attrs)->pValue = (& cktrue); (attrs)->ulValueLen = (sizeof(cktrue));; |
1260 | attrs++; |
1261 | |
1262 | PK11_Authenticate(slot, PR_TRUE1, wincx); |
1263 | rwsession = PK11_GetRWSession(slot); |
1264 | if (rwsession == CK_INVALID_HANDLE0) { |
1265 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_BAD_DATA); |
1266 | return NULL((void*)0); |
1267 | } |
1268 | crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_CopyObject(rwsession, symk->objectID, |
1269 | template, 1, &newKeyID); |
1270 | PK11_RestoreROSession(slot, rwsession); |
1271 | |
1272 | if (crv != CKR_OK0x00000000UL) { |
1273 | PORT_SetErrorPORT_SetError_Util(PK11_MapError(crv)); |
1274 | return NULL((void*)0); |
1275 | } |
1276 | |
1277 | return PK11_SymKeyFromHandle(slot, NULL((void*)0) /*parent*/, symk->origin, |
1278 | symk->type, newKeyID, PR_FALSE0 /*owner*/, NULL((void*)0) /*wincx*/); |
1279 | } |
1280 | |
1281 | /* This function does a straight public key wrap with the CKM_RSA_PKCS |
1282 | * mechanism. */ |
1283 | SECStatus |
1284 | PK11_PubWrapSymKey(CK_MECHANISM_TYPE type, SECKEYPublicKey *pubKey, |
1285 | PK11SymKey *symKey, SECItem *wrappedKey) |
1286 | { |
1287 | CK_MECHANISM_TYPE inferred = pk11_mapWrapKeyType(pubKey->keyType); |
1288 | return PK11_PubWrapSymKeyWithMechanism(pubKey, inferred, NULL((void*)0), symKey, |
1289 | wrappedKey); |
1290 | } |
1291 | |
1292 | /* This function wraps a symmetric key with a public key, such as with the |
1293 | * CKM_RSA_PKCS and CKM_RSA_PKCS_OAEP mechanisms. */ |
1294 | SECStatus |
1295 | PK11_PubWrapSymKeyWithMechanism(SECKEYPublicKey *pubKey, |
1296 | CK_MECHANISM_TYPE mechType, SECItem *param, |
1297 | PK11SymKey *symKey, SECItem *wrappedKey) |
1298 | { |
1299 | PK11SlotInfo *slot; |
1300 | CK_ULONG len = wrappedKey->len; |
1301 | PK11SymKey *newKey = NULL((void*)0); |
1302 | CK_OBJECT_HANDLE id; |
1303 | CK_MECHANISM mechanism; |
1304 | PRBool owner = PR_TRUE1; |
1305 | CK_SESSION_HANDLE session; |
1306 | CK_RV crv; |
1307 | |
1308 | if (symKey == NULL((void*)0)) { |
1309 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); |
1310 | return SECFailure; |
1311 | } |
1312 | |
1313 | /* if this slot doesn't support the mechanism, go to a slot that does */ |
1314 | newKey = pk11_ForceSlot(symKey, mechType, CKA_ENCRYPT0x00000104UL); |
1315 | if (newKey != NULL((void*)0)) { |
1316 | symKey = newKey; |
1317 | } |
1318 | |
1319 | if (symKey->slot == NULL((void*)0)) { |
1320 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MODULE); |
1321 | return SECFailure; |
1322 | } |
1323 | |
1324 | slot = symKey->slot; |
1325 | |
1326 | mechanism.mechanism = mechType; |
1327 | if (param == NULL((void*)0)) { |
1328 | mechanism.pParameter = NULL((void*)0); |
1329 | mechanism.ulParameterLen = 0; |
1330 | } else { |
1331 | mechanism.pParameter = param->data; |
1332 | mechanism.ulParameterLen = param->len; |
1333 | } |
1334 | |
1335 | id = PK11_ImportPublicKey(slot, pubKey, PR_FALSE0); |
1336 | if (id == CK_INVALID_HANDLE0) { |
1337 | if (newKey) { |
1338 | PK11_FreeSymKey(newKey); |
1339 | } |
1340 | return SECFailure; /* Error code has been set. */ |
1341 | } |
1342 | |
1343 | session = pk11_GetNewSession(slot, &owner); |
1344 | if (!owner || !(slot->isThreadSafe)) |
1345 | PK11_EnterSlotMonitor(slot); |
1346 | crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_WrapKey(session, &mechanism, |
1347 | id, symKey->objectID, wrappedKey->data, &len); |
1348 | if (!owner || !(slot->isThreadSafe)) |
1349 | PK11_ExitSlotMonitor(slot); |
1350 | pk11_CloseSession(slot, session, owner); |
1351 | if (newKey) { |
1352 | PK11_FreeSymKey(newKey); |
1353 | } |
1354 | |
1355 | if (crv != CKR_OK0x00000000UL) { |
1356 | PORT_SetErrorPORT_SetError_Util(PK11_MapError(crv)); |
1357 | return SECFailure; |
1358 | } |
1359 | wrappedKey->len = len; |
1360 | return SECSuccess; |
1361 | } |
1362 | |
1363 | /* |
1364 | * this little function uses the Encrypt function to wrap a key, just in |
1365 | * case we have problems with the wrap implementation for a token. |
1366 | */ |
1367 | static SECStatus |
1368 | pk11_HandWrap(PK11SymKey *wrappingKey, SECItem *param, CK_MECHANISM_TYPE type, |
1369 | SECItem *inKey, SECItem *outKey) |
1370 | { |
1371 | PK11SlotInfo *slot; |
1372 | CK_ULONG len; |
1373 | SECItem *data; |
1374 | CK_MECHANISM mech; |
1375 | PRBool owner = PR_TRUE1; |
1376 | CK_SESSION_HANDLE session; |
1377 | CK_RV crv; |
1378 | |
1379 | slot = wrappingKey->slot; |
1380 | /* use NULL IV's for wrapping */ |
1381 | mech.mechanism = type; |
1382 | if (param) { |
1383 | mech.pParameter = param->data; |
1384 | mech.ulParameterLen = param->len; |
1385 | } else { |
1386 | mech.pParameter = NULL((void*)0); |
1387 | mech.ulParameterLen = 0; |
1388 | } |
1389 | session = pk11_GetNewSession(slot, &owner); |
1390 | if (!owner || !(slot->isThreadSafe)) |
1391 | PK11_EnterSlotMonitor(slot); |
1392 | crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_EncryptInit(session, &mech, |
1393 | wrappingKey->objectID); |
1394 | if (crv != CKR_OK0x00000000UL) { |
1395 | if (!owner || !(slot->isThreadSafe)) |
1396 | PK11_ExitSlotMonitor(slot); |
1397 | pk11_CloseSession(slot, session, owner); |
1398 | PORT_SetErrorPORT_SetError_Util(PK11_MapError(crv)); |
1399 | return SECFailure; |
1400 | } |
1401 | |
1402 | /* keys are almost always aligned, but if we get this far, |
1403 | * we've gone above and beyond anyway... */ |
1404 | data = PK11_BlockData(inKey, PK11_GetBlockSize(type, param)); |
1405 | if (data == NULL((void*)0)) { |
1406 | if (!owner || !(slot->isThreadSafe)) |
1407 | PK11_ExitSlotMonitor(slot); |
1408 | pk11_CloseSession(slot, session, owner); |
1409 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY); |
1410 | return SECFailure; |
1411 | } |
1412 | len = outKey->len; |
1413 | crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_Encrypt(session, data->data, data->len, |
1414 | outKey->data, &len); |
1415 | if (!owner || !(slot->isThreadSafe)) |
1416 | PK11_ExitSlotMonitor(slot); |
1417 | pk11_CloseSession(slot, session, owner); |
1418 | SECITEM_FreeItemSECITEM_FreeItem_Util(data, PR_TRUE1); |
1419 | outKey->len = len; |
1420 | if (crv != CKR_OK0x00000000UL) { |
1421 | PORT_SetErrorPORT_SetError_Util(PK11_MapError(crv)); |
1422 | return SECFailure; |
1423 | } |
1424 | return SECSuccess; |
1425 | } |
1426 | |
1427 | /* |
1428 | * helper function which moves two keys into a new slot based on the |
1429 | * desired mechanism. |
1430 | */ |
1431 | static SECStatus |
1432 | pk11_moveTwoKeys(CK_MECHANISM_TYPE mech, |
1433 | CK_ATTRIBUTE_TYPE preferedOperation, |
1434 | CK_ATTRIBUTE_TYPE movingOperation, |
1435 | PK11SymKey *preferedKey, PK11SymKey *movingKey, |
1436 | PK11SymKey **newPreferedKey, PK11SymKey **newMovingKey) |
1437 | { |
1438 | PK11SlotInfo *newSlot; |
1439 | *newMovingKey = NULL((void*)0); |
1440 | *newPreferedKey = NULL((void*)0); |
1441 | |
1442 | newSlot = PK11_GetBestSlot(mech, preferedKey->cx); |
1443 | if (newSlot == NULL((void*)0)) { |
1444 | return SECFailure; |
1445 | } |
1446 | *newMovingKey = pk11_CopyToSlot(newSlot, movingKey->type, |
1447 | movingOperation, movingKey); |
1448 | if (*newMovingKey == NULL((void*)0)) { |
1449 | goto loser; |
1450 | } |
1451 | *newPreferedKey = pk11_CopyToSlot(newSlot, preferedKey->type, |
1452 | preferedOperation, preferedKey); |
1453 | if (*newPreferedKey == NULL((void*)0)) { |
1454 | goto loser; |
1455 | } |
1456 | |
1457 | PK11_FreeSlot(newSlot); |
1458 | return SECSuccess; |
1459 | loser: |
1460 | PK11_FreeSlot(newSlot); |
1461 | PK11_FreeSymKey(*newMovingKey); |
1462 | PK11_FreeSymKey(*newPreferedKey); |
1463 | *newMovingKey = NULL((void*)0); |
1464 | *newPreferedKey = NULL((void*)0); |
1465 | return SECFailure; |
1466 | } |
1467 | |
1468 | /* |
1469 | * To do joint operations, we often need two keys in the same slot. |
1470 | * Usually the PKCS #11 wrappers handle this correctly (like for PK11_WrapKey), |
1471 | * but sometimes the wrappers don't know about mechanism specific keys in |
1472 | * the Mechanism params. This function makes sure the two keys are in the |
1473 | * same slot by copying one or both of the keys into a common slot. This |
1474 | * functions makes sure the slot can handle the target mechanism. If the copy |
1475 | * is warranted, this function will prefer to move the movingKey first, then |
1476 | * the preferedKey. If the keys are moved, the new keys are returned in |
1477 | * newMovingKey and/or newPreferedKey. The application is responsible |
1478 | * for freeing those keys once the operation is complete. |
1479 | */ |
1480 | SECStatus |
1481 | PK11_SymKeysToSameSlot(CK_MECHANISM_TYPE mech, |
1482 | CK_ATTRIBUTE_TYPE preferedOperation, |
1483 | CK_ATTRIBUTE_TYPE movingOperation, |
1484 | PK11SymKey *preferedKey, PK11SymKey *movingKey, |
1485 | PK11SymKey **newPreferedKey, PK11SymKey **newMovingKey) |
1486 | { |
1487 | /* usually don't return new keys */ |
1488 | *newMovingKey = NULL((void*)0); |
1489 | *newPreferedKey = NULL((void*)0); |
1490 | if (movingKey->slot == preferedKey->slot) { |
1491 | |
1492 | /* this should be the most common case */ |
1493 | if ((preferedKey->slot != NULL((void*)0)) && |
1494 | PK11_DoesMechanism(preferedKey->slot, mech)) { |
1495 | return SECSuccess; |
1496 | } |
1497 | |
1498 | /* we are in the same slot, but it doesn't do the operation, |
1499 | * move both keys to an appropriate target slot */ |
1500 | return pk11_moveTwoKeys(mech, preferedOperation, movingOperation, |
1501 | preferedKey, movingKey, |
1502 | newPreferedKey, newMovingKey); |
1503 | } |
1504 | |
1505 | /* keys are in different slot, try moving the moving key to the prefered |
1506 | * key's slot */ |
1507 | if ((preferedKey->slot != NULL((void*)0)) && |
1508 | PK11_DoesMechanism(preferedKey->slot, mech)) { |
1509 | *newMovingKey = pk11_CopyToSlot(preferedKey->slot, movingKey->type, |
1510 | movingOperation, movingKey); |
1511 | if (*newMovingKey != NULL((void*)0)) { |
1512 | return SECSuccess; |
1513 | } |
1514 | } |
1515 | /* couldn't moving the moving key to the prefered slot, try moving |
1516 | * the prefered key */ |
1517 | if ((movingKey->slot != NULL((void*)0)) && |
1518 | PK11_DoesMechanism(movingKey->slot, mech)) { |
1519 | *newPreferedKey = pk11_CopyToSlot(movingKey->slot, preferedKey->type, |
1520 | preferedOperation, preferedKey); |
1521 | if (*newPreferedKey != NULL((void*)0)) { |
1522 | return SECSuccess; |
1523 | } |
1524 | } |
1525 | /* Neither succeeded, but that could be that they were not in slots that |
1526 | * supported the operation, try moving both keys into a common slot that |
1527 | * can do the operation. */ |
1528 | return pk11_moveTwoKeys(mech, preferedOperation, movingOperation, |
1529 | preferedKey, movingKey, |
1530 | newPreferedKey, newMovingKey); |
1531 | } |
1532 | |
1533 | /* |
1534 | * This function does a symetric based wrap. |
1535 | */ |
1536 | SECStatus |
1537 | PK11_WrapSymKey(CK_MECHANISM_TYPE type, SECItem *param, |
1538 | PK11SymKey *wrappingKey, PK11SymKey *symKey, |
1539 | SECItem *wrappedKey) |
1540 | { |
1541 | PK11SlotInfo *slot; |
1542 | CK_ULONG len = wrappedKey->len; |
1543 | PK11SymKey *newSymKey = NULL((void*)0); |
1544 | PK11SymKey *newWrappingKey = NULL((void*)0); |
1545 | SECItem *param_save = NULL((void*)0); |
1546 | CK_MECHANISM mechanism; |
1547 | PRBool owner = PR_TRUE1; |
1548 | CK_SESSION_HANDLE session; |
1549 | CK_RV crv; |
1550 | SECStatus rv; |
1551 | |
1552 | /* force the keys into same slot */ |
1553 | rv = PK11_SymKeysToSameSlot(type, CKA_ENCRYPT0x00000104UL, CKA_WRAP0x00000106UL, |
1554 | symKey, wrappingKey, |
1555 | &newSymKey, &newWrappingKey); |
1556 | if (rv != SECSuccess) { |
1557 | /* Couldn't move the keys as desired, try to hand unwrap if possible */ |
1558 | if (symKey->data.data == NULL((void*)0)) { |
1559 | rv = PK11_ExtractKeyValue(symKey); |
1560 | if (rv != SECSuccess) { |
1561 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MODULE); |
1562 | return SECFailure; |
1563 | } |
1564 | } |
1565 | if (param == NULL((void*)0)) { |
1566 | param_save = param = PK11_ParamFromIV(type, NULL((void*)0)); |
1567 | } |
1568 | rv = pk11_HandWrap(wrappingKey, param, type, &symKey->data, wrappedKey); |
1569 | if (param_save) |
1570 | SECITEM_FreeItemSECITEM_FreeItem_Util(param_save, PR_TRUE1); |
1571 | return rv; |
1572 | } |
1573 | if (newSymKey) { |
1574 | symKey = newSymKey; |
1575 | } |
1576 | if (newWrappingKey) { |
1577 | wrappingKey = newWrappingKey; |
1578 | } |
1579 | |
1580 | /* at this point both keys are in the same token */ |
1581 | slot = wrappingKey->slot; |
1582 | mechanism.mechanism = type; |
1583 | /* use NULL IV's for wrapping */ |
1584 | if (param == NULL((void*)0)) { |
1585 | param_save = param = PK11_ParamFromIV(type, NULL((void*)0)); |
1586 | } |
1587 | if (param) { |
1588 | mechanism.pParameter = param->data; |
1589 | mechanism.ulParameterLen = param->len; |
1590 | } else { |
1591 | mechanism.pParameter = NULL((void*)0); |
1592 | mechanism.ulParameterLen = 0; |
1593 | } |
1594 | |
1595 | len = wrappedKey->len; |
1596 | |
1597 | session = pk11_GetNewSession(slot, &owner); |
1598 | if (!owner || !(slot->isThreadSafe)) |
1599 | PK11_EnterSlotMonitor(slot); |
1600 | crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_WrapKey(session, &mechanism, |
1601 | wrappingKey->objectID, symKey->objectID, |
1602 | wrappedKey->data, &len); |
1603 | if (!owner || !(slot->isThreadSafe)) |
1604 | PK11_ExitSlotMonitor(slot); |
1605 | pk11_CloseSession(slot, session, owner); |
1606 | rv = SECSuccess; |
1607 | if (crv != CKR_OK0x00000000UL) { |
1608 | /* can't wrap it? try hand wrapping it... */ |
1609 | do { |
1610 | if (symKey->data.data == NULL((void*)0)) { |
1611 | rv = PK11_ExtractKeyValue(symKey); |
1612 | if (rv != SECSuccess) |
1613 | break; |
1614 | } |
1615 | rv = pk11_HandWrap(wrappingKey, param, type, &symKey->data, |
1616 | wrappedKey); |
1617 | } while (PR_FALSE0); |
1618 | } else { |
1619 | wrappedKey->len = len; |
1620 | } |
1621 | PK11_FreeSymKey(newSymKey); |
1622 | PK11_FreeSymKey(newWrappingKey); |
1623 | if (param_save) |
1624 | SECITEM_FreeItemSECITEM_FreeItem_Util(param_save, PR_TRUE1); |
1625 | return rv; |
1626 | } |
1627 | |
1628 | /* |
1629 | * This Generates a new key based on a symetricKey |
1630 | */ |
1631 | PK11SymKey * |
1632 | PK11_Derive(PK11SymKey *baseKey, CK_MECHANISM_TYPE derive, SECItem *param, |
1633 | CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, |
1634 | int keySize) |
1635 | { |
1636 | return PK11_DeriveWithTemplate(baseKey, derive, param, target, operation, |
1637 | keySize, NULL((void*)0), 0, PR_FALSE0); |
1638 | } |
1639 | |
1640 | PK11SymKey * |
1641 | PK11_DeriveWithFlags(PK11SymKey *baseKey, CK_MECHANISM_TYPE derive, |
1642 | SECItem *param, CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, |
1643 | int keySize, CK_FLAGS flags) |
1644 | { |
1645 | CK_BBOOL ckTrue = CK_TRUE1; |
1646 | CK_ATTRIBUTE keyTemplate[MAX_TEMPL_ATTRS16]; |
1647 | unsigned int templateCount; |
1648 | |
1649 | templateCount = pk11_OpFlagsToAttributes(flags, keyTemplate, &ckTrue); |
1650 | return PK11_DeriveWithTemplate(baseKey, derive, param, target, operation, |
1651 | keySize, keyTemplate, templateCount, PR_FALSE0); |
1652 | } |
1653 | |
1654 | PK11SymKey * |
1655 | PK11_DeriveWithFlagsPerm(PK11SymKey *baseKey, CK_MECHANISM_TYPE derive, |
1656 | SECItem *param, CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, |
1657 | int keySize, CK_FLAGS flags, PRBool isPerm) |
1658 | { |
1659 | CK_BBOOL cktrue = CK_TRUE1; |
1660 | CK_ATTRIBUTE keyTemplate[MAX_TEMPL_ATTRS16]; |
1661 | CK_ATTRIBUTE *attrs; |
1662 | unsigned int templateCount = 0; |
1663 | |
1664 | attrs = keyTemplate; |
1665 | if (isPerm) { |
1666 | PK11_SETATTRS(attrs, CKA_TOKEN, &cktrue, sizeof(CK_BBOOL))(attrs)->type = (0x00000001UL); (attrs)->pValue = (& cktrue); (attrs)->ulValueLen = (sizeof(CK_BBOOL));; |
1667 | attrs++; |
1668 | } |
1669 | templateCount = attrs - keyTemplate; |
1670 | templateCount += pk11_OpFlagsToAttributes(flags, attrs, &cktrue); |
1671 | return PK11_DeriveWithTemplate(baseKey, derive, param, target, operation, |
1672 | keySize, keyTemplate, templateCount, isPerm); |
1673 | } |
1674 | |
1675 | PK11SymKey * |
1676 | PK11_DeriveWithTemplate(PK11SymKey *baseKey, CK_MECHANISM_TYPE derive, |
1677 | SECItem *param, CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, |
1678 | int keySize, CK_ATTRIBUTE *userAttr, unsigned int numAttrs, |
1679 | PRBool isPerm) |
1680 | { |
1681 | PK11SlotInfo *slot = baseKey->slot; |
1682 | PK11SymKey *symKey; |
1683 | PK11SymKey *newBaseKey = NULL((void*)0); |
1684 | CK_BBOOL cktrue = CK_TRUE1; |
1685 | CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY0x00000004UL; |
1686 | CK_KEY_TYPE keyType = CKK_GENERIC_SECRET0x00000010UL; |
1687 | CK_ULONG valueLen = 0; |
1688 | CK_MECHANISM mechanism; |
1689 | CK_RV crv; |
1690 | #define MAX_ADD_ATTRS 4 |
1691 | CK_ATTRIBUTE keyTemplate[MAX_TEMPL_ATTRS16 + MAX_ADD_ATTRS]; |
1692 | #undef MAX_ADD_ATTRS |
1693 | CK_ATTRIBUTE *attrs = keyTemplate; |
1694 | CK_SESSION_HANDLE session; |
1695 | unsigned int templateCount; |
1696 | |
1697 | if (numAttrs > MAX_TEMPL_ATTRS16) { |
1698 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); |
1699 | return NULL((void*)0); |
1700 | } |
1701 | /* CKA_NSS_MESSAGE is a fake operation to distinguish between |
1702 | * Normal Encrypt/Decrypt and MessageEncrypt/Decrypt. Don't try to set |
1703 | * it as a real attribute */ |
1704 | if ((operation & CKA_NSS_MESSAGE_MASK0xff000000L) == CKA_NSS_MESSAGE0x82000000L) { |
1705 | /* Message is or'd with a real Attribute (CKA_ENCRYPT, CKA_DECRYPT), |
1706 | * etc. Strip out the real attribute here */ |
1707 | operation &= ~CKA_NSS_MESSAGE_MASK0xff000000L; |
1708 | } |
1709 | |
1710 | /* first copy caller attributes in. */ |
1711 | for (templateCount = 0; templateCount < numAttrs; ++templateCount) { |
1712 | *attrs++ = *userAttr++; |
1713 | } |
1714 | |
1715 | /* We only add the following attributes to the template if the caller |
1716 | ** didn't already supply them. |
1717 | */ |
1718 | if (!pk11_FindAttrInTemplate(keyTemplate, numAttrs, CKA_CLASS0x00000000UL)) { |
1719 | PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, sizeof keyClass)(attrs)->type = (0x00000000UL); (attrs)->pValue = (& keyClass); (attrs)->ulValueLen = (sizeof keyClass);; |
1720 | attrs++; |
1721 | } |
1722 | if (!pk11_FindAttrInTemplate(keyTemplate, numAttrs, CKA_KEY_TYPE0x00000100UL)) { |
1723 | keyType = PK11_GetKeyType(target, keySize); |
1724 | PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof keyType)(attrs)->type = (0x00000100UL); (attrs)->pValue = (& keyType); (attrs)->ulValueLen = (sizeof keyType);; |
1725 | attrs++; |
1726 | } |
1727 | if (keySize > 0 && |
1728 | !pk11_FindAttrInTemplate(keyTemplate, numAttrs, CKA_VALUE_LEN0x00000161UL)) { |
1729 | valueLen = (CK_ULONG)keySize; |
1730 | PK11_SETATTRS(attrs, CKA_VALUE_LEN, &valueLen, sizeof valueLen)(attrs)->type = (0x00000161UL); (attrs)->pValue = (& valueLen); (attrs)->ulValueLen = (sizeof valueLen);; |
1731 | attrs++; |
1732 | } |
1733 | if ((operation != CKA_FLAGS_ONLY0) && |
1734 | !pk11_FindAttrInTemplate(keyTemplate, numAttrs, operation)) { |
1735 | PK11_SETATTRS(attrs, operation, &cktrue, sizeof cktrue)(attrs)->type = (operation); (attrs)->pValue = (&cktrue ); (attrs)->ulValueLen = (sizeof cktrue);; |
1736 | attrs++; |
1737 | } |
1738 | |
1739 | templateCount = attrs - keyTemplate; |
1740 | PR_ASSERT(templateCount <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE))((templateCount <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE ))?((void)0):PR_Assert("templateCount <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE)" ,"pk11skey.c",1740)); |
1741 | |
1742 | /* move the key to a slot that can do the function */ |
1743 | if (!PK11_DoesMechanism(slot, derive)) { |
1744 | /* get a new base key & slot */ |
1745 | PK11SlotInfo *newSlot = PK11_GetBestSlot(derive, baseKey->cx); |
1746 | |
1747 | if (newSlot == NULL((void*)0)) |
1748 | return NULL((void*)0); |
1749 | |
1750 | newBaseKey = pk11_CopyToSlot(newSlot, derive, CKA_DERIVE0x0000010CUL, |
1751 | baseKey); |
1752 | PK11_FreeSlot(newSlot); |
1753 | if (newBaseKey == NULL((void*)0)) |
1754 | return NULL((void*)0); |
1755 | baseKey = newBaseKey; |
1756 | slot = baseKey->slot; |
1757 | } |
1758 | |
1759 | /* get our key Structure */ |
1760 | symKey = pk11_CreateSymKey(slot, target, !isPerm, PR_TRUE1, baseKey->cx); |
1761 | if (symKey == NULL((void*)0)) { |
1762 | return NULL((void*)0); |
1763 | } |
1764 | |
1765 | symKey->size = keySize; |
1766 | |
1767 | mechanism.mechanism = derive; |
1768 | if (param) { |
1769 | mechanism.pParameter = param->data; |
1770 | mechanism.ulParameterLen = param->len; |
1771 | } else { |
1772 | mechanism.pParameter = NULL((void*)0); |
1773 | mechanism.ulParameterLen = 0; |
1774 | } |
1775 | symKey->origin = PK11_OriginDerive; |
1776 | |
1777 | if (isPerm) { |
1778 | session = PK11_GetRWSession(slot); |
1779 | } else { |
1780 | pk11_EnterKeyMonitor(symKey); |
1781 | session = symKey->session; |
1782 | } |
1783 | if (session == CK_INVALID_HANDLE0) { |
1784 | if (!isPerm) |
1785 | pk11_ExitKeyMonitor(symKey); |
1786 | crv = CKR_SESSION_HANDLE_INVALID0x000000B3UL; |
1787 | } else { |
1788 | crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_DeriveKey(session, &mechanism, |
1789 | baseKey->objectID, keyTemplate, templateCount, &symKey->objectID); |
1790 | if (isPerm) { |
1791 | PK11_RestoreROSession(slot, session); |
1792 | } else { |
1793 | pk11_ExitKeyMonitor(symKey); |
1794 | } |
1795 | } |
1796 | if (newBaseKey) |
1797 | PK11_FreeSymKey(newBaseKey); |
1798 | if (crv != CKR_OK0x00000000UL) { |
1799 | PK11_FreeSymKey(symKey); |
1800 | PORT_SetErrorPORT_SetError_Util(PK11_MapError(crv)); |
1801 | return NULL((void*)0); |
1802 | } |
1803 | return symKey; |
1804 | } |
1805 | |
1806 | /* Create a new key by concatenating base and data |
1807 | */ |
1808 | static PK11SymKey * |
1809 | pk11_ConcatenateBaseAndData(PK11SymKey *base, |
1810 | CK_BYTE *data, CK_ULONG dataLen, CK_MECHANISM_TYPE target, |
1811 | CK_ATTRIBUTE_TYPE operation) |
1812 | { |
1813 | CK_KEY_DERIVATION_STRING_DATA mechParams; |
1814 | SECItem param; |
1815 | |
1816 | if (base == NULL((void*)0)) { |
1817 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); |
1818 | return NULL((void*)0); |
1819 | } |
1820 | |
1821 | mechParams.pData = data; |
1822 | mechParams.ulLen = dataLen; |
1823 | param.data = (unsigned char *)&mechParams; |
1824 | param.len = sizeof(CK_KEY_DERIVATION_STRING_DATA); |
1825 | |
1826 | return PK11_Derive(base, CKM_CONCATENATE_BASE_AND_DATA0x00000362UL, |
1827 | ¶m, target, operation, 0); |
1828 | } |
1829 | |
1830 | /* Create a new key by concatenating base and key |
1831 | */ |
1832 | static PK11SymKey * |
1833 | pk11_ConcatenateBaseAndKey(PK11SymKey *base, |
1834 | PK11SymKey *key, CK_MECHANISM_TYPE target, |
1835 | CK_ATTRIBUTE_TYPE operation, CK_ULONG keySize) |
1836 | { |
1837 | SECItem param; |
1838 | |
1839 | if ((base == NULL((void*)0)) || (key == NULL((void*)0))) { |
1840 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); |
1841 | return NULL((void*)0); |
1842 | } |
1843 | |
1844 | param.data = (unsigned char *)&(key->objectID); |
1845 | param.len = sizeof(CK_OBJECT_HANDLE); |
1846 | |
1847 | return PK11_Derive(base, CKM_CONCATENATE_BASE_AND_KEY0x00000360UL, |
1848 | ¶m, target, operation, keySize); |
1849 | } |
1850 | |
1851 | PK11SymKey * |
1852 | PK11_ConcatSymKeys(PK11SymKey *left, PK11SymKey *right, CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation) |
1853 | { |
1854 | PK11SymKey *out = NULL((void*)0); |
1855 | PK11SymKey *copyOfLeft = NULL((void*)0); |
1856 | PK11SymKey *copyOfRight = NULL((void*)0); |
1857 | |
1858 | if ((left == NULL((void*)0)) || (right == NULL((void*)0))) { |
1859 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); |
1860 | return NULL((void*)0); |
1861 | } |
1862 | |
1863 | SECStatus rv = PK11_SymKeysToSameSlot(CKM_CONCATENATE_BASE_AND_KEY0x00000360UL, |
1864 | CKA_DERIVE0x0000010CUL, CKA_DERIVE0x0000010CUL, left, right, |
1865 | ©OfLeft, ©OfRight); |
1866 | if (rv != SECSuccess) { |
1867 | /* error code already set */ |
1868 | return NULL((void*)0); |
1869 | } |
1870 | |
1871 | out = pk11_ConcatenateBaseAndKey(copyOfLeft ? copyOfLeft : left, copyOfRight ? copyOfRight : right, target, operation, 0); |
1872 | PK11_FreeSymKey(copyOfLeft); |
1873 | PK11_FreeSymKey(copyOfRight); |
1874 | return out; |
1875 | } |
1876 | |
1877 | /* Create a new key whose value is the hash of tobehashed. |
1878 | * type is the mechanism for the derived key. |
1879 | */ |
1880 | static PK11SymKey * |
1881 | pk11_HashKeyDerivation(PK11SymKey *toBeHashed, |
1882 | CK_MECHANISM_TYPE hashMechanism, CK_MECHANISM_TYPE target, |
1883 | CK_ATTRIBUTE_TYPE operation, CK_ULONG keySize) |
1884 | { |
1885 | return PK11_Derive(toBeHashed, hashMechanism, NULL((void*)0), target, operation, keySize); |
1886 | } |
1887 | |
1888 | /* This function implements the ANSI X9.63 key derivation function |
1889 | */ |
1890 | static PK11SymKey * |
1891 | pk11_ANSIX963Derive(PK11SymKey *sharedSecret, |
1892 | CK_EC_KDF_TYPE kdf, SECItem *sharedData, |
1893 | CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, |
1894 | CK_ULONG keySize) |
1895 | { |
1896 | CK_KEY_TYPE keyType; |
1897 | CK_MECHANISM_TYPE hashMechanism, mechanismArray[4]; |
1898 | CK_ULONG derivedKeySize, HashLen, counter, maxCounter, bufferLen; |
1899 | CK_ULONG SharedInfoLen; |
1900 | CK_BYTE *buffer = NULL((void*)0); |
1901 | PK11SymKey *toBeHashed, *hashOutput; |
1902 | PK11SymKey *newSharedSecret = NULL((void*)0); |
1903 | PK11SymKey *oldIntermediateResult, *intermediateResult = NULL((void*)0); |
1904 | |
1905 | if (sharedSecret == NULL((void*)0)) { |
1906 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); |
1907 | return NULL((void*)0); |
1908 | } |
1909 | |
1910 | switch (kdf) { |
1911 | case CKD_SHA1_KDF0x00000002UL: |
1912 | HashLen = SHA1_LENGTH20; |
1913 | hashMechanism = CKM_SHA1_KEY_DERIVATION0x00000392UL; |
1914 | break; |
1915 | case CKD_SHA224_KDF0x00000005UL: |
1916 | HashLen = SHA224_LENGTH28; |
1917 | hashMechanism = CKM_SHA224_KEY_DERIVATION0x00000396UL; |
1918 | break; |
1919 | case CKD_SHA256_KDF0x00000006UL: |
1920 | HashLen = SHA256_LENGTH32; |
1921 | hashMechanism = CKM_SHA256_KEY_DERIVATION0x00000393UL; |
1922 | break; |
1923 | case CKD_SHA384_KDF0x00000007UL: |
1924 | HashLen = SHA384_LENGTH48; |
1925 | hashMechanism = CKM_SHA384_KEY_DERIVATION0x00000394UL; |
1926 | break; |
1927 | case CKD_SHA512_KDF0x00000008UL: |
1928 | HashLen = SHA512_LENGTH64; |
1929 | hashMechanism = CKM_SHA512_KEY_DERIVATION0x00000395UL; |
1930 | break; |
1931 | default: |
1932 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); |
1933 | return NULL((void*)0); |
1934 | } |
1935 | |
1936 | derivedKeySize = keySize; |
1937 | if (derivedKeySize == 0) { |
1938 | keyType = PK11_GetKeyType(target, keySize); |
1939 | derivedKeySize = pk11_GetPredefinedKeyLength(keyType); |
1940 | if (derivedKeySize == 0) { |
1941 | derivedKeySize = HashLen; |
1942 | } |
1943 | } |
1944 | |
1945 | /* Check that key_len isn't too long. The maximum key length could be |
1946 | * greatly increased if the code below did not limit the 4-byte counter |
1947 | * to a maximum value of 255. */ |
1948 | if (derivedKeySize > 254 * HashLen) { |
1949 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); |
1950 | return NULL((void*)0); |
1951 | } |
1952 | |
1953 | maxCounter = derivedKeySize / HashLen; |
1954 | if (derivedKeySize > maxCounter * HashLen) |
1955 | maxCounter++; |
1956 | |
1957 | if ((sharedData == NULL((void*)0)) || (sharedData->data == NULL((void*)0))) |
1958 | SharedInfoLen = 0; |
1959 | else |
1960 | SharedInfoLen = sharedData->len; |
1961 | |
1962 | bufferLen = SharedInfoLen + 4; |
1963 | |
1964 | /* Populate buffer with Counter || sharedData |
1965 | * where Counter is 0x00000001. */ |
1966 | buffer = (unsigned char *)PORT_AllocPORT_Alloc_Util(bufferLen); |
1967 | if (buffer == NULL((void*)0)) { |
1968 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY); |
1969 | return NULL((void*)0); |
1970 | } |
1971 | |
1972 | buffer[0] = 0; |
1973 | buffer[1] = 0; |
1974 | buffer[2] = 0; |
1975 | buffer[3] = 1; |
1976 | if (SharedInfoLen > 0) { |
1977 | PORT_Memcpymemcpy(&buffer[4], sharedData->data, SharedInfoLen); |
1978 | } |
1979 | |
1980 | /* Look for a slot that supports the mechanisms needed |
1981 | * to implement the ANSI X9.63 KDF as well as the |
1982 | * target mechanism. |
1983 | */ |
1984 | mechanismArray[0] = CKM_CONCATENATE_BASE_AND_DATA0x00000362UL; |
1985 | mechanismArray[1] = hashMechanism; |
1986 | mechanismArray[2] = CKM_CONCATENATE_BASE_AND_KEY0x00000360UL; |
1987 | mechanismArray[3] = target; |
1988 | |
1989 | newSharedSecret = pk11_ForceSlotMultiple(sharedSecret, |
1990 | mechanismArray, 4, operation); |
1991 | if (newSharedSecret != NULL((void*)0)) { |
1992 | sharedSecret = newSharedSecret; |
1993 | } |
1994 | |
1995 | for (counter = 1; counter <= maxCounter; counter++) { |
1996 | /* Concatenate shared_secret and buffer */ |
1997 | toBeHashed = pk11_ConcatenateBaseAndData(sharedSecret, buffer, |
1998 | bufferLen, hashMechanism, operation); |
1999 | if (toBeHashed == NULL((void*)0)) { |
2000 | goto loser; |
2001 | } |
2002 | |
2003 | /* Hash value */ |
2004 | if (maxCounter == 1) { |
2005 | /* In this case the length of the key to be derived is |
2006 | * less than or equal to the length of the hash output. |
2007 | * So, the output of the hash operation will be the |
2008 | * dervied key. */ |
2009 | hashOutput = pk11_HashKeyDerivation(toBeHashed, hashMechanism, |
2010 | target, operation, keySize); |
2011 | } else { |
2012 | /* In this case, the output of the hash operation will be |
2013 | * concatenated with other data to create the derived key. */ |
2014 | hashOutput = pk11_HashKeyDerivation(toBeHashed, hashMechanism, |
2015 | CKM_CONCATENATE_BASE_AND_KEY0x00000360UL, operation, 0); |
2016 | } |
2017 | PK11_FreeSymKey(toBeHashed); |
2018 | if (hashOutput == NULL((void*)0)) { |
2019 | goto loser; |
2020 | } |
2021 | |
2022 | /* Append result to intermediate result, if necessary */ |
2023 | oldIntermediateResult = intermediateResult; |
2024 | |
2025 | if (oldIntermediateResult == NULL((void*)0)) { |
2026 | intermediateResult = hashOutput; |
2027 | } else { |
2028 | if (counter == maxCounter) { |
2029 | /* This is the final concatenation, and so the output |
2030 | * will be the derived key. */ |
2031 | intermediateResult = |
2032 | pk11_ConcatenateBaseAndKey(oldIntermediateResult, |
2033 | hashOutput, target, operation, keySize); |
2034 | } else { |
2035 | /* The output of this concatenation will be concatenated |
2036 | * with other data to create the derived key. */ |
2037 | intermediateResult = |
2038 | pk11_ConcatenateBaseAndKey(oldIntermediateResult, |
2039 | hashOutput, CKM_CONCATENATE_BASE_AND_KEY0x00000360UL, |
2040 | operation, 0); |
2041 | } |
2042 | |
2043 | PK11_FreeSymKey(hashOutput); |
2044 | PK11_FreeSymKey(oldIntermediateResult); |
2045 | if (intermediateResult == NULL((void*)0)) { |
2046 | goto loser; |
2047 | } |
2048 | } |
2049 | |
2050 | /* Increment counter (assumes maxCounter < 255) */ |
2051 | buffer[3]++; |
2052 | } |
2053 | |
2054 | PORT_ZFreePORT_ZFree_Util(buffer, bufferLen); |
2055 | if (newSharedSecret != NULL((void*)0)) |
2056 | PK11_FreeSymKey(newSharedSecret); |
2057 | return intermediateResult; |
2058 | |
2059 | loser: |
2060 | PORT_ZFreePORT_ZFree_Util(buffer, bufferLen); |
2061 | if (newSharedSecret != NULL((void*)0)) |
2062 | PK11_FreeSymKey(newSharedSecret); |
2063 | if (intermediateResult != NULL((void*)0)) |
2064 | PK11_FreeSymKey(intermediateResult); |
2065 | return NULL((void*)0); |
2066 | } |
2067 | |
2068 | /* |
2069 | * This regenerate a public key from a private key. This function is currently |
2070 | * NSS private. If we want to make it public, we need to add and optional |
2071 | * template or at least flags (a.la. PK11_DeriveWithFlags). |
2072 | */ |
2073 | CK_OBJECT_HANDLE |
2074 | PK11_DerivePubKeyFromPrivKey(SECKEYPrivateKey *privKey) |
2075 | { |
2076 | PK11SlotInfo *slot = privKey->pkcs11Slot; |
2077 | CK_MECHANISM mechanism; |
2078 | CK_OBJECT_HANDLE objectID = CK_INVALID_HANDLE0; |
2079 | CK_RV crv; |
2080 | |
2081 | mechanism.mechanism = CKM_NSS_PUB_FROM_PRIV((0x80000000UL | 0x4E534350) + 40); |
2082 | mechanism.pParameter = NULL((void*)0); |
2083 | mechanism.ulParameterLen = 0; |
2084 | |
2085 | PK11_EnterSlotMonitor(slot); |
2086 | crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_DeriveKey(slot->session, &mechanism, |
2087 | privKey->pkcs11ID, NULL((void*)0), 0, |
2088 | &objectID); |
2089 | PK11_ExitSlotMonitor(slot); |
2090 | if (crv != CKR_OK0x00000000UL) { |
2091 | PORT_SetErrorPORT_SetError_Util(PK11_MapError(crv)); |
2092 | return CK_INVALID_HANDLE0; |
2093 | } |
2094 | return objectID; |
2095 | } |
2096 | |
2097 | /* |
2098 | * This Generates a wrapping key based on a privateKey, publicKey, and two |
2099 | * random numbers. For Mail usage RandomB should be NULL. In the Sender's |
2100 | * case RandomA is generate, otherwise it is passed. |
2101 | */ |
2102 | PK11SymKey * |
2103 | PK11_PubDerive(SECKEYPrivateKey *privKey, SECKEYPublicKey *pubKey, |
2104 | PRBool isSender, SECItem *randomA, SECItem *randomB, |
2105 | CK_MECHANISM_TYPE derive, CK_MECHANISM_TYPE target, |
2106 | CK_ATTRIBUTE_TYPE operation, int keySize, void *wincx) |
2107 | { |
2108 | PK11SlotInfo *slot = privKey->pkcs11Slot; |
2109 | CK_MECHANISM mechanism; |
2110 | PK11SymKey *symKey; |
2111 | CK_RV crv; |
2112 | |
2113 | /* get our key Structure */ |
2114 | symKey = pk11_CreateSymKey(slot, target, PR_TRUE1, PR_TRUE1, wincx); |
2115 | if (symKey == NULL((void*)0)) { |
2116 | return NULL((void*)0); |
2117 | } |
2118 | |
2119 | /* CKA_NSS_MESSAGE is a fake operation to distinguish between |
2120 | * Normal Encrypt/Decrypt and MessageEncrypt/Decrypt. Don't try to set |
2121 | * it as a real attribute */ |
2122 | if ((operation & CKA_NSS_MESSAGE_MASK0xff000000L) == CKA_NSS_MESSAGE0x82000000L) { |
2123 | /* Message is or'd with a real Attribute (CKA_ENCRYPT, CKA_DECRYPT), |
2124 | * etc. Strip out the real attribute here */ |
2125 | operation &= ~CKA_NSS_MESSAGE_MASK0xff000000L; |
2126 | } |
2127 | |
2128 | symKey->origin = PK11_OriginDerive; |
2129 | |
2130 | switch (privKey->keyType) { |
2131 | case rsaKey: |
2132 | case rsaPssKey: |
2133 | case rsaOaepKey: |
2134 | case kyberKey: |
2135 | case nullKey: |
2136 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_BAD_KEY); |
2137 | break; |
2138 | case dsaKey: |
2139 | case keaKey: |
2140 | case fortezzaKey: { |
2141 | static unsigned char rb_email[128] = { 0 }; |
2142 | CK_KEA_DERIVE_PARAMS param; |
2143 | param.isSender = (CK_BBOOL)isSender; |
2144 | param.ulRandomLen = randomA->len; |
2145 | param.pRandomA = randomA->data; |
2146 | param.pRandomB = rb_email; |
2147 | param.pRandomB[127] = 1; |
2148 | if (randomB) |
2149 | param.pRandomB = randomB->data; |
2150 | if (pubKey->keyType == fortezzaKey) { |
2151 | param.ulPublicDataLen = pubKey->u.fortezza.KEAKey.len; |
2152 | param.pPublicData = pubKey->u.fortezza.KEAKey.data; |
2153 | } else { |
2154 | /* assert type == keaKey */ |
2155 | /* XXX change to match key key types */ |
2156 | param.ulPublicDataLen = pubKey->u.fortezza.KEAKey.len; |
2157 | param.pPublicData = pubKey->u.fortezza.KEAKey.data; |
2158 | } |
2159 | |
2160 | mechanism.mechanism = derive; |
2161 | mechanism.pParameter = ¶m; |
2162 | mechanism.ulParameterLen = sizeof(param); |
2163 | |
2164 | /* get a new symKey structure */ |
2165 | pk11_EnterKeyMonitor(symKey); |
2166 | crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_DeriveKey(symKey->session, &mechanism, |
2167 | privKey->pkcs11ID, NULL((void*)0), 0, |
2168 | &symKey->objectID); |
2169 | pk11_ExitKeyMonitor(symKey); |
2170 | if (crv == CKR_OK0x00000000UL) |
2171 | return symKey; |
2172 | PORT_SetErrorPORT_SetError_Util(PK11_MapError(crv)); |
2173 | } break; |
2174 | case dhKey: { |
2175 | CK_BBOOL cktrue = CK_TRUE1; |
2176 | CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY0x00000004UL; |
2177 | CK_KEY_TYPE keyType = CKK_GENERIC_SECRET0x00000010UL; |
2178 | CK_ULONG key_size = 0; |
2179 | CK_ATTRIBUTE keyTemplate[4]; |
2180 | int templateCount; |
2181 | CK_ATTRIBUTE *attrs = keyTemplate; |
2182 | |
2183 | if (pubKey->keyType != dhKey) { |
2184 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_BAD_KEY); |
2185 | break; |
2186 | } |
2187 | |
2188 | PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, sizeof(keyClass))(attrs)->type = (0x00000000UL); (attrs)->pValue = (& keyClass); (attrs)->ulValueLen = (sizeof(keyClass));; |
2189 | attrs++; |
2190 | PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof(keyType))(attrs)->type = (0x00000100UL); (attrs)->pValue = (& keyType); (attrs)->ulValueLen = (sizeof(keyType));; |
2191 | attrs++; |
2192 | PK11_SETATTRS(attrs, operation, &cktrue, 1)(attrs)->type = (operation); (attrs)->pValue = (&cktrue ); (attrs)->ulValueLen = (1);; |
2193 | attrs++; |
2194 | PK11_SETATTRS(attrs, CKA_VALUE_LEN, &key_size, sizeof(key_size))(attrs)->type = (0x00000161UL); (attrs)->pValue = (& key_size); (attrs)->ulValueLen = (sizeof(key_size));; |
2195 | attrs++; |
2196 | templateCount = attrs - keyTemplate; |
2197 | PR_ASSERT(templateCount <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE))((templateCount <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE ))?((void)0):PR_Assert("templateCount <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE)" ,"pk11skey.c",2197)); |
2198 | |
2199 | keyType = PK11_GetKeyType(target, keySize); |
2200 | key_size = keySize; |
2201 | symKey->size = keySize; |
2202 | if (key_size == 0) |
2203 | templateCount--; |
2204 | |
2205 | mechanism.mechanism = derive; |
2206 | |
2207 | /* we can undefine these when we define diffie-helman keys */ |
2208 | |
2209 | mechanism.pParameter = pubKey->u.dh.publicValue.data; |
2210 | mechanism.ulParameterLen = pubKey->u.dh.publicValue.len; |
2211 | |
2212 | pk11_EnterKeyMonitor(symKey); |
2213 | crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_DeriveKey(symKey->session, &mechanism, |
2214 | privKey->pkcs11ID, keyTemplate, |
2215 | templateCount, &symKey->objectID); |
2216 | pk11_ExitKeyMonitor(symKey); |
2217 | if (crv == CKR_OK0x00000000UL) |
2218 | return symKey; |
2219 | PORT_SetErrorPORT_SetError_Util(PK11_MapError(crv)); |
2220 | } break; |
2221 | case edKey: |
2222 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_BAD_KEY); |
2223 | break; |
2224 | case ecKey: { |
2225 | CK_BBOOL cktrue = CK_TRUE1; |
2226 | CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY0x00000004UL; |
2227 | CK_KEY_TYPE keyType = CKK_GENERIC_SECRET0x00000010UL; |
2228 | CK_ULONG key_size = 0; |
2229 | CK_ATTRIBUTE keyTemplate[4]; |
2230 | int templateCount; |
2231 | CK_ATTRIBUTE *attrs = keyTemplate; |
2232 | CK_ECDH1_DERIVE_PARAMS *mechParams = NULL((void*)0); |
2233 | |
2234 | if (pubKey->keyType != ecKey) { |
2235 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_BAD_KEY); |
2236 | break; |
2237 | } |
2238 | |
2239 | PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, sizeof(keyClass))(attrs)->type = (0x00000000UL); (attrs)->pValue = (& keyClass); (attrs)->ulValueLen = (sizeof(keyClass));; |
2240 | attrs++; |
2241 | PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof(keyType))(attrs)->type = (0x00000100UL); (attrs)->pValue = (& keyType); (attrs)->ulValueLen = (sizeof(keyType));; |
2242 | attrs++; |
2243 | PK11_SETATTRS(attrs, operation, &cktrue, 1)(attrs)->type = (operation); (attrs)->pValue = (&cktrue ); (attrs)->ulValueLen = (1);; |
2244 | attrs++; |
2245 | PK11_SETATTRS(attrs, CKA_VALUE_LEN, &key_size, sizeof(key_size))(attrs)->type = (0x00000161UL); (attrs)->pValue = (& key_size); (attrs)->ulValueLen = (sizeof(key_size));; |
2246 | attrs++; |
2247 | templateCount = attrs - keyTemplate; |
2248 | PR_ASSERT(templateCount <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE))((templateCount <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE ))?((void)0):PR_Assert("templateCount <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE)" ,"pk11skey.c",2248)); |
2249 | |
2250 | keyType = PK11_GetKeyType(target, keySize); |
2251 | key_size = keySize; |
2252 | if (key_size == 0) { |
2253 | if ((key_size = pk11_GetPredefinedKeyLength(keyType))) { |
2254 | templateCount--; |
2255 | } else { |
2256 | /* sigh, some tokens can't figure this out and require |
2257 | * CKA_VALUE_LEN to be set */ |
2258 | key_size = SHA1_LENGTH20; |
2259 | } |
2260 | } |
2261 | symKey->size = key_size; |
2262 | |
2263 | mechParams = PORT_ZNew(CK_ECDH1_DERIVE_PARAMS)(CK_ECDH1_DERIVE_PARAMS *)PORT_ZAlloc_Util(sizeof(CK_ECDH1_DERIVE_PARAMS )); |
2264 | mechParams->kdf = CKD_SHA1_KDF0x00000002UL; |
2265 | mechParams->ulSharedDataLen = 0; |
2266 | mechParams->pSharedData = NULL((void*)0); |
2267 | mechParams->ulPublicDataLen = pubKey->u.ec.publicValue.len; |
2268 | mechParams->pPublicData = pubKey->u.ec.publicValue.data; |
2269 | |
2270 | mechanism.mechanism = derive; |
2271 | mechanism.pParameter = mechParams; |
2272 | mechanism.ulParameterLen = sizeof(CK_ECDH1_DERIVE_PARAMS); |
2273 | |
2274 | pk11_EnterKeyMonitor(symKey); |
2275 | crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_DeriveKey(symKey->session, |
2276 | &mechanism, privKey->pkcs11ID, keyTemplate, |
2277 | templateCount, &symKey->objectID); |
2278 | pk11_ExitKeyMonitor(symKey); |
2279 | |
2280 | /* old PKCS #11 spec was ambiguous on what needed to be passed, |
2281 | * try this again with and encoded public key */ |
2282 | if (crv != CKR_OK0x00000000UL && pk11_ECGetPubkeyEncoding(pubKey) != ECPoint_XOnly) { |
2283 | SECItem *pubValue = SEC_ASN1EncodeItemSEC_ASN1EncodeItem_Util(NULL((void*)0), NULL((void*)0), |
2284 | &pubKey->u.ec.publicValue, |
2285 | SEC_ASN1_GET(SEC_OctetStringTemplate)SEC_OctetStringTemplate_Util); |
2286 | if (pubValue == NULL((void*)0)) { |
2287 | PORT_ZFreePORT_ZFree_Util(mechParams, sizeof(CK_ECDH1_DERIVE_PARAMS)); |
2288 | break; |
2289 | } |
2290 | mechParams->ulPublicDataLen = pubValue->len; |
2291 | mechParams->pPublicData = pubValue->data; |
2292 | |
2293 | pk11_EnterKeyMonitor(symKey); |
2294 | crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_DeriveKey(symKey->session, |
2295 | &mechanism, privKey->pkcs11ID, keyTemplate, |
2296 | templateCount, &symKey->objectID); |
2297 | pk11_ExitKeyMonitor(symKey); |
2298 | |
2299 | SECITEM_FreeItemSECITEM_FreeItem_Util(pubValue, PR_TRUE1); |
2300 | } |
2301 | |
2302 | PORT_ZFreePORT_ZFree_Util(mechParams, sizeof(CK_ECDH1_DERIVE_PARAMS)); |
2303 | |
2304 | if (crv == CKR_OK0x00000000UL) |
2305 | return symKey; |
2306 | PORT_SetErrorPORT_SetError_Util(PK11_MapError(crv)); |
2307 | } |
2308 | } |
2309 | |
2310 | PK11_FreeSymKey(symKey); |
2311 | return NULL((void*)0); |
2312 | } |
2313 | |
2314 | /* Test for curves that are known to use a special encoding. |
2315 | * Extend this function when additional curves are added. */ |
2316 | static ECPointEncoding |
2317 | pk11_ECGetPubkeyEncoding(const SECKEYPublicKey *pubKey) |
2318 | { |
2319 | SECItem oid; |
2320 | SECStatus rv; |
2321 | PORTCheapArenaPool tmpArena; |
2322 | ECPointEncoding encoding = ECPoint_Undefined; |
2323 | |
2324 | PORT_InitCheapArena(&tmpArena, DER_DEFAULT_CHUNKSIZE(2048)); |
2325 | |
2326 | /* decode the OID tag */ |
2327 | rv = SEC_QuickDERDecodeItemSEC_QuickDERDecodeItem_Util(&tmpArena.arena, &oid, |
2328 | SEC_ASN1_GET(SEC_ObjectIDTemplate)SEC_ObjectIDTemplate_Util, |
2329 | &pubKey->u.ec.DEREncodedParams); |
2330 | if (rv == SECSuccess) { |
2331 | SECOidTag tag = SECOID_FindOIDTagSECOID_FindOIDTag_Util(&oid); |
2332 | switch (tag) { |
2333 | case SEC_OID_CURVE25519: |
2334 | encoding = ECPoint_XOnly; |
2335 | break; |
2336 | case SEC_OID_SECG_EC_SECP256R1SEC_OID_ANSIX962_EC_PRIME256V1: |
2337 | case SEC_OID_SECG_EC_SECP384R1: |
2338 | case SEC_OID_SECG_EC_SECP521R1: |
2339 | default: |
2340 | /* unknown curve, default to uncompressed */ |
2341 | encoding = ECPoint_Uncompressed; |
2342 | } |
2343 | } |
2344 | PORT_DestroyCheapArena(&tmpArena); |
2345 | return encoding; |
2346 | } |
2347 | |
2348 | /* Returns the size of the public key, or 0 if there |
2349 | * is an error. */ |
2350 | static CK_ULONG |
2351 | pk11_ECPubKeySize(SECKEYPublicKey *pubKey) |
2352 | { |
2353 | SECItem *publicValue = &pubKey->u.ec.publicValue; |
2354 | |
2355 | ECPointEncoding encoding = pk11_ECGetPubkeyEncoding(pubKey); |
2356 | if (encoding == ECPoint_XOnly) { |
2357 | return publicValue->len; |
2358 | } |
2359 | if (encoding == ECPoint_Uncompressed) { |
2360 | /* key encoded in uncompressed form */ |
2361 | return ((publicValue->len - 1) / 2); |
2362 | } |
2363 | /* key encoding not recognized */ |
2364 | return 0; |
2365 | } |
2366 | |
2367 | static PK11SymKey * |
2368 | pk11_PubDeriveECKeyWithKDF( |
2369 | SECKEYPrivateKey *privKey, SECKEYPublicKey *pubKey, |
2370 | PRBool isSender, SECItem *randomA, SECItem *randomB, |
2371 | CK_MECHANISM_TYPE derive, CK_MECHANISM_TYPE target, |
2372 | CK_ATTRIBUTE_TYPE operation, int keySize, |
2373 | CK_ULONG kdf, SECItem *sharedData, void *wincx) |
2374 | { |
2375 | PK11SlotInfo *slot = privKey->pkcs11Slot; |
2376 | PK11SymKey *symKey; |
2377 | PK11SymKey *SharedSecret; |
2378 | CK_MECHANISM mechanism; |
2379 | CK_RV crv; |
2380 | CK_BBOOL cktrue = CK_TRUE1; |
2381 | CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY0x00000004UL; |
2382 | CK_KEY_TYPE keyType = CKK_GENERIC_SECRET0x00000010UL; |
2383 | CK_ULONG key_size = 0; |
2384 | CK_ATTRIBUTE keyTemplate[4]; |
2385 | int templateCount; |
2386 | CK_ATTRIBUTE *attrs = keyTemplate; |
2387 | CK_ECDH1_DERIVE_PARAMS *mechParams = NULL((void*)0); |
2388 | |
2389 | if (pubKey->keyType != ecKey) { |
2390 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_BAD_KEY); |
2391 | return NULL((void*)0); |
2392 | } |
2393 | if ((kdf != CKD_NULL0x00000001UL) && (kdf != CKD_SHA1_KDF0x00000002UL) && |
2394 | (kdf != CKD_SHA224_KDF0x00000005UL) && (kdf != CKD_SHA256_KDF0x00000006UL) && |
2395 | (kdf != CKD_SHA384_KDF0x00000007UL) && (kdf != CKD_SHA512_KDF0x00000008UL)) { |
2396 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ALGORITHM); |
2397 | return NULL((void*)0); |
2398 | } |
2399 | |
2400 | /* get our key Structure */ |
2401 | symKey = pk11_CreateSymKey(slot, target, PR_TRUE1, PR_TRUE1, wincx); |
2402 | if (symKey == NULL((void*)0)) { |
2403 | return NULL((void*)0); |
2404 | } |
2405 | /* CKA_NSS_MESSAGE is a fake operation to distinguish between |
2406 | * Normal Encrypt/Decrypt and MessageEncrypt/Decrypt. Don't try to set |
2407 | * it as a real attribute */ |
2408 | if ((operation & CKA_NSS_MESSAGE_MASK0xff000000L) == CKA_NSS_MESSAGE0x82000000L) { |
2409 | /* Message is or'd with a real Attribute (CKA_ENCRYPT, CKA_DECRYPT), |
2410 | * etc. Strip out the real attribute here */ |
2411 | operation &= ~CKA_NSS_MESSAGE_MASK0xff000000L; |
2412 | } |
2413 | |
2414 | symKey->origin = PK11_OriginDerive; |
2415 | |
2416 | PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, sizeof(keyClass))(attrs)->type = (0x00000000UL); (attrs)->pValue = (& keyClass); (attrs)->ulValueLen = (sizeof(keyClass));; |
2417 | attrs++; |
2418 | PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof(keyType))(attrs)->type = (0x00000100UL); (attrs)->pValue = (& keyType); (attrs)->ulValueLen = (sizeof(keyType));; |
2419 | attrs++; |
2420 | PK11_SETATTRS(attrs, operation, &cktrue, 1)(attrs)->type = (operation); (attrs)->pValue = (&cktrue ); (attrs)->ulValueLen = (1);; |
2421 | attrs++; |
2422 | PK11_SETATTRS(attrs, CKA_VALUE_LEN, &key_size, sizeof(key_size))(attrs)->type = (0x00000161UL); (attrs)->pValue = (& key_size); (attrs)->ulValueLen = (sizeof(key_size));; |
2423 | attrs++; |
2424 | templateCount = attrs - keyTemplate; |
2425 | PR_ASSERT(templateCount <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE))((templateCount <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE ))?((void)0):PR_Assert("templateCount <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE)" ,"pk11skey.c",2425)); |
2426 | |
2427 | keyType = PK11_GetKeyType(target, keySize); |
2428 | key_size = keySize; |
2429 | if (key_size == 0) { |
2430 | if ((key_size = pk11_GetPredefinedKeyLength(keyType))) { |
2431 | templateCount--; |
2432 | } else { |
2433 | /* sigh, some tokens can't figure this out and require |
2434 | * CKA_VALUE_LEN to be set */ |
2435 | switch (kdf) { |
2436 | case CKD_NULL0x00000001UL: |
2437 | key_size = pk11_ECPubKeySize(pubKey); |
2438 | if (key_size == 0) { |
2439 | PK11_FreeSymKey(symKey); |
2440 | return NULL((void*)0); |
2441 | } |
2442 | break; |
2443 | case CKD_SHA1_KDF0x00000002UL: |
2444 | key_size = SHA1_LENGTH20; |
2445 | break; |
2446 | case CKD_SHA224_KDF0x00000005UL: |
2447 | key_size = SHA224_LENGTH28; |
2448 | break; |
2449 | case CKD_SHA256_KDF0x00000006UL: |
2450 | key_size = SHA256_LENGTH32; |
2451 | break; |
2452 | case CKD_SHA384_KDF0x00000007UL: |
2453 | key_size = SHA384_LENGTH48; |
2454 | break; |
2455 | case CKD_SHA512_KDF0x00000008UL: |
2456 | key_size = SHA512_LENGTH64; |
2457 | break; |
2458 | default: |
2459 | PORT_AssertNotReached("Invalid CKD")PR_Assert("Invalid CKD","pk11skey.c",2459); |
2460 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ALGORITHM); |
2461 | return NULL((void*)0); |
2462 | } |
2463 | } |
2464 | } |
2465 | symKey->size = key_size; |
2466 | |
2467 | mechParams = PORT_ZNew(CK_ECDH1_DERIVE_PARAMS)(CK_ECDH1_DERIVE_PARAMS *)PORT_ZAlloc_Util(sizeof(CK_ECDH1_DERIVE_PARAMS )); |
2468 | if (!mechParams) { |
2469 | PK11_FreeSymKey(symKey); |
2470 | return NULL((void*)0); |
2471 | } |
2472 | mechParams->kdf = kdf; |
2473 | if (sharedData == NULL((void*)0)) { |
2474 | mechParams->ulSharedDataLen = 0; |
2475 | mechParams->pSharedData = NULL((void*)0); |
2476 | } else { |
2477 | mechParams->ulSharedDataLen = sharedData->len; |
2478 | mechParams->pSharedData = sharedData->data; |
2479 | } |
2480 | mechParams->ulPublicDataLen = pubKey->u.ec.publicValue.len; |
2481 | mechParams->pPublicData = pubKey->u.ec.publicValue.data; |
2482 | |
2483 | mechanism.mechanism = derive; |
2484 | mechanism.pParameter = mechParams; |
2485 | mechanism.ulParameterLen = sizeof(CK_ECDH1_DERIVE_PARAMS); |
2486 | |
2487 | pk11_EnterKeyMonitor(symKey); |
2488 | crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_DeriveKey(symKey->session, &mechanism, |
2489 | privKey->pkcs11ID, keyTemplate, |
2490 | templateCount, &symKey->objectID); |
2491 | pk11_ExitKeyMonitor(symKey); |
2492 | |
2493 | /* old PKCS #11 spec was ambiguous on what needed to be passed, |
2494 | * try this again with an encoded public key */ |
2495 | if (crv != CKR_OK0x00000000UL) { |
2496 | /* For curves that only use X as public value and no encoding we don't |
2497 | * have to try again. (Currently only Curve25519) */ |
2498 | if (pk11_ECGetPubkeyEncoding(pubKey) == ECPoint_XOnly) { |
2499 | goto loser; |
2500 | } |
2501 | SECItem *pubValue = SEC_ASN1EncodeItemSEC_ASN1EncodeItem_Util(NULL((void*)0), NULL((void*)0), |
2502 | &pubKey->u.ec.publicValue, |
2503 | SEC_ASN1_GET(SEC_OctetStringTemplate)SEC_OctetStringTemplate_Util); |
2504 | if (pubValue == NULL((void*)0)) { |
2505 | goto loser; |
2506 | } |
2507 | mechParams->ulPublicDataLen = pubValue->len; |
2508 | mechParams->pPublicData = pubValue->data; |
2509 | |
2510 | pk11_EnterKeyMonitor(symKey); |
2511 | crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_DeriveKey(symKey->session, |
2512 | &mechanism, privKey->pkcs11ID, keyTemplate, |
2513 | templateCount, &symKey->objectID); |
2514 | pk11_ExitKeyMonitor(symKey); |
2515 | |
2516 | if ((crv != CKR_OK0x00000000UL) && (kdf != CKD_NULL0x00000001UL)) { |
2517 | /* Some PKCS #11 libraries cannot perform the key derivation |
2518 | * function. So, try calling C_DeriveKey with CKD_NULL and then |
2519 | * performing the KDF separately. |
2520 | */ |
2521 | CK_ULONG derivedKeySize = key_size; |
2522 | |
2523 | keyType = CKK_GENERIC_SECRET0x00000010UL; |
2524 | key_size = pk11_ECPubKeySize(pubKey); |
2525 | if (key_size == 0) { |
2526 | SECITEM_FreeItemSECITEM_FreeItem_Util(pubValue, PR_TRUE1); |
2527 | goto loser; |
2528 | } |
2529 | SharedSecret = symKey; |
2530 | SharedSecret->size = key_size; |
2531 | |
2532 | mechParams->kdf = CKD_NULL0x00000001UL; |
2533 | mechParams->ulSharedDataLen = 0; |
2534 | mechParams->pSharedData = NULL((void*)0); |
2535 | mechParams->ulPublicDataLen = pubKey->u.ec.publicValue.len; |
2536 | mechParams->pPublicData = pubKey->u.ec.publicValue.data; |
2537 | |
2538 | pk11_EnterKeyMonitor(SharedSecret); |
2539 | crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_DeriveKey(SharedSecret->session, |
2540 | &mechanism, privKey->pkcs11ID, keyTemplate, |
2541 | templateCount, &SharedSecret->objectID); |
2542 | pk11_ExitKeyMonitor(SharedSecret); |
2543 | |
2544 | if (crv != CKR_OK0x00000000UL) { |
2545 | /* old PKCS #11 spec was ambiguous on what needed to be passed, |
2546 | * try this one final time with an encoded public key */ |
2547 | mechParams->ulPublicDataLen = pubValue->len; |
2548 | mechParams->pPublicData = pubValue->data; |
2549 | |
2550 | pk11_EnterKeyMonitor(SharedSecret); |
2551 | crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_DeriveKey(SharedSecret->session, |
2552 | &mechanism, privKey->pkcs11ID, keyTemplate, |
2553 | templateCount, &SharedSecret->objectID); |
2554 | pk11_ExitKeyMonitor(SharedSecret); |
2555 | } |
2556 | |
2557 | /* Perform KDF. */ |
2558 | if (crv == CKR_OK0x00000000UL) { |
2559 | symKey = pk11_ANSIX963Derive(SharedSecret, kdf, |
2560 | sharedData, target, operation, |
2561 | derivedKeySize); |
2562 | PK11_FreeSymKey(SharedSecret); |
2563 | if (symKey == NULL((void*)0)) { |
2564 | SECITEM_FreeItemSECITEM_FreeItem_Util(pubValue, PR_TRUE1); |
2565 | PORT_ZFreePORT_ZFree_Util(mechParams, sizeof(CK_ECDH1_DERIVE_PARAMS)); |
2566 | return NULL((void*)0); |
2567 | } |
2568 | } |
2569 | } |
2570 | SECITEM_FreeItemSECITEM_FreeItem_Util(pubValue, PR_TRUE1); |
2571 | } |
2572 | |
2573 | loser: |
2574 | PORT_ZFreePORT_ZFree_Util(mechParams, sizeof(CK_ECDH1_DERIVE_PARAMS)); |
2575 | |
2576 | if (crv != CKR_OK0x00000000UL) { |
2577 | PK11_FreeSymKey(symKey); |
2578 | symKey = NULL((void*)0); |
2579 | PORT_SetErrorPORT_SetError_Util(PK11_MapError(crv)); |
2580 | } |
2581 | return symKey; |
2582 | } |
2583 | |
2584 | PK11SymKey * |
2585 | PK11_PubDeriveWithKDF(SECKEYPrivateKey *privKey, SECKEYPublicKey *pubKey, |
2586 | PRBool isSender, SECItem *randomA, SECItem *randomB, |
2587 | CK_MECHANISM_TYPE derive, CK_MECHANISM_TYPE target, |
2588 | CK_ATTRIBUTE_TYPE operation, int keySize, |
2589 | CK_ULONG kdf, SECItem *sharedData, void *wincx) |
2590 | { |
2591 | |
2592 | switch (privKey->keyType) { |
2593 | case rsaKey: |
2594 | case nullKey: |
2595 | case dsaKey: |
2596 | case keaKey: |
2597 | case fortezzaKey: |
2598 | case dhKey: |
2599 | return PK11_PubDerive(privKey, pubKey, isSender, randomA, randomB, |
2600 | derive, target, operation, keySize, wincx); |
2601 | case ecKey: |
2602 | return pk11_PubDeriveECKeyWithKDF(privKey, pubKey, isSender, |
2603 | randomA, randomB, derive, target, |
2604 | operation, keySize, |
2605 | kdf, sharedData, wincx); |
2606 | default: |
2607 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_BAD_KEY); |
2608 | break; |
2609 | } |
2610 | |
2611 | return NULL((void*)0); |
2612 | } |
2613 | |
2614 | /* |
2615 | * this little function uses the Decrypt function to unwrap a key, just in |
2616 | * case we are having problem with unwrap. NOTE: The key size may |
2617 | * not be preserved properly for some algorithms! |
2618 | */ |
2619 | static PK11SymKey * |
2620 | pk11_HandUnwrap(PK11SlotInfo *slot, CK_OBJECT_HANDLE wrappingKey, |
2621 | CK_MECHANISM *mech, SECItem *inKey, CK_MECHANISM_TYPE target, |
2622 | CK_ATTRIBUTE *keyTemplate, unsigned int templateCount, |
2623 | int key_size, void *wincx, CK_RV *crvp, PRBool isPerm) |
2624 | { |
2625 | CK_ULONG len; |
2626 | SECItem outKey; |
2627 | PK11SymKey *symKey; |
2628 | CK_RV crv; |
2629 | PRBool owner = PR_TRUE1; |
2630 | CK_SESSION_HANDLE session; |
2631 | |
2632 | /* remove any VALUE_LEN parameters */ |
2633 | if (keyTemplate[templateCount - 1].type == CKA_VALUE_LEN0x00000161UL) { |
2634 | templateCount--; |
2635 | } |
2636 | |
2637 | /* keys are almost always aligned, but if we get this far, |
2638 | * we've gone above and beyond anyway... */ |
2639 | outKey.data = (unsigned char *)PORT_AllocPORT_Alloc_Util(inKey->len); |
2640 | if (outKey.data == NULL((void*)0)) { |
2641 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY); |
2642 | if (crvp) |
2643 | *crvp = CKR_HOST_MEMORY0x00000002UL; |
2644 | return NULL((void*)0); |
2645 | } |
2646 | len = inKey->len; |
2647 | |
2648 | /* use NULL IV's for wrapping */ |
2649 | session = pk11_GetNewSession(slot, &owner); |
2650 | if (!owner || !(slot->isThreadSafe)) |
2651 | PK11_EnterSlotMonitor(slot); |
2652 | crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_DecryptInit(session, mech, wrappingKey); |
2653 | if (crv != CKR_OK0x00000000UL) { |
2654 | if (!owner || !(slot->isThreadSafe)) |
2655 | PK11_ExitSlotMonitor(slot); |
2656 | pk11_CloseSession(slot, session, owner); |
2657 | PORT_FreePORT_Free_Util(outKey.data); |
2658 | PORT_SetErrorPORT_SetError_Util(PK11_MapError(crv)); |
2659 | if (crvp) |
2660 | *crvp = crv; |
2661 | return NULL((void*)0); |
2662 | } |
2663 | crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_Decrypt(session, inKey->data, inKey->len, |
2664 | outKey.data, &len); |
2665 | if (!owner || !(slot->isThreadSafe)) |
2666 | PK11_ExitSlotMonitor(slot); |
2667 | pk11_CloseSession(slot, session, owner); |
2668 | if (crv != CKR_OK0x00000000UL) { |
2669 | PORT_FreePORT_Free_Util(outKey.data); |
2670 | PORT_SetErrorPORT_SetError_Util(PK11_MapError(crv)); |
2671 | if (crvp) |
2672 | *crvp = crv; |
2673 | return NULL((void*)0); |
2674 | } |
2675 | |
2676 | outKey.len = (key_size == 0) ? len : key_size; |
2677 | outKey.type = siBuffer; |
2678 | |
2679 | if (PK11_DoesMechanism(slot, target)) { |
2680 | symKey = pk11_ImportSymKeyWithTempl(slot, target, PK11_OriginUnwrap, |
2681 | isPerm, keyTemplate, |
2682 | templateCount, &outKey, wincx); |
2683 | } else { |
2684 | slot = PK11_GetBestSlot(target, wincx); |
2685 | if (slot == NULL((void*)0)) { |
2686 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MODULE); |
2687 | PORT_FreePORT_Free_Util(outKey.data); |
2688 | if (crvp) |
2689 | *crvp = CKR_DEVICE_ERROR0x00000030UL; |
2690 | return NULL((void*)0); |
2691 | } |
2692 | symKey = pk11_ImportSymKeyWithTempl(slot, target, PK11_OriginUnwrap, |
2693 | isPerm, keyTemplate, |
2694 | templateCount, &outKey, wincx); |
2695 | PK11_FreeSlot(slot); |
2696 | } |
2697 | PORT_FreePORT_Free_Util(outKey.data); |
2698 | |
2699 | if (crvp) |
2700 | *crvp = symKey ? CKR_OK0x00000000UL : CKR_DEVICE_ERROR0x00000030UL; |
2701 | return symKey; |
2702 | } |
2703 | |
2704 | /* |
2705 | * The wrap/unwrap function is pretty much the same for private and |
2706 | * public keys. It's just getting the Object ID and slot right. This is |
2707 | * the combined unwrap function. |
2708 | */ |
2709 | static PK11SymKey * |
2710 | pk11_AnyUnwrapKey(PK11SlotInfo *slot, CK_OBJECT_HANDLE wrappingKey, |
2711 | CK_MECHANISM_TYPE wrapType, SECItem *param, SECItem *wrappedKey, |
2712 | CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, int keySize, |
2713 | void *wincx, CK_ATTRIBUTE *userAttr, unsigned int numAttrs, PRBool isPerm) |
2714 | { |
2715 | PK11SymKey *symKey; |
2716 | SECItem *param_free = NULL((void*)0); |
2717 | CK_BBOOL cktrue = CK_TRUE1; |
2718 | CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY0x00000004UL; |
2719 | CK_KEY_TYPE keyType = CKK_GENERIC_SECRET0x00000010UL; |
2720 | CK_ULONG valueLen = 0; |
2721 | CK_MECHANISM mechanism; |
2722 | CK_SESSION_HANDLE rwsession; |
2723 | CK_RV crv; |
2724 | CK_MECHANISM_INFO mechanism_info; |
2725 | #define MAX_ADD_ATTRS 4 |
2726 | CK_ATTRIBUTE keyTemplate[MAX_TEMPL_ATTRS16 + MAX_ADD_ATTRS]; |
2727 | #undef MAX_ADD_ATTRS |
2728 | CK_ATTRIBUTE *attrs = keyTemplate; |
2729 | unsigned int templateCount; |
2730 | |
2731 | if (numAttrs > MAX_TEMPL_ATTRS16) { |
2732 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); |
2733 | return NULL((void*)0); |
2734 | } |
2735 | /* CKA_NSS_MESSAGE is a fake operation to distinguish between |
2736 | * Normal Encrypt/Decrypt and MessageEncrypt/Decrypt. Don't try to set |
2737 | * it as a real attribute */ |
2738 | if ((operation & CKA_NSS_MESSAGE_MASK0xff000000L) == CKA_NSS_MESSAGE0x82000000L) { |
2739 | /* Message is or'd with a real Attribute (CKA_ENCRYPT, CKA_DECRYPT), |
2740 | * etc. Strip out the real attribute here */ |
2741 | operation &= ~CKA_NSS_MESSAGE_MASK0xff000000L; |
2742 | } |
2743 | |
2744 | /* first copy caller attributes in. */ |
2745 | for (templateCount = 0; templateCount < numAttrs; ++templateCount) { |
2746 | *attrs++ = *userAttr++; |
2747 | } |
2748 | |
2749 | /* We only add the following attributes to the template if the caller |
2750 | ** didn't already supply them. |
2751 | */ |
2752 | if (!pk11_FindAttrInTemplate(keyTemplate, numAttrs, CKA_CLASS0x00000000UL)) { |
2753 | PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, sizeof keyClass)(attrs)->type = (0x00000000UL); (attrs)->pValue = (& keyClass); (attrs)->ulValueLen = (sizeof keyClass);; |
2754 | attrs++; |
2755 | } |
2756 | if (!pk11_FindAttrInTemplate(keyTemplate, numAttrs, CKA_KEY_TYPE0x00000100UL)) { |
2757 | keyType = PK11_GetKeyType(target, keySize); |
2758 | PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof keyType)(attrs)->type = (0x00000100UL); (attrs)->pValue = (& keyType); (attrs)->ulValueLen = (sizeof keyType);; |
2759 | attrs++; |
2760 | } |
2761 | if ((operation != CKA_FLAGS_ONLY0) && |
2762 | !pk11_FindAttrInTemplate(keyTemplate, numAttrs, operation)) { |
2763 | PK11_SETATTRS(attrs, operation, &cktrue, 1)(attrs)->type = (operation); (attrs)->pValue = (&cktrue ); (attrs)->ulValueLen = (1);; |
2764 | attrs++; |
2765 | } |
2766 | |
2767 | /* |
2768 | * must be last in case we need to use this template to import the key |
2769 | */ |
2770 | if (keySize > 0 && |
2771 | !pk11_FindAttrInTemplate(keyTemplate, numAttrs, CKA_VALUE_LEN0x00000161UL)) { |
2772 | valueLen = (CK_ULONG)keySize; |
2773 | PK11_SETATTRS(attrs, CKA_VALUE_LEN, &valueLen, sizeof valueLen)(attrs)->type = (0x00000161UL); (attrs)->pValue = (& valueLen); (attrs)->ulValueLen = (sizeof valueLen);; |
2774 | attrs++; |
2775 | } |
2776 | |
2777 | templateCount = attrs - keyTemplate; |
2778 | PR_ASSERT(templateCount <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE))((templateCount <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE ))?((void)0):PR_Assert("templateCount <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE)" ,"pk11skey.c",2778)); |
2779 | |
2780 | /* find out if we can do wrap directly. Because the RSA case if *very* |
2781 | * common, cache the results for it. */ |
2782 | if ((wrapType == CKM_RSA_PKCS0x00000001UL) && (slot->hasRSAInfo)) { |
2783 | mechanism_info.flags = slot->RSAInfoFlags; |
2784 | } else { |
2785 | if (!slot->isThreadSafe) |
2786 | PK11_EnterSlotMonitor(slot); |
2787 | crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_GetMechanismInfo(slot->slotID, wrapType, |
2788 | &mechanism_info); |
2789 | if (!slot->isThreadSafe) |
2790 | PK11_ExitSlotMonitor(slot); |
2791 | if (crv != CKR_OK0x00000000UL) { |
2792 | mechanism_info.flags = 0; |
2793 | } |
2794 | if (wrapType == CKM_RSA_PKCS0x00000001UL) { |
2795 | slot->RSAInfoFlags = mechanism_info.flags; |
2796 | slot->hasRSAInfo = PR_TRUE1; |
2797 | } |
2798 | } |
2799 | |
2800 | /* initialize the mechanism structure */ |
2801 | mechanism.mechanism = wrapType; |
2802 | /* use NULL IV's for wrapping */ |
2803 | if (param == NULL((void*)0)) |
2804 | param = param_free = PK11_ParamFromIV(wrapType, NULL((void*)0)); |
2805 | if (param) { |
2806 | mechanism.pParameter = param->data; |
2807 | mechanism.ulParameterLen = param->len; |
2808 | } else { |
2809 | mechanism.pParameter = NULL((void*)0); |
2810 | mechanism.ulParameterLen = 0; |
2811 | } |
2812 | |
2813 | if ((mechanism_info.flags & CKF_DECRYPT0x00000200UL) && !PK11_DoesMechanism(slot, target)) { |
2814 | symKey = pk11_HandUnwrap(slot, wrappingKey, &mechanism, wrappedKey, |
2815 | target, keyTemplate, templateCount, keySize, |
2816 | wincx, &crv, isPerm); |
2817 | if (symKey) { |
2818 | if (param_free) |
2819 | SECITEM_FreeItemSECITEM_FreeItem_Util(param_free, PR_TRUE1); |
2820 | return symKey; |
2821 | } |
2822 | /* |
2823 | * if the RSA OP simply failed, don't try to unwrap again |
2824 | * with this module. |
2825 | */ |
2826 | if (crv == CKR_DEVICE_ERROR0x00000030UL) { |
2827 | if (param_free) |
2828 | SECITEM_FreeItemSECITEM_FreeItem_Util(param_free, PR_TRUE1); |
2829 | return NULL((void*)0); |
2830 | } |
2831 | /* fall through, maybe they incorrectly set CKF_DECRYPT */ |
2832 | } |
2833 | |
2834 | /* get our key Structure */ |
2835 | symKey = pk11_CreateSymKey(slot, target, !isPerm, PR_TRUE1, wincx); |
2836 | if (symKey == NULL((void*)0)) { |
2837 | if (param_free) |
2838 | SECITEM_FreeItemSECITEM_FreeItem_Util(param_free, PR_TRUE1); |
2839 | return NULL((void*)0); |
2840 | } |
2841 | |
2842 | symKey->size = keySize; |
2843 | symKey->origin = PK11_OriginUnwrap; |
2844 | |
2845 | if (isPerm) { |
2846 | rwsession = PK11_GetRWSession(slot); |
2847 | } else { |
2848 | pk11_EnterKeyMonitor(symKey); |
2849 | rwsession = symKey->session; |
2850 | } |
2851 | PORT_Assert(rwsession != CK_INVALID_HANDLE)((rwsession != 0)?((void)0):PR_Assert("rwsession != CK_INVALID_HANDLE" ,"pk11skey.c",2851)); |
2852 | if (rwsession == CK_INVALID_HANDLE0) |
2853 | crv = CKR_SESSION_HANDLE_INVALID0x000000B3UL; |
2854 | else |
2855 | crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_UnwrapKey(rwsession, &mechanism, wrappingKey, |
2856 | wrappedKey->data, wrappedKey->len, |
2857 | keyTemplate, templateCount, |
2858 | &symKey->objectID); |
2859 | if (isPerm) { |
2860 | if (rwsession != CK_INVALID_HANDLE0) |
2861 | PK11_RestoreROSession(slot, rwsession); |
2862 | } else { |
2863 | pk11_ExitKeyMonitor(symKey); |
2864 | } |
2865 | if (param_free) |
2866 | SECITEM_FreeItemSECITEM_FreeItem_Util(param_free, PR_TRUE1); |
2867 | if (crv != CKR_OK0x00000000UL) { |
2868 | PK11_FreeSymKey(symKey); |
2869 | symKey = NULL((void*)0); |
2870 | if (crv != CKR_DEVICE_ERROR0x00000030UL) { |
2871 | /* try hand Unwrapping */ |
2872 | symKey = pk11_HandUnwrap(slot, wrappingKey, &mechanism, wrappedKey, |
2873 | target, keyTemplate, templateCount, |
2874 | keySize, wincx, NULL((void*)0), isPerm); |
2875 | } |
2876 | } |
2877 | |
2878 | return symKey; |
2879 | } |
2880 | |
2881 | /* use a symetric key to unwrap another symetric key */ |
2882 | PK11SymKey * |
2883 | PK11_UnwrapSymKey(PK11SymKey *wrappingKey, CK_MECHANISM_TYPE wrapType, |
2884 | SECItem *param, SECItem *wrappedKey, |
2885 | CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, |
2886 | int keySize) |
2887 | { |
2888 | return pk11_AnyUnwrapKey(wrappingKey->slot, wrappingKey->objectID, |
2889 | wrapType, param, wrappedKey, target, operation, keySize, |
2890 | wrappingKey->cx, NULL((void*)0), 0, PR_FALSE0); |
2891 | } |
2892 | |
2893 | /* use a symetric key to unwrap another symetric key */ |
2894 | PK11SymKey * |
2895 | PK11_UnwrapSymKeyWithFlags(PK11SymKey *wrappingKey, CK_MECHANISM_TYPE wrapType, |
2896 | SECItem *param, SECItem *wrappedKey, |
2897 | CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, |
2898 | int keySize, CK_FLAGS flags) |
2899 | { |
2900 | CK_BBOOL ckTrue = CK_TRUE1; |
2901 | CK_ATTRIBUTE keyTemplate[MAX_TEMPL_ATTRS16]; |
2902 | unsigned int templateCount; |
2903 | |
2904 | templateCount = pk11_OpFlagsToAttributes(flags, keyTemplate, &ckTrue); |
2905 | return pk11_AnyUnwrapKey(wrappingKey->slot, wrappingKey->objectID, |
2906 | wrapType, param, wrappedKey, target, operation, keySize, |
2907 | wrappingKey->cx, keyTemplate, templateCount, PR_FALSE0); |
2908 | } |
2909 | |
2910 | PK11SymKey * |
2911 | PK11_UnwrapSymKeyWithFlagsPerm(PK11SymKey *wrappingKey, |
2912 | CK_MECHANISM_TYPE wrapType, |
2913 | SECItem *param, SECItem *wrappedKey, |
2914 | CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, |
2915 | int keySize, CK_FLAGS flags, PRBool isPerm) |
2916 | { |
2917 | CK_BBOOL cktrue = CK_TRUE1; |
2918 | CK_ATTRIBUTE keyTemplate[MAX_TEMPL_ATTRS16]; |
2919 | CK_ATTRIBUTE *attrs; |
2920 | unsigned int templateCount; |
2921 | |
2922 | attrs = keyTemplate; |
2923 | if (isPerm) { |
2924 | PK11_SETATTRS(attrs, CKA_TOKEN, &cktrue, sizeof(CK_BBOOL))(attrs)->type = (0x00000001UL); (attrs)->pValue = (& cktrue); (attrs)->ulValueLen = (sizeof(CK_BBOOL));; |
2925 | attrs++; |
2926 | } |
2927 | templateCount = attrs - keyTemplate; |
2928 | templateCount += pk11_OpFlagsToAttributes(flags, attrs, &cktrue); |
2929 | |
2930 | return pk11_AnyUnwrapKey(wrappingKey->slot, wrappingKey->objectID, |
2931 | wrapType, param, wrappedKey, target, operation, keySize, |
2932 | wrappingKey->cx, keyTemplate, templateCount, isPerm); |
2933 | } |
2934 | |
2935 | /* unwrap a symmetric key with a private key. Only supports CKM_RSA_PKCS. */ |
2936 | PK11SymKey * |
2937 | PK11_PubUnwrapSymKey(SECKEYPrivateKey *wrappingKey, SECItem *wrappedKey, |
2938 | CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, int keySize) |
2939 | { |
2940 | CK_MECHANISM_TYPE wrapType = pk11_mapWrapKeyType(wrappingKey->keyType); |
2941 | |
2942 | return PK11_PubUnwrapSymKeyWithMechanism(wrappingKey, wrapType, NULL((void*)0), |
2943 | wrappedKey, target, operation, |
2944 | keySize); |
2945 | } |
2946 | |
2947 | /* unwrap a symmetric key with a private key with the given parameters. */ |
2948 | PK11SymKey * |
2949 | PK11_PubUnwrapSymKeyWithMechanism(SECKEYPrivateKey *wrappingKey, |
2950 | CK_MECHANISM_TYPE mechType, SECItem *param, |
2951 | SECItem *wrappedKey, CK_MECHANISM_TYPE target, |
2952 | CK_ATTRIBUTE_TYPE operation, int keySize) |
2953 | { |
2954 | PK11SlotInfo *slot = wrappingKey->pkcs11Slot; |
2955 | |
2956 | if (SECKEY_HAS_ATTRIBUTE_SET(wrappingKey, CKA_PRIVATE)(0 != (wrappingKey->staticflags & 0x1)) ? (0 != (wrappingKey ->staticflags & (1U << 1))) : PK11_HasAttributeSet (wrappingKey->pkcs11Slot, wrappingKey->pkcs11ID, 0x00000002UL , 0)) { |
2957 | PK11_HandlePasswordCheck(slot, wrappingKey->wincx); |
2958 | } |
2959 | |
2960 | return pk11_AnyUnwrapKey(slot, wrappingKey->pkcs11ID, mechType, param, |
2961 | wrappedKey, target, operation, keySize, |
2962 | wrappingKey->wincx, NULL((void*)0), 0, PR_FALSE0); |
2963 | } |
2964 | |
2965 | /* unwrap a symetric key with a private key. */ |
2966 | PK11SymKey * |
2967 | PK11_PubUnwrapSymKeyWithFlags(SECKEYPrivateKey *wrappingKey, |
2968 | SECItem *wrappedKey, CK_MECHANISM_TYPE target, |
2969 | CK_ATTRIBUTE_TYPE operation, int keySize, CK_FLAGS flags) |
2970 | { |
2971 | CK_MECHANISM_TYPE wrapType = pk11_mapWrapKeyType(wrappingKey->keyType); |
2972 | CK_BBOOL ckTrue = CK_TRUE1; |
2973 | CK_ATTRIBUTE keyTemplate[MAX_TEMPL_ATTRS16]; |
2974 | unsigned int templateCount; |
2975 | PK11SlotInfo *slot = wrappingKey->pkcs11Slot; |
2976 | |
2977 | templateCount = pk11_OpFlagsToAttributes(flags, keyTemplate, &ckTrue); |
2978 | |
2979 | if (SECKEY_HAS_ATTRIBUTE_SET(wrappingKey, CKA_PRIVATE)(0 != (wrappingKey->staticflags & 0x1)) ? (0 != (wrappingKey ->staticflags & (1U << 1))) : PK11_HasAttributeSet (wrappingKey->pkcs11Slot, wrappingKey->pkcs11ID, 0x00000002UL , 0)) { |
2980 | PK11_HandlePasswordCheck(slot, wrappingKey->wincx); |
2981 | } |
2982 | |
2983 | return pk11_AnyUnwrapKey(slot, wrappingKey->pkcs11ID, |
2984 | wrapType, NULL((void*)0), wrappedKey, target, operation, keySize, |
2985 | wrappingKey->wincx, keyTemplate, templateCount, PR_FALSE0); |
2986 | } |
2987 | |
2988 | PK11SymKey * |
2989 | PK11_PubUnwrapSymKeyWithFlagsPerm(SECKEYPrivateKey *wrappingKey, |
2990 | SECItem *wrappedKey, CK_MECHANISM_TYPE target, |
2991 | CK_ATTRIBUTE_TYPE operation, int keySize, |
2992 | CK_FLAGS flags, PRBool isPerm) |
2993 | { |
2994 | CK_MECHANISM_TYPE wrapType = pk11_mapWrapKeyType(wrappingKey->keyType); |
2995 | CK_BBOOL cktrue = CK_TRUE1; |
2996 | CK_ATTRIBUTE keyTemplate[MAX_TEMPL_ATTRS16]; |
2997 | CK_ATTRIBUTE *attrs; |
2998 | unsigned int templateCount; |
2999 | PK11SlotInfo *slot = wrappingKey->pkcs11Slot; |
3000 | |
3001 | attrs = keyTemplate; |
3002 | if (isPerm) { |
3003 | PK11_SETATTRS(attrs, CKA_TOKEN, &cktrue, sizeof(CK_BBOOL))(attrs)->type = (0x00000001UL); (attrs)->pValue = (& cktrue); (attrs)->ulValueLen = (sizeof(CK_BBOOL));; |
3004 | attrs++; |
3005 | } |
3006 | templateCount = attrs - keyTemplate; |
3007 | |
3008 | templateCount += pk11_OpFlagsToAttributes(flags, attrs, &cktrue); |
3009 | |
3010 | if (SECKEY_HAS_ATTRIBUTE_SET(wrappingKey, CKA_PRIVATE)(0 != (wrappingKey->staticflags & 0x1)) ? (0 != (wrappingKey ->staticflags & (1U << 1))) : PK11_HasAttributeSet (wrappingKey->pkcs11Slot, wrappingKey->pkcs11ID, 0x00000002UL , 0)) { |
3011 | PK11_HandlePasswordCheck(slot, wrappingKey->wincx); |
3012 | } |
3013 | |
3014 | return pk11_AnyUnwrapKey(slot, wrappingKey->pkcs11ID, |
3015 | wrapType, NULL((void*)0), wrappedKey, target, operation, keySize, |
3016 | wrappingKey->wincx, keyTemplate, templateCount, isPerm); |
3017 | } |
3018 | |
3019 | PK11SymKey * |
3020 | PK11_CopySymKeyForSigning(PK11SymKey *originalKey, CK_MECHANISM_TYPE mech) |
3021 | { |
3022 | CK_RV crv; |
3023 | CK_ATTRIBUTE setTemplate; |
3024 | CK_BBOOL ckTrue = CK_TRUE1; |
3025 | PK11SlotInfo *slot = originalKey->slot; |
3026 | |
3027 | /* first just try to set this key up for signing */ |
3028 | PK11_SETATTRS(&setTemplate, CKA_SIGN, &ckTrue, sizeof(ckTrue))(&setTemplate)->type = (0x00000108UL); (&setTemplate )->pValue = (&ckTrue); (&setTemplate)->ulValueLen = (sizeof(ckTrue));; |
3029 | pk11_EnterKeyMonitor(originalKey); |
3030 | crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_SetAttributeValue(originalKey->session, |
3031 | originalKey->objectID, &setTemplate, 1); |
3032 | pk11_ExitKeyMonitor(originalKey); |
3033 | if (crv == CKR_OK0x00000000UL) { |
3034 | return PK11_ReferenceSymKey(originalKey); |
3035 | } |
3036 | |
3037 | /* nope, doesn't like it, use the pk11 copy object command */ |
3038 | return pk11_CopyToSlot(slot, mech, CKA_SIGN0x00000108UL, originalKey); |
3039 | } |
3040 | |
3041 | void |
3042 | PK11_SetFortezzaHack(PK11SymKey *symKey) |
3043 | { |
3044 | symKey->origin = PK11_OriginFortezzaHack; |
3045 | } |
3046 | |
3047 | /* |
3048 | * This is required to allow FORTEZZA_NULL and FORTEZZA_RC4 |
3049 | * working. This function simply gets a valid IV for the keys. |
3050 | */ |
3051 | SECStatus |
3052 | PK11_GenerateFortezzaIV(PK11SymKey *symKey, unsigned char *iv, int len) |
3053 | { |
3054 | CK_MECHANISM mech_info; |
3055 | CK_ULONG count = 0; |
3056 | CK_RV crv; |
3057 | SECStatus rv = SECFailure; |
3058 | |
3059 | mech_info.mechanism = CKM_SKIPJACK_CBC640x00001002UL; |
3060 | mech_info.pParameter = iv; |
3061 | mech_info.ulParameterLen = len; |
3062 | |
3063 | /* generate the IV for fortezza */ |
3064 | PK11_EnterSlotMonitor(symKey->slot); |
3065 | crv = PK11_GETTAB(symKey->slot)((CK_FUNCTION_LIST_3_0_PTR)((symKey->slot)->functionList ))->C_EncryptInit(symKey->slot->session, &mech_info, symKey->objectID); |
3066 | if (crv == CKR_OK0x00000000UL) { |
3067 | PK11_GETTAB(symKey->slot)((CK_FUNCTION_LIST_3_0_PTR)((symKey->slot)->functionList ))->C_EncryptFinal(symKey->slot->session, NULL((void*)0), &count); |
3068 | rv = SECSuccess; |
3069 | } |
3070 | PK11_ExitSlotMonitor(symKey->slot); |
3071 | return rv; |
3072 | } |
3073 | |
3074 | CK_OBJECT_HANDLE |
3075 | PK11_GetSymKeyHandle(PK11SymKey *symKey) |
3076 | { |
3077 | return symKey->objectID; |
3078 | } |
3079 | |
3080 | static CK_ULONG |
3081 | pk11_KyberCiphertextLength(SECKEYKyberPublicKey *pubKey) |
3082 | { |
3083 | switch (pubKey->params) { |
3084 | case params_kyber768_round3: |
3085 | case params_kyber768_round3_test_mode: |
3086 | return KYBER768_CIPHERTEXT_BYTES1088U; |
3087 | default: |
3088 | // unreachable |
3089 | return 0; |
3090 | } |
3091 | } |
3092 | |
3093 | static CK_ULONG |
3094 | pk11_KEMCiphertextLength(SECKEYPublicKey *pubKey) |
3095 | { |
3096 | switch (pubKey->keyType) { |
3097 | case kyberKey: |
3098 | return pk11_KyberCiphertextLength(&pubKey->u.kyber); |
3099 | default: |
3100 | // unreachable |
3101 | PORT_Assert(0)((0)?((void)0):PR_Assert("0","pk11skey.c",3101)); |
3102 | return 0; |
3103 | } |
3104 | } |
3105 | |
3106 | SECStatus |
3107 | PK11_Encapsulate(SECKEYPublicKey *pubKey, CK_MECHANISM_TYPE target, PK11AttrFlags attrFlags, CK_FLAGS opFlags, PK11SymKey **outKey, SECItem **outCiphertext) |
3108 | { |
3109 | PORT_Assert(pubKey)((pubKey)?((void)0):PR_Assert("pubKey","pk11skey.c",3109)); |
3110 | PORT_Assert(outKey)((outKey)?((void)0):PR_Assert("outKey","pk11skey.c",3110)); |
3111 | PORT_Assert(outCiphertext)((outCiphertext)?((void)0):PR_Assert("outCiphertext","pk11skey.c" ,3111)); |
3112 | |
3113 | PK11SlotInfo *slot = pubKey->pkcs11Slot; |
3114 | |
3115 | PK11SymKey *sharedSecret = NULL((void*)0); |
3116 | SECItem *ciphertext = NULL((void*)0); |
3117 | |
3118 | CK_ATTRIBUTE keyTemplate[MAX_TEMPL_ATTRS16]; |
3119 | unsigned int templateCount; |
3120 | |
3121 | CK_ATTRIBUTE *attrs; |
3122 | CK_BBOOL cktrue = CK_TRUE1; |
3123 | CK_BBOOL ckfalse = CK_FALSE0; |
3124 | CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY0x00000004UL; |
3125 | CK_KEY_TYPE keyType = CKK_GENERIC_SECRET0x00000010UL; |
3126 | |
3127 | CK_INTERFACE_PTR KEMInterface = NULL((void*)0); |
3128 | CK_UTF8CHAR_PTR KEMInterfaceName = (CK_UTF8CHAR_PTR) "Vendor NSS KEM Interface"; |
3129 | CK_VERSION KEMInterfaceVersion = { 1, 0 }; |
3130 | CK_NSS_KEM_FUNCTIONS *KEMInterfaceFunctions = NULL((void*)0); |
3131 | |
3132 | CK_RV crv; |
3133 | |
3134 | *outKey = NULL((void*)0); |
3135 | *outCiphertext = NULL((void*)0); |
3136 | |
3137 | CK_MECHANISM_TYPE kemType; |
3138 | switch (pubKey->keyType) { |
3139 | case kyberKey: |
3140 | kemType = CKM_NSS_KYBER((0x80000000UL | 0x4E534350) + 46); |
3141 | break; |
3142 | default: |
3143 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_LIBRARY_FAILURE); |
3144 | return SECFailure; |
3145 | } |
3146 | |
3147 | CK_NSS_KEM_PARAMETER_SET_TYPE kemParameterSet = PK11_ReadULongAttribute(slot, pubKey->pkcs11ID, CKA_NSS_PARAMETER_SET((0x80000000UL | 0x4E534350) + 40)); |
3148 | CK_MECHANISM mech = { kemType, &kemParameterSet, sizeof(kemParameterSet) }; |
3149 | |
3150 | sharedSecret = pk11_CreateSymKey(slot, target, PR_TRUE1, PR_TRUE1, NULL((void*)0)); |
3151 | if (sharedSecret == NULL((void*)0)) { |
3152 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY); |
3153 | return SECFailure; |
3154 | } |
3155 | sharedSecret->origin = PK11_OriginGenerated; |
3156 | |
3157 | attrs = keyTemplate; |
3158 | PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, sizeof(keyClass))(attrs)->type = (0x00000000UL); (attrs)->pValue = (& keyClass); (attrs)->ulValueLen = (sizeof(keyClass));; |
3159 | attrs++; |
3160 | |
3161 | PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof(keyType))(attrs)->type = (0x00000100UL); (attrs)->pValue = (& keyType); (attrs)->ulValueLen = (sizeof(keyType));; |
3162 | attrs++; |
3163 | |
3164 | attrs += pk11_AttrFlagsToAttributes(attrFlags, attrs, &cktrue, &ckfalse); |
3165 | attrs += pk11_OpFlagsToAttributes(opFlags, attrs, &cktrue); |
3166 | |
3167 | templateCount = attrs - keyTemplate; |
3168 | PR_ASSERT(templateCount <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE))((templateCount <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE ))?((void)0):PR_Assert("templateCount <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE)" ,"pk11skey.c",3168)); |
3169 | |
3170 | crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_GetInterface(KEMInterfaceName, &KEMInterfaceVersion, &KEMInterface, 0); |
3171 | if (crv != CKR_OK0x00000000UL) { |
3172 | goto error; |
3173 | } |
3174 | KEMInterfaceFunctions = (CK_NSS_KEM_FUNCTIONS *)(KEMInterface->pFunctionList); |
3175 | |
3176 | CK_ULONG ciphertextLen = pk11_KEMCiphertextLength(pubKey); |
3177 | ciphertext = SECITEM_AllocItemSECITEM_AllocItem_Util(NULL((void*)0), NULL((void*)0), ciphertextLen); |
3178 | if (ciphertext == NULL((void*)0)) { |
3179 | crv = CKR_HOST_MEMORY0x00000002UL; |
3180 | goto error; |
3181 | } |
3182 | |
3183 | pk11_EnterKeyMonitor(sharedSecret); |
3184 | crv = KEMInterfaceFunctions->C_Encapsulate(sharedSecret->session, |
3185 | &mech, |
3186 | pubKey->pkcs11ID, |
3187 | keyTemplate, |
3188 | templateCount, |
3189 | &sharedSecret->objectID, |
3190 | ciphertext->data, |
3191 | &ciphertextLen); |
3192 | pk11_ExitKeyMonitor(sharedSecret); |
3193 | if (crv != CKR_OK0x00000000UL) { |
3194 | goto error; |
3195 | } |
3196 | |
3197 | PORT_Assert(ciphertextLen == ciphertext->len)((ciphertextLen == ciphertext->len)?((void)0):PR_Assert("ciphertextLen == ciphertext->len" ,"pk11skey.c",3197)); |
3198 | |
3199 | *outKey = sharedSecret; |
3200 | *outCiphertext = ciphertext; |
3201 | |
3202 | return SECSuccess; |
3203 | |
3204 | error: |
3205 | PORT_SetErrorPORT_SetError_Util(PK11_MapError(crv)); |
3206 | PK11_FreeSymKey(sharedSecret); |
3207 | SECITEM_FreeItemSECITEM_FreeItem_Util(ciphertext, PR_TRUE1); |
3208 | return SECFailure; |
3209 | } |
3210 | |
3211 | SECStatus |
3212 | PK11_Decapsulate(SECKEYPrivateKey *privKey, const SECItem *ciphertext, CK_MECHANISM_TYPE target, PK11AttrFlags attrFlags, CK_FLAGS opFlags, PK11SymKey **outKey) |
3213 | { |
3214 | PORT_Assert(privKey)((privKey)?((void)0):PR_Assert("privKey","pk11skey.c",3214)); |
3215 | PORT_Assert(ciphertext)((ciphertext)?((void)0):PR_Assert("ciphertext","pk11skey.c",3215 )); |
3216 | PORT_Assert(outKey)((outKey)?((void)0):PR_Assert("outKey","pk11skey.c",3216)); |
3217 | |
3218 | PK11SlotInfo *slot = privKey->pkcs11Slot; |
3219 | |
3220 | PK11SymKey *sharedSecret; |
3221 | |
3222 | CK_ATTRIBUTE keyTemplate[MAX_TEMPL_ATTRS16]; |
3223 | unsigned int templateCount; |
3224 | |
3225 | CK_ATTRIBUTE *attrs; |
3226 | CK_BBOOL cktrue = CK_TRUE1; |
3227 | CK_BBOOL ckfalse = CK_FALSE0; |
3228 | CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY0x00000004UL; |
3229 | CK_KEY_TYPE keyType = CKK_GENERIC_SECRET0x00000010UL; |
3230 | |
3231 | CK_INTERFACE_PTR KEMInterface = NULL((void*)0); |
3232 | CK_UTF8CHAR_PTR KEMInterfaceName = (CK_UTF8CHAR_PTR) "Vendor NSS KEM Interface"; |
3233 | CK_VERSION KEMInterfaceVersion = { 1, 0 }; |
3234 | CK_NSS_KEM_FUNCTIONS *KEMInterfaceFunctions = NULL((void*)0); |
3235 | |
3236 | CK_RV crv; |
3237 | |
3238 | *outKey = NULL((void*)0); |
3239 | |
3240 | CK_MECHANISM_TYPE kemType; |
3241 | switch (privKey->keyType) { |
3242 | case kyberKey: |
3243 | kemType = CKM_NSS_KYBER((0x80000000UL | 0x4E534350) + 46); |
3244 | break; |
3245 | default: |
3246 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_LIBRARY_FAILURE); |
3247 | return SECFailure; |
3248 | } |
3249 | |
3250 | CK_NSS_KEM_PARAMETER_SET_TYPE kemParameterSet = PK11_ReadULongAttribute(slot, privKey->pkcs11ID, CKA_NSS_PARAMETER_SET((0x80000000UL | 0x4E534350) + 40)); |
3251 | CK_MECHANISM mech = { kemType, &kemParameterSet, sizeof(kemParameterSet) }; |
3252 | |
3253 | sharedSecret = pk11_CreateSymKey(slot, target, PR_TRUE1, PR_TRUE1, NULL((void*)0)); |
3254 | if (sharedSecret == NULL((void*)0)) { |
3255 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY); |
3256 | return SECFailure; |
3257 | } |
3258 | sharedSecret->origin = PK11_OriginUnwrap; |
3259 | |
3260 | attrs = keyTemplate; |
3261 | PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, sizeof(keyClass))(attrs)->type = (0x00000000UL); (attrs)->pValue = (& keyClass); (attrs)->ulValueLen = (sizeof(keyClass));; |
3262 | attrs++; |
3263 | |
3264 | PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof(keyType))(attrs)->type = (0x00000100UL); (attrs)->pValue = (& keyType); (attrs)->ulValueLen = (sizeof(keyType));; |
3265 | attrs++; |
3266 | |
3267 | attrs += pk11_AttrFlagsToAttributes(attrFlags, attrs, &cktrue, &ckfalse); |
3268 | attrs += pk11_OpFlagsToAttributes(opFlags, attrs, &cktrue); |
3269 | |
3270 | templateCount = attrs - keyTemplate; |
3271 | PR_ASSERT(templateCount <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE))((templateCount <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE ))?((void)0):PR_Assert("templateCount <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE)" ,"pk11skey.c",3271)); |
3272 | |
3273 | crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_GetInterface(KEMInterfaceName, &KEMInterfaceVersion, &KEMInterface, 0); |
3274 | if (crv != CKR_OK0x00000000UL) { |
3275 | PORT_SetErrorPORT_SetError_Util(PK11_MapError(crv)); |
3276 | goto error; |
3277 | } |
3278 | KEMInterfaceFunctions = (CK_NSS_KEM_FUNCTIONS *)(KEMInterface->pFunctionList); |
3279 | |
3280 | pk11_EnterKeyMonitor(sharedSecret); |
3281 | crv = KEMInterfaceFunctions->C_Decapsulate(sharedSecret->session, |
3282 | &mech, |
3283 | privKey->pkcs11ID, |
3284 | ciphertext->data, |
3285 | ciphertext->len, |
3286 | keyTemplate, |
3287 | templateCount, |
3288 | &sharedSecret->objectID); |
3289 | pk11_ExitKeyMonitor(sharedSecret); |
3290 | if (crv != CKR_OK0x00000000UL) { |
3291 | goto error; |
3292 | } |
3293 | |
3294 | *outKey = sharedSecret; |
3295 | return SECSuccess; |
3296 | |
3297 | error: |
3298 | PK11_FreeSymKey(sharedSecret); |
3299 | return SECFailure; |
3300 | } |