/root/firefox-clang/security/nss/lib/pk11wrap/pk11skey.c

Bug Summary

File:	root/firefox-clang/security/nss/lib/pk11wrap/pk11skey.c
Warning:	line 382, column 9 Value stored to 'type' is never read

Annotated Source Code

Press '?' to see keyboard shortcuts

Show analyzer invocation

clang -cc1 -cc1 -triple x86_64-pc-linux-gnu -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name pk11skey.c -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -analyzer-config-compatibility-mode=true -mrelocation-model pic -pic-level 2 -fhalf-no-semantic-interposition -mframe-pointer=all -relaxed-aliasing -ffp-contract=off -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fdebug-compilation-dir=/root/firefox-clang/obj-x86_64-pc-linux-gnu/security/nss/lib/pk11wrap/pk11wrap_pk11wrap -fcoverage-compilation-dir=/root/firefox-clang/obj-x86_64-pc-linux-gnu/security/nss/lib/pk11wrap/pk11wrap_pk11wrap -resource-dir /usr/lib/llvm-21/lib/clang/21 -include /root/firefox-clang/obj-x86_64-pc-linux-gnu/mozilla-config.h -U _FORTIFY_SOURCE -D _FORTIFY_SOURCE=2 -D _GLIBCXX_ASSERTIONS -D DEBUG -D SHLIB_SUFFIX="so" -D SHLIB_PREFIX="lib" -D NSS_SHLIB_VERSION="3" -D SOFTOKEN_SHLIB_VERSION="3" -D NSS_FIPS_DISABLED -D NSS_NO_INIT_SUPPORT -D NSS_X86_OR_X64 -D NSS_X64 -D NSS_USE_64 -D USE_UTIL_DIRECTLY -D NO_NSPR_10_SUPPORT -D SSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -D LINUX2_1 -D LINUX -D linux -D _DEFAULT_SOURCE -D _BSD_SOURCE -D _POSIX_SOURCE -D SDB_MEASURE_USE_TEMP_DIR -D HAVE_STRERROR -D XP_UNIX -D _REENTRANT -D NSS_DISABLE_DBM -D NSS_DISABLE_LIBPKIX -I /root/firefox-clang/security/nss/lib/pk11wrap -I /root/firefox-clang/obj-x86_64-pc-linux-gnu/security/nss/lib/pk11wrap/pk11wrap_pk11wrap -I /root/firefox-clang/obj-x86_64-pc-linux-gnu/dist/include/nspr -I /root/firefox-clang/obj-x86_64-pc-linux-gnu/dist/include/private/nss -I /root/firefox-clang/obj-x86_64-pc-linux-gnu/dist/include/nss -I /root/firefox-clang/obj-x86_64-pc-linux-gnu/dist/include -D MOZILLA_CLIENT -internal-isystem /usr/lib/llvm-21/lib/clang/21/include -internal-isystem /usr/local/include -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/14/../../../../x86_64-linux-gnu/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -O2 -Wno-error=tautological-type-limit-compare -Wno-range-loop-analysis -Wno-error=deprecated-declarations -Wno-error=array-bounds -Wno-error=free-nonheap-object -Wno-error=atomic-alignment -Wno-error=deprecated-builtins -Wno-psabi -Wno-error=builtin-macro-redefined -Wno-unknown-warning-option -ferror-limit 19 -fstrict-flex-arrays=1 -stack-protector 2 -fstack-clash-protection -ftrivial-auto-var-init=pattern -fgnuc-version=4.2.1 -fskip-odr-check-in-gmf -vectorize-loops -vectorize-slp -analyzer-checker optin.performance.Padding -analyzer-output=html -analyzer-config stable-report-filename=true -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /tmp/scan-build-2025-06-27-100320-3286336-1 -x c /root/firefox-clang/security/nss/lib/pk11wrap/pk11skey.c

1	/* This Source Code Form is subject to the terms of the Mozilla Public
2	* License, v. 2.0. If a copy of the MPL was not distributed with this
3	* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4	/*
5	* This file implements the Symkey wrapper and the PKCS context
6	* Interfaces.
7	*/
8
9	#include <stddef.h>
10	#include <limits.h>
11
12	#include "seccomon.h"
13	#include "secmod.h"
14	#include "nssilock.h"
15	#include "secmodi.h"
16	#include "secmodti.h"
17	#include "pkcs11.h"
18	#include "pk11func.h"
19	#include "secitem.h"
20	#include "secoid.h"
21	#include "secerr.h"
22	#include "hasht.h"
23
24	static ECPointEncoding pk11_ECGetPubkeyEncoding(const SECKEYPublicKey *pubKey);
25
26	static void
27	pk11_EnterKeyMonitor(PK11SymKey *symKey)
28	{
29	if (!symKey->sessionOwner \|\| !(symKey->slot->isThreadSafe))
30	PK11_EnterSlotMonitor(symKey->slot);
31	}
32
33	static void
34	pk11_ExitKeyMonitor(PK11SymKey *symKey)
35	{
36	if (!symKey->sessionOwner \|\| !(symKey->slot->isThreadSafe))
37	PK11_ExitSlotMonitor(symKey->slot);
38	}
39
40	/*
41	* pk11_getKeyFromList returns a symKey that has a session (if needSession
42	* was specified), or explicitly does not have a session (if needSession
43	* was not specified).
44	*/
45	static PK11SymKey *
46	pk11_getKeyFromList(PK11SlotInfo *slot, PRBool needSession)
47	{
48	PK11SymKey symKey = NULL((void)0);
49
50	PZ_Lock(slot->freeListLock)PR_Lock((slot->freeListLock));
51	/* own session list are symkeys with sessions that the symkey owns.
52	* 'most' symkeys will own their own session. */
53	if (needSession) {
54	if (slot->freeSymKeysWithSessionHead) {
55	symKey = slot->freeSymKeysWithSessionHead;
56	slot->freeSymKeysWithSessionHead = symKey->next;
57	slot->keyCount--;
58	}
59	}
60	/* if we don't need a symkey with its own session, or we couldn't find
61	* one on the owner list, get one from the non-owner free list. */
62	if (!symKey) {
63	if (slot->freeSymKeysHead) {
64	symKey = slot->freeSymKeysHead;
65	slot->freeSymKeysHead = symKey->next;
66	slot->keyCount--;
67	}
68	}
69	PZ_Unlock(slot->freeListLock)PR_Unlock((slot->freeListLock));
70	if (symKey) {
71	symKey->next = NULL((void*)0);
72	if (!needSession) {
73	return symKey;
74	}
75	/* if we are getting an owner key, make sure we have a valid session.
76	* session could be invalid if the token has been removed or because
77	* we got it from the non-owner free list */
78	if ((symKey->series != slot->series) \|\|
79	(symKey->session == CK_INVALID_HANDLE0)) {
80	symKey->session = pk11_GetNewSession(slot, &symKey->sessionOwner);
81	}
82	PORT_Assert(symKey->session != CK_INVALID_HANDLE)((symKey->session != 0)?((void)0):PR_Assert("symKey->session != CK_INVALID_HANDLE" ,"/root/firefox-clang/security/nss/lib/pk11wrap/pk11skey.c",82 ));
83	if (symKey->session != CK_INVALID_HANDLE0)
84	return symKey;
85	PK11_FreeSymKey(symKey);
86	/* if we are here, we need a session, but couldn't get one, it's
87	* unlikely we pk11_GetNewSession will succeed if we call it a second
88	* time. */
89	return NULL((void*)0);
90	}
91
92	symKey = PORT_New(PK11SymKey)(PK11SymKey *)PORT_Alloc_Util(sizeof(PK11SymKey));
93	if (symKey == NULL((void*)0)) {
94	return NULL((void*)0);
95	}
96
97	symKey->next = NULL((void*)0);
98	if (needSession) {
99	symKey->session = pk11_GetNewSession(slot, &symKey->sessionOwner);
100	PORT_Assert(symKey->session != CK_INVALID_HANDLE)((symKey->session != 0)?((void)0):PR_Assert("symKey->session != CK_INVALID_HANDLE" ,"/root/firefox-clang/security/nss/lib/pk11wrap/pk11skey.c",100 ));
101	if (symKey->session == CK_INVALID_HANDLE0) {
102	PK11_FreeSymKey(symKey);
103	symKey = NULL((void*)0);
104	}
105	} else {
106	symKey->session = CK_INVALID_HANDLE0;
107	}
108	return symKey;
109	}
110
111	/* Caller MUST hold slot->freeListLock (or ref count == 0?) !! */
112	void
113	PK11_CleanKeyList(PK11SlotInfo *slot)
114	{
115	PK11SymKey symKey = NULL((void)0);
116
117	while (slot->freeSymKeysWithSessionHead) {
118	symKey = slot->freeSymKeysWithSessionHead;
119	slot->freeSymKeysWithSessionHead = symKey->next;
120	pk11_CloseSession(slot, symKey->session, symKey->sessionOwner);
121	PORT_FreePORT_Free_Util(symKey);
122	}
123	while (slot->freeSymKeysHead) {
124	symKey = slot->freeSymKeysHead;
125	slot->freeSymKeysHead = symKey->next;
126	pk11_CloseSession(slot, symKey->session, symKey->sessionOwner);
127	PORT_FreePORT_Free_Util(symKey);
128	}
129	return;
130	}
131
132	/*
133	* create a symetric key:
134	* Slot is the slot to create the key in.
135	* type is the mechanism type
136	* owner is does this symKey structure own it's object handle (rare
137	* that this is false).
138	* needSession means the returned symKey will return with a valid session
139	* allocated already.
140	*/
141	static PK11SymKey *
142	pk11_CreateSymKey(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
143	PRBool owner, PRBool needSession, void *wincx)
144	{
145
146	PK11SymKey *symKey = pk11_getKeyFromList(slot, needSession);
147
148	if (symKey == NULL((void*)0)) {
149	return NULL((void*)0);
150	}
151	/* if needSession was specified, make sure we have a valid session.
152	* callers which specify needSession as false should do their own
153	* check of the session before returning the symKey */
154	if (needSession && symKey->session == CK_INVALID_HANDLE0) {
155	PK11_FreeSymKey(symKey);
156	PORT_SetErrorPORT_SetError_Util(SEC_ERROR_LIBRARY_FAILURE);
157	return NULL((void*)0);
158	}
159
160	symKey->type = type;
161	symKey->data.type = siBuffer;
162	symKey->data.data = NULL((void*)0);
163	symKey->data.len = 0;
164	symKey->owner = owner;
165	symKey->objectID = CK_INVALID_HANDLE0;
166	symKey->slot = slot;
167	symKey->series = slot->series;
168	symKey->cx = wincx;
169	symKey->size = 0;
170	symKey->refCount = 1;
171	symKey->origin = PK11_OriginNULL;
172	symKey->parent = NULL((void*)0);
173	symKey->freeFunc = NULL((void*)0);
174	symKey->userData = NULL((void*)0);
175	PK11_ReferenceSlot(slot);
176	return symKey;
177	}
178
179	/*
180	* destroy a symetric key
181	*/
182	void
183	PK11_FreeSymKey(PK11SymKey *symKey)
184	{
185	PK11SlotInfo *slot;
186	PRBool freeit = PR_TRUE1;
187
188	if (!symKey) {
189	return;
190	}
191
192	if (PR_ATOMIC_DECREMENT(&symKey->refCount)__sync_sub_and_fetch(&symKey->refCount, 1) == 0) {
193	PK11SymKey *parent = symKey->parent;
194
195	symKey->parent = NULL((void*)0);
196	if ((symKey->owner) && symKey->objectID != CK_INVALID_HANDLE0) {
197	pk11_EnterKeyMonitor(symKey);
198	(void)PK11_GETTAB(symKey->slot)((CK_FUNCTION_LIST_3_0_PTR)((symKey->slot)->functionList ))->C_DestroyObject(symKey->session, symKey->objectID);
199	pk11_ExitKeyMonitor(symKey);
200	}
201	if (symKey->data.data) {
202	PORT_Memsetmemset(symKey->data.data, 0, symKey->data.len);
203	PORT_FreePORT_Free_Util(symKey->data.data);
204	}
205	/* free any existing data */
206	if (symKey->userData && symKey->freeFunc) {
207	(*symKey->freeFunc)(symKey->userData);
208	}
209	slot = symKey->slot;
210	PZ_Lock(slot->freeListLock)PR_Lock((slot->freeListLock));
211	if (slot->keyCount < slot->maxKeyCount) {
212	/*
213	* freeSymkeysWithSessionHead contain a list of reusable
214	* SymKey structures with valid sessions.
215	* sessionOwner must be true.
216	* session must be valid.
217	* freeSymKeysHead contain a list of SymKey structures without
218	* valid session.
219	* session must be CK_INVALID_HANDLE.
220	* though sessionOwner is false, callers should not depend on
221	* this fact.
222	*/
223	if (symKey->sessionOwner) {
224	PORT_Assert(symKey->session != CK_INVALID_HANDLE)((symKey->session != 0)?((void)0):PR_Assert("symKey->session != CK_INVALID_HANDLE" ,"/root/firefox-clang/security/nss/lib/pk11wrap/pk11skey.c",224 ));
225	symKey->next = slot->freeSymKeysWithSessionHead;
226	slot->freeSymKeysWithSessionHead = symKey;
227	} else {
228	symKey->session = CK_INVALID_HANDLE0;
229	symKey->next = slot->freeSymKeysHead;
230	slot->freeSymKeysHead = symKey;
231	}
232	slot->keyCount++;
233	symKey->slot = NULL((void*)0);
234	freeit = PR_FALSE0;
235	}
236	PZ_Unlock(slot->freeListLock)PR_Unlock((slot->freeListLock));
237	if (freeit) {
238	pk11_CloseSession(symKey->slot, symKey->session,
239	symKey->sessionOwner);
240	PORT_FreePORT_Free_Util(symKey);
241	}
242	PK11_FreeSlot(slot);
243
244	if (parent) {
245	PK11_FreeSymKey(parent);
246	}
247	}
248	}
249
250	PK11SymKey *
251	PK11_ReferenceSymKey(PK11SymKey *symKey)
252	{
253	PR_ATOMIC_INCREMENT(&symKey->refCount)__sync_add_and_fetch(&symKey->refCount, 1);
254	return symKey;
255	}
256
257	/*
258	* Accessors
259	*/
260	CK_MECHANISM_TYPE
261	PK11_GetMechanism(PK11SymKey *symKey)
262	{
263	return symKey->type;
264	}
265
266	/*
267	* return the slot associated with a symetric key
268	*/
269	PK11SlotInfo *
270	PK11_GetSlotFromKey(PK11SymKey *symKey)
271	{
272	return PK11_ReferenceSlot(symKey->slot);
273	}
274
275	CK_KEY_TYPE
276	PK11_GetSymKeyType(PK11SymKey *symKey)
277	{
278	return PK11_GetKeyType(symKey->type, symKey->size);
279	}
280
281	PK11SymKey *
282	PK11_GetNextSymKey(PK11SymKey *symKey)
283	{
284	return symKey ? symKey->next : NULL((void*)0);
285	}
286
287	char *
288	PK11_GetSymKeyNickname(PK11SymKey *symKey)
289	{
290	return PK11_GetObjectNickname(symKey->slot, symKey->objectID);
291	}
292
293	SECStatus
294	PK11_SetSymKeyNickname(PK11SymKey symKey, const char nickname)
295	{
296	return PK11_SetObjectNickname(symKey->slot, symKey->objectID, nickname);
297	}
298
299	void *
300	PK11_GetSymKeyUserData(PK11SymKey *symKey)
301	{
302	return symKey->userData;
303	}
304
305	void
306	PK11_SetSymKeyUserData(PK11SymKey symKey, void userData,
307	PK11FreeDataFunc freeFunc)
308	{
309	/* free any existing data */
310	if (symKey->userData && symKey->freeFunc) {
311	(*symKey->freeFunc)(symKey->userData);
312	}
313	symKey->userData = userData;
314	symKey->freeFunc = freeFunc;
315	return;
316	}
317
318	/*
319	* turn key handle into an appropriate key object
320	*/
321	PK11SymKey *
322	PK11_SymKeyFromHandle(PK11SlotInfo slot, PK11SymKey parent, PK11Origin origin,
323	CK_MECHANISM_TYPE type, CK_OBJECT_HANDLE keyID, PRBool owner, void *wincx)
324	{
325	PK11SymKey *symKey;
326	PRBool needSession = !(owner && parent);
327
328	if (keyID == CK_INVALID_HANDLE0) {
329	return NULL((void*)0);
330	}
331
332	symKey = pk11_CreateSymKey(slot, type, owner, needSession, wincx);
333	if (symKey == NULL((void*)0)) {
334	return NULL((void*)0);
335	}
336
337	symKey->objectID = keyID;
338	symKey->origin = origin;
339
340	/* adopt the parent's session */
341	/* This is only used by SSL. What we really want here is a session
342	* structure with a ref count so the session goes away only after all the
343	* keys do. */
344	if (!needSession) {
345	symKey->sessionOwner = PR_FALSE0;
346	symKey->session = parent->session;
347	symKey->parent = PK11_ReferenceSymKey(parent);
348	/* This is the only case where pk11_CreateSymKey does not explicitly
349	* check symKey->session. We need to assert here to make sure.
350	* the session isn't invalid. */
351	PORT_Assert(parent->session != CK_INVALID_HANDLE)((parent->session != 0)?((void)0):PR_Assert("parent->session != CK_INVALID_HANDLE" ,"/root/firefox-clang/security/nss/lib/pk11wrap/pk11skey.c",351 ));
352	if (parent->session == CK_INVALID_HANDLE0) {
353	PK11_FreeSymKey(symKey);
354	PORT_SetErrorPORT_SetError_Util(SEC_ERROR_LIBRARY_FAILURE);
355	return NULL((void*)0);
356	}
357	}
358
359	return symKey;
360	}
361
362	/*
363	* Restore a symmetric wrapping key that was saved using PK11_SetWrapKey.
364	*
365	* This function is provided for ABI compatibility; see PK11_SetWrapKey below.
366	*/
367	PK11SymKey *
368	PK11_GetWrapKey(PK11SlotInfo *slot, int wrap, CK_MECHANISM_TYPE type,
369	int series, void *wincx)
370	{
371	PK11SymKey symKey = NULL((void)0);
372	CK_OBJECT_HANDLE keyHandle;
373
374	PK11_EnterSlotMonitor(slot);
375	if (slot->series != series \|\|
376	slot->refKeys[wrap] == CK_INVALID_HANDLE0) {
377	PK11_ExitSlotMonitor(slot);
378	return NULL((void*)0);
379	}
380
381	if (type == CKM_INVALID_MECHANISM0xffffffffUL) {
382	type = slot->wrapMechanism;
	Value stored to 'type' is never read
383	}
384
385	keyHandle = slot->refKeys[wrap];
386	PK11_ExitSlotMonitor(slot);
387	symKey = PK11_SymKeyFromHandle(slot, NULL((void*)0), PK11_OriginDerive,
388	slot->wrapMechanism, keyHandle, PR_FALSE0, wincx);
389	return symKey;
390	}
391
392	/*
393	* This function sets an attribute on the current slot with a wrapping key. The
394	* data saved is ephemeral; it needs to be run every time the program is
395	* invoked.
396	*
397	* Since NSS 3.45, this function is marginally more thread safe. It uses the
398	* slot lock (if present) and fails silently if a value is already set. Use
399	* PK11_GetWrapKey() after calling this function to get the current wrapping key
400	* in case there was an update on another thread.
401	*
402	* Either way, using this function is inadvisable. It's provided for ABI
403	* compatibility only.
404	*/
405	void
406	PK11_SetWrapKey(PK11SlotInfo slot, int wrap, PK11SymKey wrapKey)
407	{
408	PK11_EnterSlotMonitor(slot);
409	if (wrap >= 0) {
410	size_t uwrap = (size_t)wrap;
411	if (uwrap < PR_ARRAY_SIZE(slot->refKeys)(sizeof(slot->refKeys)/sizeof((slot->refKeys)[0])) &&
412	slot->refKeys[uwrap] == CK_INVALID_HANDLE0) {
413	/* save the handle and mechanism for the wrapping key */
414	/* mark the key and session as not owned by us so they don't get
415	* freed when the key goes way... that lets us reuse the key
416	* later */
417	slot->refKeys[uwrap] = wrapKey->objectID;
418	wrapKey->owner = PR_FALSE0;
419	wrapKey->sessionOwner = PR_FALSE0;
420	slot->wrapMechanism = wrapKey->type;
421	}
422	}
423	PK11_ExitSlotMonitor(slot);
424	}
425
426	/*
427	* figure out if a key is still valid or if it is stale.
428	*/
429	PRBool
430	PK11_VerifyKeyOK(PK11SymKey *key)
431	{
432	if (!PK11_IsPresent(key->slot)) {
433	return PR_FALSE0;
434	}
435	return (PRBool)(key->series == key->slot->series);
436	}
437
438	static PK11SymKey *
439	pk11_ImportSymKeyWithTempl(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
440	PK11Origin origin, PRBool isToken, CK_ATTRIBUTE *keyTemplate,
441	unsigned int templateCount, SECItem key, void wincx)
442	{
443	PK11SymKey *symKey;
444	SECStatus rv;
445
446	symKey = pk11_CreateSymKey(slot, type, !isToken, PR_TRUE1, wincx);
447	if (symKey == NULL((void*)0)) {
448	return NULL((void*)0);
449	}
450
451	symKey->size = key->len;
452
453	PK11_SETATTRS(&keyTemplate[templateCount], CKA_VALUE, key->data, key->len)(&keyTemplate[templateCount])->type = (0x00000011UL); ( &keyTemplate[templateCount])->pValue = (key->data); (&keyTemplate[templateCount])->ulValueLen = (key-> len);;
454	templateCount++;
455
456	if (SECITEM_CopyItemSECITEM_CopyItem_Util(NULL((void*)0), &symKey->data, key) != SECSuccess) {
457	PK11_FreeSymKey(symKey);
458	return NULL((void*)0);
459	}
460
461	symKey->origin = origin;
462
463	/* import the keys */
464	rv = PK11_CreateNewObject(slot, symKey->session, keyTemplate,
465	templateCount, isToken, &symKey->objectID);
466	if (rv != SECSuccess) {
467	PK11_FreeSymKey(symKey);
468	return NULL((void*)0);
469	}
470
471	return symKey;
472	}
473
474	/*
475	* turn key bits into an appropriate key object
476	*/
477	PK11SymKey *
478	PK11_ImportSymKey(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
479	PK11Origin origin, CK_ATTRIBUTE_TYPE operation, SECItem key, void wincx)
480	{
481	PK11SymKey *symKey;
482	unsigned int templateCount = 0;
483	CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY0x00000004UL;
484	CK_KEY_TYPE keyType = CKK_GENERIC_SECRET0x00000010UL;
485	CK_BBOOL cktrue = CK_TRUE1; /* sigh */
486	CK_ATTRIBUTE keyTemplate[5];
487	CK_ATTRIBUTE *attrs = keyTemplate;
488
489	/* CKA_NSS_MESSAGE is a fake operation to distinguish between
490	* Normal Encrypt/Decrypt and MessageEncrypt/Decrypt. Don't try to set
491	* it as a real attribute */
492	if ((operation & CKA_NSS_MESSAGE_MASK0xff000000L) == CKA_NSS_MESSAGE0x82000000L) {
493	/* Message is or'd with a real Attribute (CKA_ENCRYPT, CKA_DECRYPT),
494	* etc. Strip out the real attribute here */
495	operation &= ~CKA_NSS_MESSAGE_MASK0xff000000L;
496	}
497
498	PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, sizeof(keyClass))(attrs)->type = (0x00000000UL); (attrs)->pValue = (& keyClass); (attrs)->ulValueLen = (sizeof(keyClass));;
499	attrs++;
500	PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof(keyType))(attrs)->type = (0x00000100UL); (attrs)->pValue = (& keyType); (attrs)->ulValueLen = (sizeof(keyType));;
501	attrs++;
502	PK11_SETATTRS(attrs, operation, &cktrue, 1)(attrs)->type = (operation); (attrs)->pValue = (&cktrue ); (attrs)->ulValueLen = (1);;
503	attrs++;
504	templateCount = attrs - keyTemplate;
505	PR_ASSERT(templateCount + 1 <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE))((templateCount + 1 <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE ))?((void)0):PR_Assert("templateCount + 1 <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE)" ,"/root/firefox-clang/security/nss/lib/pk11wrap/pk11skey.c",505 ));
506
507	keyType = PK11_GetKeyType(type, key->len);
508	symKey = pk11_ImportSymKeyWithTempl(slot, type, origin, PR_FALSE0,
509	keyTemplate, templateCount, key, wincx);
510	return symKey;
511	}
512	/* Import a PKCS #11 data object and return it as a key. This key is
513	* only useful in a limited number of mechanisms, such as HKDF. */
514	PK11SymKey *
515	PK11_ImportDataKey(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, PK11Origin origin,
516	CK_ATTRIBUTE_TYPE operation, SECItem key, void wincx)
517	{
518	CK_OBJECT_CLASS ckoData = CKO_DATA0x00000000UL;
519	CK_ATTRIBUTE template[2] = { { CKA_CLASS0x00000000UL, (CK_BYTE_PTR)&ckoData, sizeof(ckoData) },
520	{ CKA_VALUE0x00000011UL, (CK_BYTE_PTR)key->data, key->len } };
521	CK_OBJECT_HANDLE handle;
522	PK11GenericObject *genObject;
523
524	genObject = PK11_CreateGenericObject(slot, template, PR_ARRAY_SIZE(template)(sizeof(template)/sizeof((template)[0])), PR_FALSE0);
525	if (genObject == NULL((void*)0)) {
526	return NULL((void*)0);
527	}
528	handle = PK11_GetObjectHandle(PK11_TypeGeneric, genObject, NULL((void*)0));
529	/* A note about ownership of the PKCS #11 handle:
530	* PK11_CreateGenericObject() will not destroy the object it creates
531	* on Free, For that you want PK11_CreateManagedGenericObject().
532	* Below we import the handle into the symKey structure. We pass
533	* PR_TRUE as the owner so that the symKey will destroy the object
534	* once it's freed. This is why it's safe to destroy genObject now. */
535	PK11_DestroyGenericObject(genObject);
536	if (handle == CK_INVALID_HANDLE0) {
537	return NULL((void*)0);
538	}
539	return PK11_SymKeyFromHandle(slot, NULL((void*)0), origin, type, handle, PR_TRUE1, wincx);
540	}
541
542	/* turn key bits into an appropriate key object */
543	PK11SymKey *
544	PK11_ImportSymKeyWithFlags(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
545	PK11Origin origin, CK_ATTRIBUTE_TYPE operation, SECItem *key,
546	CK_FLAGS flags, PRBool isPerm, void *wincx)
547	{
548	PK11SymKey *symKey;
549	unsigned int templateCount = 0;
550	CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY0x00000004UL;
551	CK_KEY_TYPE keyType = CKK_GENERIC_SECRET0x00000010UL;
552	CK_BBOOL cktrue = CK_TRUE1; /* sigh */
553	CK_ATTRIBUTE keyTemplate[MAX_TEMPL_ATTRS16];
554	CK_ATTRIBUTE *attrs = keyTemplate;
555
556	/* CKA_NSS_MESSAGE is a fake operation to distinguish between
557	* Normal Encrypt/Decrypt and MessageEncrypt/Decrypt. Don't try to set
558	* it as a real attribute */
559	if ((operation & CKA_NSS_MESSAGE_MASK0xff000000L) == CKA_NSS_MESSAGE0x82000000L) {
560	/* Message is or'd with a real Attribute (CKA_ENCRYPT, CKA_DECRYPT),
561	* etc. Strip out the real attribute here */
562	operation &= ~CKA_NSS_MESSAGE_MASK0xff000000L;
563	}
564
565	PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, sizeof(keyClass))(attrs)->type = (0x00000000UL); (attrs)->pValue = (& keyClass); (attrs)->ulValueLen = (sizeof(keyClass));;
566	attrs++;
567	PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof(keyType))(attrs)->type = (0x00000100UL); (attrs)->pValue = (& keyType); (attrs)->ulValueLen = (sizeof(keyType));;
568	attrs++;
569	if (isPerm) {
570	PK11_SETATTRS(attrs, CKA_TOKEN, &cktrue, sizeof(cktrue))(attrs)->type = (0x00000001UL); (attrs)->pValue = (& cktrue); (attrs)->ulValueLen = (sizeof(cktrue));;
571	attrs++;
572	/* sigh some tokens think CKA_PRIVATE = false is a reasonable
573	* default for secret keys */
574	PK11_SETATTRS(attrs, CKA_PRIVATE, &cktrue, sizeof(cktrue))(attrs)->type = (0x00000002UL); (attrs)->pValue = (& cktrue); (attrs)->ulValueLen = (sizeof(cktrue));;
575	attrs++;
576	}
577	attrs += pk11_OpFlagsToAttributes(flags, attrs, &cktrue);
578	if ((operation != CKA_FLAGS_ONLY0) &&
579	!pk11_FindAttrInTemplate(keyTemplate, attrs - keyTemplate, operation)) {
580	PK11_SETATTRS(attrs, operation, &cktrue, sizeof(cktrue))(attrs)->type = (operation); (attrs)->pValue = (&cktrue ); (attrs)->ulValueLen = (sizeof(cktrue));;
581	attrs++;
582	}
583	templateCount = attrs - keyTemplate;
584	PR_ASSERT(templateCount + 1 <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE))((templateCount + 1 <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE ))?((void)0):PR_Assert("templateCount + 1 <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE)" ,"/root/firefox-clang/security/nss/lib/pk11wrap/pk11skey.c",584 ));
585
586	keyType = PK11_GetKeyType(type, key->len);
587	symKey = pk11_ImportSymKeyWithTempl(slot, type, origin, isPerm,
588	keyTemplate, templateCount, key, wincx);
589	if (symKey && isPerm) {
590	symKey->owner = PR_FALSE0;
591	}
592	return symKey;
593	}
594
595	PK11SymKey *
596	PK11_FindFixedKey(PK11SlotInfo slot, CK_MECHANISM_TYPE type, SECItem keyID,
597	void *wincx)
598	{
599	CK_ATTRIBUTE findTemp[5];
600	CK_ATTRIBUTE *attrs;
601	CK_BBOOL ckTrue = CK_TRUE1;
602	CK_OBJECT_CLASS keyclass = CKO_SECRET_KEY0x00000004UL;
603	size_t tsize = 0;
604	CK_OBJECT_HANDLE key_id;
605	CK_KEY_TYPE keyType = PK11_GetKeyType(type, 0);
606
607	attrs = findTemp;
608	PK11_SETATTRS(attrs, CKA_CLASS, &keyclass, sizeof(keyclass))(attrs)->type = (0x00000000UL); (attrs)->pValue = (& keyclass); (attrs)->ulValueLen = (sizeof(keyclass));;
609	attrs++;
610	PK11_SETATTRS(attrs, CKA_TOKEN, &ckTrue, sizeof(ckTrue))(attrs)->type = (0x00000001UL); (attrs)->pValue = (& ckTrue); (attrs)->ulValueLen = (sizeof(ckTrue));;
611	attrs++;
612	PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof(keyType))(attrs)->type = (0x00000100UL); (attrs)->pValue = (& keyType); (attrs)->ulValueLen = (sizeof(keyType));;
613	attrs++;
614	if (keyID) {
615	PK11_SETATTRS(attrs, CKA_ID, keyID->data, keyID->len)(attrs)->type = (0x00000102UL); (attrs)->pValue = (keyID ->data); (attrs)->ulValueLen = (keyID->len);;
616	attrs++;
617	}
618	tsize = attrs - findTemp;
619	PORT_Assert(tsize <= sizeof(findTemp) / sizeof(CK_ATTRIBUTE))((tsize <= sizeof(findTemp) / sizeof(CK_ATTRIBUTE))?((void )0):PR_Assert("tsize <= sizeof(findTemp) / sizeof(CK_ATTRIBUTE)" ,"/root/firefox-clang/security/nss/lib/pk11wrap/pk11skey.c",619 ));
620
621	key_id = pk11_FindObjectByTemplate(slot, findTemp, tsize);
622	if (key_id == CK_INVALID_HANDLE0) {
623	return NULL((void*)0);
624	}
625	return PK11_SymKeyFromHandle(slot, NULL((void*)0), PK11_OriginDerive, type, key_id,
626	PR_FALSE0, wincx);
627	}
628
629	PK11SymKey *
630	PK11_ListFixedKeysInSlot(PK11SlotInfo slot, char nickname, void *wincx)
631	{
632	CK_ATTRIBUTE findTemp[4];
633	CK_ATTRIBUTE *attrs;
634	CK_BBOOL ckTrue = CK_TRUE1;
635	CK_OBJECT_CLASS keyclass = CKO_SECRET_KEY0x00000004UL;
636	int tsize = 0;
637	int objCount = 0;
638	CK_OBJECT_HANDLE *key_ids;
639	PK11SymKey nextKey = NULL((void)0);
640	PK11SymKey topKey = NULL((void)0);
641	int i, len;
642
643	attrs = findTemp;
644	PK11_SETATTRS(attrs, CKA_CLASS, &keyclass, sizeof(keyclass))(attrs)->type = (0x00000000UL); (attrs)->pValue = (& keyclass); (attrs)->ulValueLen = (sizeof(keyclass));;
645	attrs++;
646	PK11_SETATTRS(attrs, CKA_TOKEN, &ckTrue, sizeof(ckTrue))(attrs)->type = (0x00000001UL); (attrs)->pValue = (& ckTrue); (attrs)->ulValueLen = (sizeof(ckTrue));;
647	attrs++;
648	if (nickname) {
649	len = PORT_Strlen(nickname)strlen(nickname);
650	PK11_SETATTRS(attrs, CKA_LABEL, nickname, len)(attrs)->type = (0x00000003UL); (attrs)->pValue = (nickname ); (attrs)->ulValueLen = (len);;
651	attrs++;
652	}
653	tsize = attrs - findTemp;
654	PORT_Assert(tsize <= sizeof(findTemp) / sizeof(CK_ATTRIBUTE))((tsize <= sizeof(findTemp) / sizeof(CK_ATTRIBUTE))?((void )0):PR_Assert("tsize <= sizeof(findTemp) / sizeof(CK_ATTRIBUTE)" ,"/root/firefox-clang/security/nss/lib/pk11wrap/pk11skey.c",654 ));
655
656	key_ids = pk11_FindObjectsByTemplate(slot, findTemp, tsize, &objCount);
657	if (key_ids == NULL((void*)0)) {
658	return NULL((void*)0);
659	}
660
661	for (i = 0; i < objCount; i++) {
662	SECItem typeData;
663	CK_KEY_TYPE type = CKK_GENERIC_SECRET0x00000010UL;
664	SECStatus rv = PK11_ReadAttribute(slot, key_ids[i],
665	CKA_KEY_TYPE0x00000100UL, NULL((void*)0), &typeData);
666	if (rv == SECSuccess) {
667	if (typeData.len == sizeof(CK_KEY_TYPE)) {
668	type = (CK_KEY_TYPE )typeData.data;
669	}
670	PORT_FreePORT_Free_Util(typeData.data);
671	}
672	nextKey = PK11_SymKeyFromHandle(slot, NULL((void*)0), PK11_OriginDerive,
673	PK11_GetKeyMechanism(type), key_ids[i], PR_FALSE0, wincx);
674	if (nextKey) {
675	nextKey->next = topKey;
676	topKey = nextKey;
677	}
678	}
679	PORT_FreePORT_Free_Util(key_ids);
680	return topKey;
681	}
682
683	void *
684	PK11_GetWindow(PK11SymKey *key)
685	{
686	return key->cx;
687	}
688
689	/*
690	* extract a symmetric key value. NOTE: if the key is sensitive, we will
691	* not be able to do this operation. This function is used to move
692	* keys from one token to another */
693	SECStatus
694	PK11_ExtractKeyValue(PK11SymKey *symKey)
695	{
696	SECStatus rv;
697
698	if (symKey == NULL((void*)0)) {
699	PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS);
700	return SECFailure;
701	}
702
703	if (symKey->data.data != NULL((void*)0)) {
704	if (symKey->size == 0) {
705	symKey->size = symKey->data.len;
706	}
707	return SECSuccess;
708	}
709
710	if (symKey->slot == NULL((void*)0)) {
711	PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_KEY);
712	return SECFailure;
713	}
714
715	rv = PK11_ReadAttribute(symKey->slot, symKey->objectID, CKA_VALUE0x00000011UL, NULL((void*)0),
716	&symKey->data);
717	if (rv == SECSuccess) {
718	symKey->size = symKey->data.len;
719	}
720	return rv;
721	}
722
723	SECStatus
724	PK11_DeleteTokenSymKey(PK11SymKey *symKey)
725	{
726	if (!PK11_IsPermObject(symKey->slot, symKey->objectID)) {
727	return SECFailure;
728	}
729	PK11_DestroyTokenObject(symKey->slot, symKey->objectID);
730	symKey->objectID = CK_INVALID_HANDLE0;
731	return SECSuccess;
732	}
733
734	SECItem *
735	PK11_GetKeyData(PK11SymKey *symKey)
736	{
737	return &symKey->data;
738	}
739
740	/* This symbol is exported for backward compatibility. */
741	SECItem *
742	__PK11_GetKeyData(PK11SymKey *symKey)
743	{
744	return PK11_GetKeyData(symKey);
745	}
746
747	/*
748	* PKCS #11 key Types with predefined length
749	*/
750	unsigned int
751	pk11_GetPredefinedKeyLength(CK_KEY_TYPE keyType)
752	{
753	int length = 0;
754	switch (keyType) {
755	case CKK_DES0x00000013UL:
756	length = 8;
757	break;
758	case CKK_DES20x00000014UL:
759	length = 16;
760	break;
761	case CKK_DES30x00000015UL:
762	length = 24;
763	break;
764	case CKK_SKIPJACK0x0000001BUL:
765	length = 10;
766	break;
767	case CKK_BATON0x0000001CUL:
768	length = 20;
769	break;
770	case CKK_JUNIPER0x0000001DUL:
771	length = 20;
772	break;
773	default:
774	break;
775	}
776	return length;
777	}
778
779	/* return the keylength if possible. '0' if not */
780	unsigned int
781	PK11_GetKeyLength(PK11SymKey *key)
782	{
783	CK_KEY_TYPE keyType;
784
785	if (key->size != 0)
786	return key->size;
787
788	/* First try to figure out the key length from its type */
789	keyType = PK11_ReadULongAttribute(key->slot, key->objectID, CKA_KEY_TYPE0x00000100UL);
790	key->size = pk11_GetPredefinedKeyLength(keyType);
791	if ((keyType == CKK_GENERIC_SECRET0x00000010UL) &&
792	(key->type == CKM_SSL3_PRE_MASTER_KEY_GEN0x00000370UL)) {
793	key->size = 48;
794	}
795
796	if (key->size != 0)
797	return key->size;
798
799	if (key->data.data == NULL((void*)0)) {
800	PK11_ExtractKeyValue(key);
801	}
802	/* key is probably secret. Look up its length */
803	/* this is new PKCS #11 version 2.0 functionality. */
804	if (key->size == 0) {
805	CK_ULONG keyLength;
806
807	keyLength = PK11_ReadULongAttribute(key->slot, key->objectID, CKA_VALUE_LEN0x00000161UL);
808	if (keyLength != CK_UNAVAILABLE_INFORMATION(~0UL)) {
809	key->size = (unsigned int)keyLength;
810	}
811	}
812
813	return key->size;
814	}
815
816	/* return the strength of a key. This is different from length in that
817	* 1) it returns the size in bits, and 2) it returns only the secret portions
818	* of the key minus any checksums or parity.
819	*/
820	unsigned int
821	PK11_GetKeyStrength(PK11SymKey key, SECAlgorithmID algid)
822	{
823	int size = 0;
824	CK_MECHANISM_TYPE mechanism = CKM_INVALID_MECHANISM0xffffffffUL; /* RC2 only */
825	SECItem param = NULL((void)0); /* RC2 only */
826	CK_RC2_CBC_PARAMS rc2_params = NULL((void)0); /* RC2 ONLY */
827	unsigned int effectiveBits = 0; /* RC2 ONLY */
828
829	switch (PK11_GetKeyType(key->type, 0)) {
830	case CKK_CDMF0x0000001EUL:
831	return 40;
832	case CKK_DES0x00000013UL:
833	return 56;
834	case CKK_DES30x00000015UL:
835	case CKK_DES20x00000014UL:
836	size = PK11_GetKeyLength(key);
837	if (size == 16) {
838	/* double des */
839	return 112; /* 167 /
840	}
841	return 168;
842	/*
843	* RC2 has is different than other ciphers in that it allows the user
844	* to deprecating keysize while still requiring all the bits for the
845	* original key. The info
846	* on what the effective key strength is in the parameter for the key.
847	* In S/MIME this parameter is stored in the DER encoded algid. In Our
848	* other uses of RC2, effectiveBits == keyBits, so this code functions
849	* correctly without an algid.
850	*/
851	case CKK_RC20x00000011UL:
852	/* if no algid was provided, fall through to default */
853	if (!algid) {
854	break;
855	}
856	/* verify that the algid is for RC2 */
857	mechanism = PK11_AlgtagToMechanism(SECOID_GetAlgorithmTagSECOID_GetAlgorithmTag_Util(algid));
858	if ((mechanism != CKM_RC2_CBC0x00000102UL) && (mechanism != CKM_RC2_ECB0x00000101UL)) {
859	break;
860	}
861
862	/* now get effective bits from the algorithm ID. */
863	param = PK11_ParamFromAlgid(algid);
864	/* if we couldn't get memory just use key length */
865	if (param == NULL((void*)0)) {
866	break;
867	}
868
869	rc2_params = (CK_RC2_CBC_PARAMS *)param->data;
870	/* paranoia... shouldn't happen */
871	PORT_Assert(param->data != NULL)((param->data != ((void*)0))?((void)0):PR_Assert("param->data != NULL" ,"/root/firefox-clang/security/nss/lib/pk11wrap/pk11skey.c",871 ));
872	if (param->data == NULL((void*)0)) {
873	SECITEM_FreeItemSECITEM_FreeItem_Util(param, PR_TRUE1);
874	break;
875	}
876	effectiveBits = (unsigned int)rc2_params->ulEffectiveBits;
877	SECITEM_FreeItemSECITEM_FreeItem_Util(param, PR_TRUE1);
878	param = NULL((void*)0);
879	rc2_params = NULL((void)0); / paranoia */
880
881	/* we have effective bits, is and allocated memory is free, now
882	* we need to return the smaller of effective bits and keysize */
883	size = PK11_GetKeyLength(key);
884	if ((unsigned int)size * 8 > effectiveBits) {
885	return effectiveBits;
886	}
887
888	return size * 8; /* the actual key is smaller, the strength can't be
889	* greater than the actual key size */
890
891	default:
892	break;
893	}
894	return PK11_GetKeyLength(key) * 8;
895	}
896
897	/*
898	* The next three utilities are to deal with the fact that a given operation
899	* may be a multi-slot affair. This creates a new key object that is copied
900	* into the new slot.
901	*/
902	PK11SymKey *
903	pk11_CopyToSlotPerm(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
904	CK_ATTRIBUTE_TYPE operation, CK_FLAGS flags,
905	PRBool isPerm, PK11SymKey *symKey)
906	{
907	SECStatus rv;
908	PK11SymKey newKey = NULL((void)0);
909
910	/* Extract the raw key data if possible */
911	if (symKey->data.data == NULL((void*)0)) {
912	rv = PK11_ExtractKeyValue(symKey);
913	/* KEY is sensitive, we're try key exchanging it. */
914	if (rv != SECSuccess) {
915	return pk11_KeyExchange(slot, type, operation,
916	flags, isPerm, symKey);
917	}
918	}
919
920	newKey = PK11_ImportSymKeyWithFlags(slot, type, symKey->origin,
921	operation, &symKey->data, flags, isPerm, symKey->cx);
922	if (newKey == NULL((void*)0)) {
923	newKey = pk11_KeyExchange(slot, type, operation, flags, isPerm, symKey);
924	}
925	return newKey;
926	}
927
928	PK11SymKey *
929	pk11_CopyToSlot(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
930	CK_ATTRIBUTE_TYPE operation, PK11SymKey *symKey)
931	{
932	return pk11_CopyToSlotPerm(slot, type, operation, 0, PR_FALSE0, symKey);
933	}
934
935	/*
936	* Make sure the slot we are in is the correct slot for the operation
937	* by verifying that it supports all of the specified mechanism types.
938	*/
939	PK11SymKey *
940	pk11_ForceSlotMultiple(PK11SymKey symKey, CK_MECHANISM_TYPE type,
941	int mechCount, CK_ATTRIBUTE_TYPE operation)
942	{
943	PK11SlotInfo *slot = symKey->slot;
944	PK11SymKey newKey = NULL((void)0);
945	PRBool needToCopy = PR_FALSE0;
946	int i;
947
948	if (slot == NULL((void*)0)) {
949	needToCopy = PR_TRUE1;
950	} else {
951	i = 0;
952	while ((i < mechCount) && (needToCopy == PR_FALSE0)) {
953	if (!PK11_DoesMechanism(slot, type[i])) {
954	needToCopy = PR_TRUE1;
955	}
956	i++;
957	}
958	}
959
960	if (needToCopy == PR_TRUE1) {
961	slot = PK11_GetBestSlotMultiple(type, mechCount, symKey->cx);
962	if (slot == NULL((void*)0)) {
963	PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MODULE);
964	return NULL((void*)0);
965	}
966	newKey = pk11_CopyToSlot(slot, type[0], operation, symKey);
967	PK11_FreeSlot(slot);
968	}
969	return newKey;
970	}
971
972	/*
973	* Make sure the slot we are in is the correct slot for the operation
974	*/
975	PK11SymKey *
976	pk11_ForceSlot(PK11SymKey *symKey, CK_MECHANISM_TYPE type,
977	CK_ATTRIBUTE_TYPE operation)
978	{
979	return pk11_ForceSlotMultiple(symKey, &type, 1, operation);
980	}
981
982	PK11SymKey *
983	PK11_MoveSymKey(PK11SlotInfo *slot, CK_ATTRIBUTE_TYPE operation,
984	CK_FLAGS flags, PRBool perm, PK11SymKey *symKey)
985	{
986	if (symKey->slot == slot) {
987	if (perm) {
988	return PK11_ConvertSessionSymKeyToTokenSymKey(symKey, symKey->cx);
989	} else {
990	return PK11_ReferenceSymKey(symKey);
991	}
992	}
993
994	return pk11_CopyToSlotPerm(slot, symKey->type,
995	operation, flags, perm, symKey);
996	}
997
998	/*
999	* Use the token to generate a key.
1000	*
1001	* keySize must be 'zero' for fixed key length algorithms. A nonzero
1002	* keySize causes the CKA_VALUE_LEN attribute to be added to the template
1003	* for the key. Most PKCS #11 modules fail if you specify the CKA_VALUE_LEN
1004	* attribute for keys with fixed length. The exception is DES2. If you
1005	* select a CKM_DES3_CBC mechanism, this code will not add the CKA_VALUE_LEN
1006	* parameter and use the key size to determine which underlying DES keygen
1007	* function to use (CKM_DES2_KEY_GEN or CKM_DES3_KEY_GEN).
1008	*
1009	* keyType must be -1 for most algorithms. Some PBE algorthims cannot
1010	* determine the correct key type from the mechanism or the parameters,
1011	* so key type must be specified. Other PKCS #11 mechanisms may do so in
1012	* the future. Currently there is no need to export this publically.
1013	* Keep it private until there is a need in case we need to expand the
1014	* keygen parameters again...
1015	*
1016	* CK_FLAGS flags: key operation flags
1017	* PK11AttrFlags attrFlags: PK11_ATTR_XXX key attribute flags
1018	*/
1019	PK11SymKey *
1020	pk11_TokenKeyGenWithFlagsAndKeyType(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
1021	SECItem param, CK_KEY_TYPE keyType, int keySize, SECItem keyid,
1022	CK_FLAGS opFlags, PK11AttrFlags attrFlags, void *wincx)
1023	{
1024	PK11SymKey *symKey;
1025	CK_ATTRIBUTE genTemplate[MAX_TEMPL_ATTRS16];
1026	CK_ATTRIBUTE *attrs = genTemplate;
1027	int count = sizeof(genTemplate) / sizeof(genTemplate[0]);
1028	CK_MECHANISM_TYPE keyGenType;
1029	CK_BBOOL cktrue = CK_TRUE1;
1030	CK_BBOOL ckfalse = CK_FALSE0;
1031	CK_ULONG ck_key_size; /* only used for variable-length keys */
1032
1033	if (pk11_BadAttrFlags(attrFlags)) {
1034	PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS);
1035	return NULL((void*)0);
1036	}
1037
1038	if ((keySize != 0) && (type != CKM_DES3_CBC0x00000133UL) &&
1039	(type != CKM_DES3_CBC_PAD0x00000136UL) && (type != CKM_DES3_ECB0x00000132UL)) {
1040	ck_key_size = keySize; /* Convert to PK11 type */
1041
1042	PK11_SETATTRS(attrs, CKA_VALUE_LEN, &ck_key_size, sizeof(ck_key_size))(attrs)->type = (0x00000161UL); (attrs)->pValue = (& ck_key_size); (attrs)->ulValueLen = (sizeof(ck_key_size));;
1043	attrs++;
1044	}
1045
1046	if (keyType != -1) {
1047	PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof(CK_KEY_TYPE))(attrs)->type = (0x00000100UL); (attrs)->pValue = (& keyType); (attrs)->ulValueLen = (sizeof(CK_KEY_TYPE));;
1048	attrs++;
1049	}
1050
1051	/* Include key id value if provided */
1052	if (keyid) {
1053	PK11_SETATTRS(attrs, CKA_ID, keyid->data, keyid->len)(attrs)->type = (0x00000102UL); (attrs)->pValue = (keyid ->data); (attrs)->ulValueLen = (keyid->len);;
1054	attrs++;
1055	}
1056
1057	attrs += pk11_AttrFlagsToAttributes(attrFlags, attrs, &cktrue, &ckfalse);
1058	attrs += pk11_OpFlagsToAttributes(opFlags, attrs, &cktrue);
1059
1060	count = attrs - genTemplate;
1061	PR_ASSERT(count <= sizeof(genTemplate) / sizeof(CK_ATTRIBUTE))((count <= sizeof(genTemplate) / sizeof(CK_ATTRIBUTE))?((void )0):PR_Assert("count <= sizeof(genTemplate) / sizeof(CK_ATTRIBUTE)" ,"/root/firefox-clang/security/nss/lib/pk11wrap/pk11skey.c",1061 ));
1062
1063	keyGenType = PK11_GetKeyGenWithSize(type, keySize);
1064	if (keyGenType == CKM_FAKE_RANDOM0x80000efeUL) {
1065	PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MODULE);
1066	return NULL((void*)0);
1067	}
1068	symKey = PK11_KeyGenWithTemplate(slot, type, keyGenType,
1069	param, genTemplate, count, wincx);
1070	if (symKey != NULL((void*)0)) {
1071	symKey->size = keySize;
1072	}
1073	return symKey;
1074	}
1075
1076	/*
1077	* Use the token to generate a key. - Public
1078	*
1079	* keySize must be 'zero' for fixed key length algorithms. A nonzero
1080	* keySize causes the CKA_VALUE_LEN attribute to be added to the template
1081	* for the key. Most PKCS #11 modules fail if you specify the CKA_VALUE_LEN
1082	* attribute for keys with fixed length. The exception is DES2. If you
1083	* select a CKM_DES3_CBC mechanism, this code will not add the CKA_VALUE_LEN
1084	* parameter and use the key size to determine which underlying DES keygen
1085	* function to use (CKM_DES2_KEY_GEN or CKM_DES3_KEY_GEN).
1086	*
1087	* CK_FLAGS flags: key operation flags
1088	* PK11AttrFlags attrFlags: PK11_ATTR_XXX key attribute flags
1089	*/
1090	PK11SymKey *
1091	PK11_TokenKeyGenWithFlags(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
1092	SECItem param, int keySize, SECItem keyid, CK_FLAGS opFlags,
1093	PK11AttrFlags attrFlags, void *wincx)
1094	{
1095	return pk11_TokenKeyGenWithFlagsAndKeyType(slot, type, param, -1, keySize,
1096	keyid, opFlags, attrFlags, wincx);
1097	}
1098
1099	/*
1100	* Use the token to generate a key. keySize must be 'zero' for fixed key
1101	* length algorithms. A nonzero keySize causes the CKA_VALUE_LEN attribute
1102	* to be added to the template for the key. PKCS #11 modules fail if you
1103	* specify the CKA_VALUE_LEN attribute for keys with fixed length.
1104	* NOTE: this means to generate a DES2 key from this interface you must
1105	* specify CKM_DES2_KEY_GEN as the mechanism directly; specifying
1106	* CKM_DES3_CBC as the mechanism and 16 as keySize currently doesn't work.
1107	*/
1108	PK11SymKey *
1109	PK11_TokenKeyGen(PK11SlotInfo slot, CK_MECHANISM_TYPE type, SECItem param,
1110	int keySize, SECItem keyid, PRBool isToken, void wincx)
1111	{
1112	PK11SymKey *symKey;
1113	PRBool weird = PR_FALSE0; /* hack for fortezza */
1114	CK_FLAGS opFlags = CKF_SIGN0x00000800UL;
1115	PK11AttrFlags attrFlags = 0;
1116
1117	if ((keySize == -1) && (type == CKM_SKIPJACK_CBC640x00001002UL)) {
1118	weird = PR_TRUE1;
1119	keySize = 0;
1120	}
1121
1122	opFlags \|= weird ? CKF_DECRYPT0x00000200UL : CKF_ENCRYPT0x00000100UL;
1123
1124	if (isToken) {
1125	attrFlags \|= (PK11_ATTR_TOKEN0x00000001L \| PK11_ATTR_PRIVATE0x00000004L);
1126	}
1127
1128	symKey = pk11_TokenKeyGenWithFlagsAndKeyType(slot, type, param,
1129	-1, keySize, keyid, opFlags, attrFlags, wincx);
1130	if (symKey && weird) {
1131	PK11_SetFortezzaHack(symKey);
1132	}
1133
1134	return symKey;
1135	}
1136
1137	PK11SymKey *
1138	PK11_KeyGen(PK11SlotInfo slot, CK_MECHANISM_TYPE type, SECItem param,
1139	int keySize, void *wincx)
1140	{
1141	return PK11_TokenKeyGen(slot, type, param, keySize, 0, PR_FALSE0, wincx);
1142	}
1143
1144	PK11SymKey *
1145	PK11_KeyGenWithTemplate(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
1146	CK_MECHANISM_TYPE keyGenType,
1147	SECItem param, CK_ATTRIBUTE attrs,
1148	unsigned int attrsCount, void *wincx)
1149	{
1150	PK11SymKey *symKey;
1151	CK_SESSION_HANDLE session;
1152	CK_MECHANISM mechanism;
1153	CK_RV crv;
1154	PRBool isToken = CK_FALSE0;
1155	CK_ULONG keySize = 0;
1156	unsigned i;
1157
1158	/* Extract the template's CKA_VALUE_LEN into keySize and CKA_TOKEN into
1159	isToken. */
1160	for (i = 0; i < attrsCount; ++i) {
1161	switch (attrs[i].type) {
1162	case CKA_VALUE_LEN0x00000161UL:
1163	if (attrs[i].pValue == NULL((void*)0) \|\|
1164	attrs[i].ulValueLen != sizeof(CK_ULONG)) {
1165	PORT_SetErrorPORT_SetError_Util(PK11_MapError(CKR_TEMPLATE_INCONSISTENT0x000000D1UL));
1166	return NULL((void*)0);
1167	}
1168	keySize = (CK_ULONG )attrs[i].pValue;
1169	break;
1170	case CKA_TOKEN0x00000001UL:
1171	if (attrs[i].pValue == NULL((void*)0) \|\|
1172	attrs[i].ulValueLen != sizeof(CK_BBOOL)) {
1173	PORT_SetErrorPORT_SetError_Util(PK11_MapError(CKR_TEMPLATE_INCONSISTENT0x000000D1UL));
1174	return NULL((void*)0);
1175	}
1176	isToken = ((CK_BBOOL )attrs[i].pValue) ? PR_TRUE1 : PR_FALSE0;
1177	break;
1178	}
1179	}
1180
1181	/* find a slot to generate the key into */
1182	/* Only do slot management if this is not a token key */
1183	if (!isToken && (slot == NULL((void*)0) \|\| !PK11_DoesMechanism(slot, type))) {
1184	PK11SlotInfo *bestSlot = PK11_GetBestSlot(type, wincx);
1185	if (bestSlot == NULL((void*)0)) {
1186	PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MODULE);
1187	return NULL((void*)0);
1188	}
1189	symKey = pk11_CreateSymKey(bestSlot, type, !isToken, PR_TRUE1, wincx);
1190	PK11_FreeSlot(bestSlot);
1191	} else {
1192	symKey = pk11_CreateSymKey(slot, type, !isToken, PR_TRUE1, wincx);
1193	}
1194	if (symKey == NULL((void*)0))
1195	return NULL((void*)0);
1196
1197	symKey->size = keySize;
1198	symKey->origin = PK11_OriginGenerated;
1199
1200	/* Set the parameters for the key gen if provided */
1201	mechanism.mechanism = keyGenType;
1202	mechanism.pParameter = NULL((void*)0);
1203	mechanism.ulParameterLen = 0;
1204	if (param) {
1205	mechanism.pParameter = param->data;
1206	mechanism.ulParameterLen = param->len;
1207	}
1208
1209	/* Get session and perform locking */
1210	if (isToken) {
1211	PK11_Authenticate(symKey->slot, PR_TRUE1, wincx);
1212	/* Should always be original slot */
1213	session = PK11_GetRWSession(symKey->slot);
1214	symKey->owner = PR_FALSE0;
1215	} else {
1216	session = symKey->session;
1217	if (session != CK_INVALID_HANDLE0)
1218	pk11_EnterKeyMonitor(symKey);
1219	}
1220	if (session == CK_INVALID_HANDLE0) {
1221	PK11_FreeSymKey(symKey);
1222	PORT_SetErrorPORT_SetError_Util(SEC_ERROR_BAD_DATA);
1223	return NULL((void*)0);
1224	}
1225
1226	crv = PK11_GETTAB(symKey->slot)((CK_FUNCTION_LIST_3_0_PTR)((symKey->slot)->functionList ))->C_GenerateKey(session, &mechanism, attrs, attrsCount, &symKey->objectID);
1227
1228	/* Release lock and session */
1229	if (isToken) {
1230	PK11_RestoreROSession(symKey->slot, session);
1231	} else {
1232	pk11_ExitKeyMonitor(symKey);
1233	}
1234
1235	if (crv != CKR_OK0x00000000UL) {
1236	PK11_FreeSymKey(symKey);
1237	PORT_SetErrorPORT_SetError_Util(PK11_MapError(crv));
1238	return NULL((void*)0);
1239	}
1240
1241	return symKey;
1242	}
1243
1244	PK11SymKey *
1245	PK11_ConvertSessionSymKeyToTokenSymKey(PK11SymKey symk, void wincx)
1246	{
1247	PK11SlotInfo *slot = symk->slot;
1248	CK_ATTRIBUTE template[1];
1249	CK_ATTRIBUTE *attrs = template;
1250	CK_BBOOL cktrue = CK_TRUE1;
1251	CK_RV crv;
1252	CK_OBJECT_HANDLE newKeyID;
1253	CK_SESSION_HANDLE rwsession;
1254
1255	PK11_SETATTRS(attrs, CKA_TOKEN, &cktrue, sizeof(cktrue))(attrs)->type = (0x00000001UL); (attrs)->pValue = (& cktrue); (attrs)->ulValueLen = (sizeof(cktrue));;
1256	attrs++;
1257
1258	PK11_Authenticate(slot, PR_TRUE1, wincx);
1259	rwsession = PK11_GetRWSession(slot);
1260	if (rwsession == CK_INVALID_HANDLE0) {
1261	PORT_SetErrorPORT_SetError_Util(SEC_ERROR_BAD_DATA);
1262	return NULL((void*)0);
1263	}
1264	crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_CopyObject(rwsession, symk->objectID,
1265	template, 1, &newKeyID);
1266	PK11_RestoreROSession(slot, rwsession);
1267
1268	if (crv != CKR_OK0x00000000UL) {
1269	PORT_SetErrorPORT_SetError_Util(PK11_MapError(crv));
1270	return NULL((void*)0);
1271	}
1272
1273	return PK11_SymKeyFromHandle(slot, NULL((void)0) /parent*/, symk->origin,
1274	symk->type, newKeyID, PR_FALSE0 /owner/, NULL((void)0) /wincx*/);
1275	}
1276
1277	/* This function does a straight public key wrap with the CKM_RSA_PKCS
1278	* mechanism. */
1279	SECStatus
1280	PK11_PubWrapSymKey(CK_MECHANISM_TYPE type, SECKEYPublicKey *pubKey,
1281	PK11SymKey symKey, SECItem wrappedKey)
1282	{
1283	CK_MECHANISM_TYPE inferred = pk11_mapWrapKeyType(pubKey->keyType);
1284	return PK11_PubWrapSymKeyWithMechanism(pubKey, inferred, NULL((void*)0), symKey,
1285	wrappedKey);
1286	}
1287
1288	/* This function wraps a symmetric key with a public key, such as with the
1289	* CKM_RSA_PKCS and CKM_RSA_PKCS_OAEP mechanisms. */
1290	SECStatus
1291	PK11_PubWrapSymKeyWithMechanism(SECKEYPublicKey *pubKey,
1292	CK_MECHANISM_TYPE mechType, SECItem *param,
1293	PK11SymKey symKey, SECItem wrappedKey)
1294	{
1295	PK11SlotInfo *slot;
1296	CK_ULONG len = wrappedKey->len;
1297	PK11SymKey newKey = NULL((void)0);
1298	CK_OBJECT_HANDLE id;
1299	CK_MECHANISM mechanism;
1300	PRBool owner = PR_TRUE1;
1301	CK_SESSION_HANDLE session;
1302	CK_RV crv;
1303
1304	if (symKey == NULL((void*)0)) {
1305	PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS);
1306	return SECFailure;
1307	}
1308
1309	/* if this slot doesn't support the mechanism, go to a slot that does */
1310	newKey = pk11_ForceSlot(symKey, mechType, CKA_ENCRYPT0x00000104UL);
1311	if (newKey != NULL((void*)0)) {
1312	symKey = newKey;
1313	}
1314
1315	if (symKey->slot == NULL((void*)0)) {
1316	PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MODULE);
1317	return SECFailure;
1318	}
1319
1320	slot = symKey->slot;
1321
1322	mechanism.mechanism = mechType;
1323	if (param == NULL((void*)0)) {
1324	mechanism.pParameter = NULL((void*)0);
1325	mechanism.ulParameterLen = 0;
1326	} else {
1327	mechanism.pParameter = param->data;
1328	mechanism.ulParameterLen = param->len;
1329	}
1330
1331	id = PK11_ImportPublicKey(slot, pubKey, PR_FALSE0);
1332	if (id == CK_INVALID_HANDLE0) {
1333	if (newKey) {
1334	PK11_FreeSymKey(newKey);
1335	}
1336	return SECFailure; /* Error code has been set. */
1337	}
1338
1339	session = pk11_GetNewSession(slot, &owner);
1340	if (!owner \|\| !(slot->isThreadSafe))
1341	PK11_EnterSlotMonitor(slot);
1342	crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_WrapKey(session, &mechanism,
1343	id, symKey->objectID, wrappedKey->data, &len);
1344	if (!owner \|\| !(slot->isThreadSafe))
1345	PK11_ExitSlotMonitor(slot);
1346	pk11_CloseSession(slot, session, owner);
1347	if (newKey) {
1348	PK11_FreeSymKey(newKey);
1349	}
1350
1351	if (crv != CKR_OK0x00000000UL) {
1352	PORT_SetErrorPORT_SetError_Util(PK11_MapError(crv));
1353	return SECFailure;
1354	}
1355	wrappedKey->len = len;
1356	return SECSuccess;
1357	}
1358
1359	/*
1360	* this little function uses the Encrypt function to wrap a key, just in
1361	* case we have problems with the wrap implementation for a token.
1362	*/
1363	static SECStatus
1364	pk11_HandWrap(PK11SymKey wrappingKey, SECItem param, CK_MECHANISM_TYPE type,
1365	SECItem inKey, SECItem outKey)
1366	{
1367	PK11SlotInfo *slot;
1368	CK_ULONG len;
1369	SECItem *data;
1370	CK_MECHANISM mech;
1371	PRBool owner = PR_TRUE1;
1372	CK_SESSION_HANDLE session;
1373	CK_RV crv;
1374
1375	slot = wrappingKey->slot;
1376	/* use NULL IV's for wrapping */
1377	mech.mechanism = type;
1378	if (param) {
1379	mech.pParameter = param->data;
1380	mech.ulParameterLen = param->len;
1381	} else {
1382	mech.pParameter = NULL((void*)0);
1383	mech.ulParameterLen = 0;
1384	}
1385	session = pk11_GetNewSession(slot, &owner);
1386	if (!owner \|\| !(slot->isThreadSafe))
1387	PK11_EnterSlotMonitor(slot);
1388	crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_EncryptInit(session, &mech,
1389	wrappingKey->objectID);
1390	if (crv != CKR_OK0x00000000UL) {
1391	if (!owner \|\| !(slot->isThreadSafe))
1392	PK11_ExitSlotMonitor(slot);
1393	pk11_CloseSession(slot, session, owner);
1394	PORT_SetErrorPORT_SetError_Util(PK11_MapError(crv));
1395	return SECFailure;
1396	}
1397
1398	/* keys are almost always aligned, but if we get this far,
1399	* we've gone above and beyond anyway... */
1400	data = PK11_BlockData(inKey, PK11_GetBlockSize(type, param));
1401	if (data == NULL((void*)0)) {
1402	if (!owner \|\| !(slot->isThreadSafe))
1403	PK11_ExitSlotMonitor(slot);
1404	pk11_CloseSession(slot, session, owner);
1405	PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY);
1406	return SECFailure;
1407	}
1408	len = outKey->len;
1409	crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_Encrypt(session, data->data, data->len,
1410	outKey->data, &len);
1411	if (!owner \|\| !(slot->isThreadSafe))
1412	PK11_ExitSlotMonitor(slot);
1413	pk11_CloseSession(slot, session, owner);
1414	SECITEM_FreeItemSECITEM_FreeItem_Util(data, PR_TRUE1);
1415	outKey->len = len;
1416	if (crv != CKR_OK0x00000000UL) {
1417	PORT_SetErrorPORT_SetError_Util(PK11_MapError(crv));
1418	return SECFailure;
1419	}
1420	return SECSuccess;
1421	}
1422
1423	/*
1424	* helper function which moves two keys into a new slot based on the
1425	* desired mechanism.
1426	*/
1427	static SECStatus
1428	pk11_moveTwoKeys(CK_MECHANISM_TYPE mech,
1429	CK_ATTRIBUTE_TYPE preferedOperation,
1430	CK_ATTRIBUTE_TYPE movingOperation,
1431	PK11SymKey preferedKey, PK11SymKey movingKey,
1432	PK11SymKey newPreferedKey, PK11SymKey newMovingKey)
1433	{
1434	PK11SlotInfo *newSlot;
1435	newMovingKey = NULL((void)0);
1436	newPreferedKey = NULL((void)0);
1437
1438	newSlot = PK11_GetBestSlot(mech, preferedKey->cx);
1439	if (newSlot == NULL((void*)0)) {
1440	return SECFailure;
1441	}
1442	*newMovingKey = pk11_CopyToSlot(newSlot, movingKey->type,
1443	movingOperation, movingKey);
1444	if (newMovingKey == NULL((void)0)) {
1445	goto loser;
1446	}
1447	*newPreferedKey = pk11_CopyToSlot(newSlot, preferedKey->type,
1448	preferedOperation, preferedKey);
1449	if (newPreferedKey == NULL((void)0)) {
1450	goto loser;
1451	}
1452
1453	PK11_FreeSlot(newSlot);
1454	return SECSuccess;
1455	loser:
1456	PK11_FreeSlot(newSlot);
1457	PK11_FreeSymKey(*newMovingKey);
1458	PK11_FreeSymKey(*newPreferedKey);
1459	newMovingKey = NULL((void)0);
1460	newPreferedKey = NULL((void)0);
1461	return SECFailure;
1462	}
1463
1464	/*
1465	* To do joint operations, we often need two keys in the same slot.
1466	* Usually the PKCS #11 wrappers handle this correctly (like for PK11_WrapKey),
1467	* but sometimes the wrappers don't know about mechanism specific keys in
1468	* the Mechanism params. This function makes sure the two keys are in the
1469	* same slot by copying one or both of the keys into a common slot. This
1470	* functions makes sure the slot can handle the target mechanism. If the copy
1471	* is warranted, this function will prefer to move the movingKey first, then
1472	* the preferedKey. If the keys are moved, the new keys are returned in
1473	* newMovingKey and/or newPreferedKey. The application is responsible
1474	* for freeing those keys once the operation is complete.
1475	*/
1476	SECStatus
1477	PK11_SymKeysToSameSlot(CK_MECHANISM_TYPE mech,
1478	CK_ATTRIBUTE_TYPE preferedOperation,
1479	CK_ATTRIBUTE_TYPE movingOperation,
1480	PK11SymKey preferedKey, PK11SymKey movingKey,
1481	PK11SymKey newPreferedKey, PK11SymKey newMovingKey)
1482	{
1483	/* usually don't return new keys */
1484	newMovingKey = NULL((void)0);
1485	newPreferedKey = NULL((void)0);
1486	if (movingKey->slot == preferedKey->slot) {
1487
1488	/* this should be the most common case */
1489	if ((preferedKey->slot != NULL((void*)0)) &&
1490	PK11_DoesMechanism(preferedKey->slot, mech)) {
1491	return SECSuccess;
1492	}
1493
1494	/* we are in the same slot, but it doesn't do the operation,
1495	* move both keys to an appropriate target slot */
1496	return pk11_moveTwoKeys(mech, preferedOperation, movingOperation,
1497	preferedKey, movingKey,
1498	newPreferedKey, newMovingKey);
1499	}
1500
1501	/* keys are in different slot, try moving the moving key to the prefered
1502	* key's slot */
1503	if ((preferedKey->slot != NULL((void*)0)) &&
1504	PK11_DoesMechanism(preferedKey->slot, mech)) {
1505	*newMovingKey = pk11_CopyToSlot(preferedKey->slot, movingKey->type,
1506	movingOperation, movingKey);
1507	if (newMovingKey != NULL((void)0)) {
1508	return SECSuccess;
1509	}
1510	}
1511	/* couldn't moving the moving key to the prefered slot, try moving
1512	* the prefered key */
1513	if ((movingKey->slot != NULL((void*)0)) &&
1514	PK11_DoesMechanism(movingKey->slot, mech)) {
1515	*newPreferedKey = pk11_CopyToSlot(movingKey->slot, preferedKey->type,
1516	preferedOperation, preferedKey);
1517	if (newPreferedKey != NULL((void)0)) {
1518	return SECSuccess;
1519	}
1520	}
1521	/* Neither succeeded, but that could be that they were not in slots that
1522	* supported the operation, try moving both keys into a common slot that
1523	* can do the operation. */
1524	return pk11_moveTwoKeys(mech, preferedOperation, movingOperation,
1525	preferedKey, movingKey,
1526	newPreferedKey, newMovingKey);
1527	}
1528
1529	/*
1530	* This function does a symetric based wrap.
1531	*/
1532	SECStatus
1533	PK11_WrapSymKey(CK_MECHANISM_TYPE type, SECItem *param,
1534	PK11SymKey wrappingKey, PK11SymKey symKey,
1535	SECItem *wrappedKey)
1536	{
1537	PK11SlotInfo *slot;
1538	CK_ULONG len = wrappedKey->len;
1539	PK11SymKey newSymKey = NULL((void)0);
1540	PK11SymKey newWrappingKey = NULL((void)0);
1541	SECItem param_save = NULL((void)0);
1542	CK_MECHANISM mechanism;
1543	PRBool owner = PR_TRUE1;
1544	CK_SESSION_HANDLE session;
1545	CK_RV crv;
1546	SECStatus rv;
1547
1548	/* force the keys into same slot */
1549	rv = PK11_SymKeysToSameSlot(type, CKA_ENCRYPT0x00000104UL, CKA_WRAP0x00000106UL,
1550	symKey, wrappingKey,
1551	&newSymKey, &newWrappingKey);
1552	if (rv != SECSuccess) {
1553	/* Couldn't move the keys as desired, try to hand unwrap if possible */
1554	if (symKey->data.data == NULL((void*)0)) {
1555	rv = PK11_ExtractKeyValue(symKey);
1556	if (rv != SECSuccess) {
1557	PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MODULE);
1558	return SECFailure;
1559	}
1560	}
1561	if (param == NULL((void*)0)) {
1562	param_save = param = PK11_ParamFromIV(type, NULL((void*)0));
1563	}
1564	rv = pk11_HandWrap(wrappingKey, param, type, &symKey->data, wrappedKey);
1565	if (param_save)
1566	SECITEM_FreeItemSECITEM_FreeItem_Util(param_save, PR_TRUE1);
1567	return rv;
1568	}
1569	if (newSymKey) {
1570	symKey = newSymKey;
1571	}
1572	if (newWrappingKey) {
1573	wrappingKey = newWrappingKey;
1574	}
1575
1576	/* at this point both keys are in the same token */
1577	slot = wrappingKey->slot;
1578	mechanism.mechanism = type;
1579	/* use NULL IV's for wrapping */
1580	if (param == NULL((void*)0)) {
1581	param_save = param = PK11_ParamFromIV(type, NULL((void*)0));
1582	}
1583	if (param) {
1584	mechanism.pParameter = param->data;
1585	mechanism.ulParameterLen = param->len;
1586	} else {
1587	mechanism.pParameter = NULL((void*)0);
1588	mechanism.ulParameterLen = 0;
1589	}
1590
1591	len = wrappedKey->len;
1592
1593	session = pk11_GetNewSession(slot, &owner);
1594	if (!owner \|\| !(slot->isThreadSafe))
1595	PK11_EnterSlotMonitor(slot);
1596	crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_WrapKey(session, &mechanism,
1597	wrappingKey->objectID, symKey->objectID,
1598	wrappedKey->data, &len);
1599	if (!owner \|\| !(slot->isThreadSafe))
1600	PK11_ExitSlotMonitor(slot);
1601	pk11_CloseSession(slot, session, owner);
1602	rv = SECSuccess;
1603	if (crv != CKR_OK0x00000000UL) {
1604	/* can't wrap it? try hand wrapping it... */
1605	do {
1606	if (symKey->data.data == NULL((void*)0)) {
1607	rv = PK11_ExtractKeyValue(symKey);
1608	if (rv != SECSuccess)
1609	break;
1610	}
1611	rv = pk11_HandWrap(wrappingKey, param, type, &symKey->data,
1612	wrappedKey);
1613	} while (PR_FALSE0);
1614	} else {
1615	wrappedKey->len = len;
1616	}
1617	PK11_FreeSymKey(newSymKey);
1618	PK11_FreeSymKey(newWrappingKey);
1619	if (param_save)
1620	SECITEM_FreeItemSECITEM_FreeItem_Util(param_save, PR_TRUE1);
1621	return rv;
1622	}
1623
1624	/*
1625	* This Generates a new key based on a symetricKey
1626	*/
1627	PK11SymKey *
1628	PK11_Derive(PK11SymKey baseKey, CK_MECHANISM_TYPE derive, SECItem param,
1629	CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation,
1630	int keySize)
1631	{
1632	return PK11_DeriveWithTemplate(baseKey, derive, param, target, operation,
1633	keySize, NULL((void*)0), 0, PR_FALSE0);
1634	}
1635
1636	PK11SymKey *
1637	PK11_DeriveWithFlags(PK11SymKey *baseKey, CK_MECHANISM_TYPE derive,
1638	SECItem *param, CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation,
1639	int keySize, CK_FLAGS flags)
1640	{
1641	CK_BBOOL ckTrue = CK_TRUE1;
1642	CK_ATTRIBUTE keyTemplate[MAX_TEMPL_ATTRS16];
1643	unsigned int templateCount;
1644
1645	templateCount = pk11_OpFlagsToAttributes(flags, keyTemplate, &ckTrue);
1646	return PK11_DeriveWithTemplate(baseKey, derive, param, target, operation,
1647	keySize, keyTemplate, templateCount, PR_FALSE0);
1648	}
1649
1650	PK11SymKey *
1651	PK11_DeriveWithFlagsPerm(PK11SymKey *baseKey, CK_MECHANISM_TYPE derive,
1652	SECItem *param, CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation,
1653	int keySize, CK_FLAGS flags, PRBool isPerm)
1654	{
1655	CK_BBOOL cktrue = CK_TRUE1;
1656	CK_ATTRIBUTE keyTemplate[MAX_TEMPL_ATTRS16];
1657	CK_ATTRIBUTE *attrs;
1658	unsigned int templateCount = 0;
1659
1660	attrs = keyTemplate;
1661	if (isPerm) {
1662	PK11_SETATTRS(attrs, CKA_TOKEN, &cktrue, sizeof(CK_BBOOL))(attrs)->type = (0x00000001UL); (attrs)->pValue = (& cktrue); (attrs)->ulValueLen = (sizeof(CK_BBOOL));;
1663	attrs++;
1664	}
1665	templateCount = attrs - keyTemplate;
1666	templateCount += pk11_OpFlagsToAttributes(flags, attrs, &cktrue);
1667	return PK11_DeriveWithTemplate(baseKey, derive, param, target, operation,
1668	keySize, keyTemplate, templateCount, isPerm);
1669	}
1670
1671	PK11SymKey *
1672	PK11_DeriveWithTemplate(PK11SymKey *baseKey, CK_MECHANISM_TYPE derive,
1673	SECItem *param, CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation,
1674	int keySize, CK_ATTRIBUTE *userAttr, unsigned int numAttrs,
1675	PRBool isPerm)
1676	{
1677	PK11SlotInfo *slot = baseKey->slot;
1678	PK11SymKey *symKey;
1679	PK11SymKey newBaseKey = NULL((void)0);
1680	CK_BBOOL cktrue = CK_TRUE1;
1681	CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY0x00000004UL;
1682	CK_KEY_TYPE keyType = CKK_GENERIC_SECRET0x00000010UL;
1683	CK_ULONG valueLen = 0;
1684	CK_MECHANISM mechanism;
1685	CK_RV crv;
1686	#define MAX_ADD_ATTRS 4
1687	CK_ATTRIBUTE keyTemplate[MAX_TEMPL_ATTRS16 + MAX_ADD_ATTRS];
1688	#undef MAX_ADD_ATTRS
1689	CK_ATTRIBUTE *attrs = keyTemplate;
1690	CK_SESSION_HANDLE session;
1691	unsigned int templateCount;
1692
1693	if (numAttrs > MAX_TEMPL_ATTRS16) {
1694	PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS);
1695	return NULL((void*)0);
1696	}
1697	/* CKA_NSS_MESSAGE is a fake operation to distinguish between
1698	* Normal Encrypt/Decrypt and MessageEncrypt/Decrypt. Don't try to set
1699	* it as a real attribute */
1700	if ((operation & CKA_NSS_MESSAGE_MASK0xff000000L) == CKA_NSS_MESSAGE0x82000000L) {
1701	/* Message is or'd with a real Attribute (CKA_ENCRYPT, CKA_DECRYPT),
1702	* etc. Strip out the real attribute here */
1703	operation &= ~CKA_NSS_MESSAGE_MASK0xff000000L;
1704	}
1705
1706	/* first copy caller attributes in. */
1707	for (templateCount = 0; templateCount < numAttrs; ++templateCount) {
1708	attrs++ = userAttr++;
1709	}
1710
1711	/* We only add the following attributes to the template if the caller
1712	** didn't already supply them.
1713	*/
1714	if (!pk11_FindAttrInTemplate(keyTemplate, numAttrs, CKA_CLASS0x00000000UL)) {
1715	PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, sizeof keyClass)(attrs)->type = (0x00000000UL); (attrs)->pValue = (& keyClass); (attrs)->ulValueLen = (sizeof keyClass);;
1716	attrs++;
1717	}
1718	if (!pk11_FindAttrInTemplate(keyTemplate, numAttrs, CKA_KEY_TYPE0x00000100UL)) {
1719	keyType = PK11_GetKeyType(target, keySize);
1720	PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof keyType)(attrs)->type = (0x00000100UL); (attrs)->pValue = (& keyType); (attrs)->ulValueLen = (sizeof keyType);;
1721	attrs++;
1722	}
1723	if (keySize > 0 &&
1724	!pk11_FindAttrInTemplate(keyTemplate, numAttrs, CKA_VALUE_LEN0x00000161UL)) {
1725	valueLen = (CK_ULONG)keySize;
1726	PK11_SETATTRS(attrs, CKA_VALUE_LEN, &valueLen, sizeof valueLen)(attrs)->type = (0x00000161UL); (attrs)->pValue = (& valueLen); (attrs)->ulValueLen = (sizeof valueLen);;
1727	attrs++;
1728	}
1729	if ((operation != CKA_FLAGS_ONLY0) &&
1730	!pk11_FindAttrInTemplate(keyTemplate, numAttrs, operation)) {
1731	PK11_SETATTRS(attrs, operation, &cktrue, sizeof cktrue)(attrs)->type = (operation); (attrs)->pValue = (&cktrue ); (attrs)->ulValueLen = (sizeof cktrue);;
1732	attrs++;
1733	}
1734
1735	templateCount = attrs - keyTemplate;
1736	PR_ASSERT(templateCount <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE))((templateCount <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE ))?((void)0):PR_Assert("templateCount <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE)" ,"/root/firefox-clang/security/nss/lib/pk11wrap/pk11skey.c",1736 ));
1737
1738	/* move the key to a slot that can do the function */
1739	if (!PK11_DoesMechanism(slot, derive)) {
1740	/* get a new base key & slot */
1741	PK11SlotInfo *newSlot = PK11_GetBestSlot(derive, baseKey->cx);
1742
1743	if (newSlot == NULL((void*)0))
1744	return NULL((void*)0);
1745
1746	newBaseKey = pk11_CopyToSlot(newSlot, derive, CKA_DERIVE0x0000010CUL,
1747	baseKey);
1748	PK11_FreeSlot(newSlot);
1749	if (newBaseKey == NULL((void*)0))
1750	return NULL((void*)0);
1751	baseKey = newBaseKey;
1752	slot = baseKey->slot;
1753	}
1754
1755	/* get our key Structure */
1756	symKey = pk11_CreateSymKey(slot, target, !isPerm, PR_TRUE1, baseKey->cx);
1757	if (symKey == NULL((void*)0)) {
1758	return NULL((void*)0);
1759	}
1760
1761	symKey->size = keySize;
1762
1763	mechanism.mechanism = derive;
1764	if (param) {
1765	mechanism.pParameter = param->data;
1766	mechanism.ulParameterLen = param->len;
1767	} else {
1768	mechanism.pParameter = NULL((void*)0);
1769	mechanism.ulParameterLen = 0;
1770	}
1771	symKey->origin = PK11_OriginDerive;
1772
1773	if (isPerm) {
1774	session = PK11_GetRWSession(slot);
1775	} else {
1776	pk11_EnterKeyMonitor(symKey);
1777	session = symKey->session;
1778	}
1779	if (session == CK_INVALID_HANDLE0) {
1780	if (!isPerm)
1781	pk11_ExitKeyMonitor(symKey);
1782	crv = CKR_SESSION_HANDLE_INVALID0x000000B3UL;
1783	} else {
1784	crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_DeriveKey(session, &mechanism,
1785	baseKey->objectID, keyTemplate, templateCount, &symKey->objectID);
1786	if (isPerm) {
1787	PK11_RestoreROSession(slot, session);
1788	} else {
1789	pk11_ExitKeyMonitor(symKey);
1790	}
1791	}
1792	if (newBaseKey)
1793	PK11_FreeSymKey(newBaseKey);
1794	if (crv != CKR_OK0x00000000UL) {
1795	PK11_FreeSymKey(symKey);
1796	PORT_SetErrorPORT_SetError_Util(PK11_MapError(crv));
1797	return NULL((void*)0);
1798	}
1799	return symKey;
1800	}
1801
1802	/* Create a new key by concatenating base and data
1803	*/
1804	static PK11SymKey *
1805	pk11_ConcatenateBaseAndData(PK11SymKey *base,
1806	CK_BYTE *data, CK_ULONG dataLen, CK_MECHANISM_TYPE target,
1807	CK_ATTRIBUTE_TYPE operation)
1808	{
1809	CK_KEY_DERIVATION_STRING_DATA mechParams;
1810	SECItem param;
1811
1812	if (base == NULL((void*)0)) {
1813	PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS);
1814	return NULL((void*)0);
1815	}
1816
1817	mechParams.pData = data;
1818	mechParams.ulLen = dataLen;
1819	param.data = (unsigned char *)&mechParams;
1820	param.len = sizeof(CK_KEY_DERIVATION_STRING_DATA);
1821
1822	return PK11_Derive(base, CKM_CONCATENATE_BASE_AND_DATA0x00000362UL,
1823	&param, target, operation, 0);
1824	}
1825
1826	/* Create a new key by concatenating base and key
1827	*/
1828	static PK11SymKey *
1829	pk11_ConcatenateBaseAndKey(PK11SymKey *base,
1830	PK11SymKey *key, CK_MECHANISM_TYPE target,
1831	CK_ATTRIBUTE_TYPE operation, CK_ULONG keySize)
1832	{
1833	SECItem param;
1834
1835	if ((base == NULL((void)0)) \|\| (key == NULL((void)0))) {
1836	PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS);
1837	return NULL((void*)0);
1838	}
1839
1840	param.data = (unsigned char *)&(key->objectID);
1841	param.len = sizeof(CK_OBJECT_HANDLE);
1842
1843	return PK11_Derive(base, CKM_CONCATENATE_BASE_AND_KEY0x00000360UL,
1844	&param, target, operation, keySize);
1845	}
1846
1847	PK11SymKey *
1848	PK11_ConcatSymKeys(PK11SymKey left, PK11SymKey right, CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation)
1849	{
1850	PK11SymKey out = NULL((void)0);
1851	PK11SymKey copyOfLeft = NULL((void)0);
1852	PK11SymKey copyOfRight = NULL((void)0);
1853
1854	if ((left == NULL((void)0)) \|\| (right == NULL((void)0))) {
1855	PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS);
1856	return NULL((void*)0);
1857	}
1858
1859	SECStatus rv = PK11_SymKeysToSameSlot(CKM_CONCATENATE_BASE_AND_KEY0x00000360UL,
1860	CKA_DERIVE0x0000010CUL, CKA_DERIVE0x0000010CUL, left, right,
1861	&copyOfLeft, &copyOfRight);
1862	if (rv != SECSuccess) {
1863	/* error code already set */
1864	return NULL((void*)0);
1865	}
1866
1867	out = pk11_ConcatenateBaseAndKey(copyOfLeft ? copyOfLeft : left, copyOfRight ? copyOfRight : right, target, operation, 0);
1868	PK11_FreeSymKey(copyOfLeft);
1869	PK11_FreeSymKey(copyOfRight);
1870	return out;
1871	}
1872
1873	/* Create a new key whose value is the hash of tobehashed.
1874	* type is the mechanism for the derived key.
1875	*/
1876	static PK11SymKey *
1877	pk11_HashKeyDerivation(PK11SymKey *toBeHashed,
1878	CK_MECHANISM_TYPE hashMechanism, CK_MECHANISM_TYPE target,
1879	CK_ATTRIBUTE_TYPE operation, CK_ULONG keySize)
1880	{
1881	return PK11_Derive(toBeHashed, hashMechanism, NULL((void*)0), target, operation, keySize);
1882	}
1883
1884	/* This function implements the ANSI X9.63 key derivation function
1885	*/
1886	static PK11SymKey *
1887	pk11_ANSIX963Derive(PK11SymKey *sharedSecret,
1888	CK_EC_KDF_TYPE kdf, SECItem *sharedData,
1889	CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation,
1890	CK_ULONG keySize)
1891	{
1892	CK_KEY_TYPE keyType;
1893	CK_MECHANISM_TYPE hashMechanism, mechanismArray[4];
1894	CK_ULONG derivedKeySize, HashLen, counter, maxCounter, bufferLen;
1895	CK_ULONG SharedInfoLen;
1896	CK_BYTE buffer = NULL((void)0);
1897	PK11SymKey toBeHashed, hashOutput;
1898	PK11SymKey newSharedSecret = NULL((void)0);
1899	PK11SymKey oldIntermediateResult, intermediateResult = NULL((void*)0);
1900
1901	if (sharedSecret == NULL((void*)0)) {
1902	PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS);
1903	return NULL((void*)0);
1904	}
1905
1906	switch (kdf) {
1907	case CKD_SHA1_KDF0x00000002UL:
1908	HashLen = SHA1_LENGTH20;
1909	hashMechanism = CKM_SHA1_KEY_DERIVATION0x00000392UL;
1910	break;
1911	case CKD_SHA224_KDF0x00000005UL:
1912	HashLen = SHA224_LENGTH28;
1913	hashMechanism = CKM_SHA224_KEY_DERIVATION0x00000396UL;
1914	break;
1915	case CKD_SHA256_KDF0x00000006UL:
1916	HashLen = SHA256_LENGTH32;
1917	hashMechanism = CKM_SHA256_KEY_DERIVATION0x00000393UL;
1918	break;
1919	case CKD_SHA384_KDF0x00000007UL:
1920	HashLen = SHA384_LENGTH48;
1921	hashMechanism = CKM_SHA384_KEY_DERIVATION0x00000394UL;
1922	break;
1923	case CKD_SHA512_KDF0x00000008UL:
1924	HashLen = SHA512_LENGTH64;
1925	hashMechanism = CKM_SHA512_KEY_DERIVATION0x00000395UL;
1926	break;
1927	default:
1928	PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS);
1929	return NULL((void*)0);
1930	}
1931
1932	derivedKeySize = keySize;
1933	if (derivedKeySize == 0) {
1934	keyType = PK11_GetKeyType(target, keySize);
1935	derivedKeySize = pk11_GetPredefinedKeyLength(keyType);
1936	if (derivedKeySize == 0) {
1937	derivedKeySize = HashLen;
1938	}
1939	}
1940
1941	/* Check that key_len isn't too long. The maximum key length could be
1942	* greatly increased if the code below did not limit the 4-byte counter
1943	* to a maximum value of 255. */
1944	if (derivedKeySize > 254 * HashLen) {
1945	PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS);
1946	return NULL((void*)0);
1947	}
1948
1949	maxCounter = derivedKeySize / HashLen;
1950	if (derivedKeySize > maxCounter * HashLen)
1951	maxCounter++;
1952
1953	if ((sharedData == NULL((void)0)) \|\| (sharedData->data == NULL((void)0)))
1954	SharedInfoLen = 0;
1955	else
1956	SharedInfoLen = sharedData->len;
1957
1958	bufferLen = SharedInfoLen + 4;
1959
1960	/* Populate buffer with Counter \|\| sharedData
1961	* where Counter is 0x00000001. */
1962	buffer = (unsigned char *)PORT_AllocPORT_Alloc_Util(bufferLen);
1963	if (buffer == NULL((void*)0)) {
1964	PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY);
1965	return NULL((void*)0);
1966	}
1967
1968	buffer[0] = 0;
1969	buffer[1] = 0;
1970	buffer[2] = 0;
1971	buffer[3] = 1;
1972	if (SharedInfoLen > 0) {
1973	PORT_Memcpymemcpy(&buffer[4], sharedData->data, SharedInfoLen);
1974	}
1975
1976	/* Look for a slot that supports the mechanisms needed
1977	* to implement the ANSI X9.63 KDF as well as the
1978	* target mechanism.
1979	*/
1980	mechanismArray[0] = CKM_CONCATENATE_BASE_AND_DATA0x00000362UL;
1981	mechanismArray[1] = hashMechanism;
1982	mechanismArray[2] = CKM_CONCATENATE_BASE_AND_KEY0x00000360UL;
1983	mechanismArray[3] = target;
1984
1985	newSharedSecret = pk11_ForceSlotMultiple(sharedSecret,
1986	mechanismArray, 4, operation);
1987	if (newSharedSecret != NULL((void*)0)) {
1988	sharedSecret = newSharedSecret;
1989	}
1990
1991	for (counter = 1; counter <= maxCounter; counter++) {
1992	/* Concatenate shared_secret and buffer */
1993	toBeHashed = pk11_ConcatenateBaseAndData(sharedSecret, buffer,
1994	bufferLen, hashMechanism, operation);
1995	if (toBeHashed == NULL((void*)0)) {
1996	goto loser;
1997	}
1998
1999	/* Hash value */
2000	if (maxCounter == 1) {
2001	/* In this case the length of the key to be derived is
2002	* less than or equal to the length of the hash output.
2003	* So, the output of the hash operation will be the
2004	* dervied key. */
2005	hashOutput = pk11_HashKeyDerivation(toBeHashed, hashMechanism,
2006	target, operation, keySize);
2007	} else {
2008	/* In this case, the output of the hash operation will be
2009	* concatenated with other data to create the derived key. */
2010	hashOutput = pk11_HashKeyDerivation(toBeHashed, hashMechanism,
2011	CKM_CONCATENATE_BASE_AND_KEY0x00000360UL, operation, 0);
2012	}
2013	PK11_FreeSymKey(toBeHashed);
2014	if (hashOutput == NULL((void*)0)) {
2015	goto loser;
2016	}
2017
2018	/* Append result to intermediate result, if necessary */
2019	oldIntermediateResult = intermediateResult;
2020
2021	if (oldIntermediateResult == NULL((void*)0)) {
2022	intermediateResult = hashOutput;
2023	} else {
2024	if (counter == maxCounter) {
2025	/* This is the final concatenation, and so the output
2026	* will be the derived key. */
2027	intermediateResult =
2028	pk11_ConcatenateBaseAndKey(oldIntermediateResult,
2029	hashOutput, target, operation, keySize);
2030	} else {
2031	/* The output of this concatenation will be concatenated
2032	* with other data to create the derived key. */
2033	intermediateResult =
2034	pk11_ConcatenateBaseAndKey(oldIntermediateResult,
2035	hashOutput, CKM_CONCATENATE_BASE_AND_KEY0x00000360UL,
2036	operation, 0);
2037	}
2038
2039	PK11_FreeSymKey(hashOutput);
2040	PK11_FreeSymKey(oldIntermediateResult);
2041	if (intermediateResult == NULL((void*)0)) {
2042	goto loser;
2043	}
2044	}
2045
2046	/* Increment counter (assumes maxCounter < 255) */
2047	buffer[3]++;
2048	}
2049
2050	PORT_ZFreePORT_ZFree_Util(buffer, bufferLen);
2051	if (newSharedSecret != NULL((void*)0))
2052	PK11_FreeSymKey(newSharedSecret);
2053	return intermediateResult;
2054
2055	loser:
2056	PORT_ZFreePORT_ZFree_Util(buffer, bufferLen);
2057	if (newSharedSecret != NULL((void*)0))
2058	PK11_FreeSymKey(newSharedSecret);
2059	if (intermediateResult != NULL((void*)0))
2060	PK11_FreeSymKey(intermediateResult);
2061	return NULL((void*)0);
2062	}
2063
2064	/*
2065	* This regenerate a public key from a private key. This function is currently
2066	* NSS private. If we want to make it public, we need to add and optional
2067	* template or at least flags (a.la. PK11_DeriveWithFlags).
2068	*/
2069	CK_OBJECT_HANDLE
2070	PK11_DerivePubKeyFromPrivKey(SECKEYPrivateKey *privKey)
2071	{
2072	PK11SlotInfo *slot = privKey->pkcs11Slot;
2073	CK_MECHANISM mechanism;
2074	CK_OBJECT_HANDLE objectID = CK_INVALID_HANDLE0;
2075	CK_RV crv;
2076
2077	mechanism.mechanism = CKM_NSS_PUB_FROM_PRIV((0x80000000UL \| 0x4E534350) + 40);
2078	mechanism.pParameter = NULL((void*)0);
2079	mechanism.ulParameterLen = 0;
2080
2081	PK11_EnterSlotMonitor(slot);
2082	crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_DeriveKey(slot->session, &mechanism,
2083	privKey->pkcs11ID, NULL((void*)0), 0,
2084	&objectID);
2085	PK11_ExitSlotMonitor(slot);
2086	if (crv != CKR_OK0x00000000UL) {
2087	PORT_SetErrorPORT_SetError_Util(PK11_MapError(crv));
2088	return CK_INVALID_HANDLE0;
2089	}
2090	return objectID;
2091	}
2092
2093	/*
2094	* This Generates a wrapping key based on a privateKey, publicKey, and two
2095	* random numbers. For Mail usage RandomB should be NULL. In the Sender's
2096	* case RandomA is generate, otherwise it is passed.
2097	*/
2098	PK11SymKey *
2099	PK11_PubDerive(SECKEYPrivateKey privKey, SECKEYPublicKey pubKey,
2100	PRBool isSender, SECItem randomA, SECItem randomB,
2101	CK_MECHANISM_TYPE derive, CK_MECHANISM_TYPE target,
2102	CK_ATTRIBUTE_TYPE operation, int keySize, void *wincx)
2103	{
2104	PK11SlotInfo *slot = privKey->pkcs11Slot;
2105	CK_MECHANISM mechanism;
2106	PK11SymKey *symKey;
2107	CK_RV crv;
2108
2109	/* get our key Structure */
2110	symKey = pk11_CreateSymKey(slot, target, PR_TRUE1, PR_TRUE1, wincx);
2111	if (symKey == NULL((void*)0)) {
2112	return NULL((void*)0);
2113	}
2114
2115	/* CKA_NSS_MESSAGE is a fake operation to distinguish between
2116	* Normal Encrypt/Decrypt and MessageEncrypt/Decrypt. Don't try to set
2117	* it as a real attribute */
2118	if ((operation & CKA_NSS_MESSAGE_MASK0xff000000L) == CKA_NSS_MESSAGE0x82000000L) {
2119	/* Message is or'd with a real Attribute (CKA_ENCRYPT, CKA_DECRYPT),
2120	* etc. Strip out the real attribute here */
2121	operation &= ~CKA_NSS_MESSAGE_MASK0xff000000L;
2122	}
2123
2124	symKey->origin = PK11_OriginDerive;
2125
2126	switch (privKey->keyType) {
2127	case rsaKey:
2128	case rsaPssKey:
2129	case rsaOaepKey:
2130	case kyberKey:
2131	case nullKey:
2132	case edKey:
2133	case ecMontKey:
2134	PORT_SetErrorPORT_SetError_Util(SEC_ERROR_BAD_KEY);
2135	break;
2136	case dsaKey:
2137	case keaKey:
2138	case fortezzaKey: {
2139	static unsigned char rb_email[128] = { 0 };
2140	CK_KEA_DERIVE_PARAMS param;
2141	param.isSender = (CK_BBOOL)isSender;
2142	param.ulRandomLen = randomA->len;
2143	param.pRandomA = randomA->data;
2144	param.pRandomB = rb_email;
2145	param.pRandomB[127] = 1;
2146	if (randomB)
2147	param.pRandomB = randomB->data;
2148	if (pubKey->keyType == fortezzaKey) {
2149	param.ulPublicDataLen = pubKey->u.fortezza.KEAKey.len;
2150	param.pPublicData = pubKey->u.fortezza.KEAKey.data;
2151	} else {
2152	/* assert type == keaKey */
2153	/* XXX change to match key key types */
2154	param.ulPublicDataLen = pubKey->u.fortezza.KEAKey.len;
2155	param.pPublicData = pubKey->u.fortezza.KEAKey.data;
2156	}
2157
2158	mechanism.mechanism = derive;
2159	mechanism.pParameter = &param;
2160	mechanism.ulParameterLen = sizeof(param);
2161
2162	/* get a new symKey structure */
2163	pk11_EnterKeyMonitor(symKey);
2164	crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_DeriveKey(symKey->session, &mechanism,
2165	privKey->pkcs11ID, NULL((void*)0), 0,
2166	&symKey->objectID);
2167	pk11_ExitKeyMonitor(symKey);
2168	if (crv == CKR_OK0x00000000UL)
2169	return symKey;
2170	PORT_SetErrorPORT_SetError_Util(PK11_MapError(crv));
2171	} break;
2172	case dhKey: {
2173	CK_BBOOL cktrue = CK_TRUE1;
2174	CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY0x00000004UL;
2175	CK_KEY_TYPE keyType = CKK_GENERIC_SECRET0x00000010UL;
2176	CK_ULONG key_size = 0;
2177	CK_ATTRIBUTE keyTemplate[4];
2178	int templateCount;
2179	CK_ATTRIBUTE *attrs = keyTemplate;
2180
2181	if (pubKey->keyType != dhKey) {
2182	PORT_SetErrorPORT_SetError_Util(SEC_ERROR_BAD_KEY);
2183	break;
2184	}
2185
2186	PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, sizeof(keyClass))(attrs)->type = (0x00000000UL); (attrs)->pValue = (& keyClass); (attrs)->ulValueLen = (sizeof(keyClass));;
2187	attrs++;
2188	PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof(keyType))(attrs)->type = (0x00000100UL); (attrs)->pValue = (& keyType); (attrs)->ulValueLen = (sizeof(keyType));;
2189	attrs++;
2190	PK11_SETATTRS(attrs, operation, &cktrue, 1)(attrs)->type = (operation); (attrs)->pValue = (&cktrue ); (attrs)->ulValueLen = (1);;
2191	attrs++;
2192	PK11_SETATTRS(attrs, CKA_VALUE_LEN, &key_size, sizeof(key_size))(attrs)->type = (0x00000161UL); (attrs)->pValue = (& key_size); (attrs)->ulValueLen = (sizeof(key_size));;
2193	attrs++;
2194	templateCount = attrs - keyTemplate;
2195	PR_ASSERT(templateCount <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE))((templateCount <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE ))?((void)0):PR_Assert("templateCount <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE)" ,"/root/firefox-clang/security/nss/lib/pk11wrap/pk11skey.c",2195 ));
2196
2197	keyType = PK11_GetKeyType(target, keySize);
2198	key_size = keySize;
2199	symKey->size = keySize;
2200	if (key_size == 0)
2201	templateCount--;
2202
2203	mechanism.mechanism = derive;
2204
2205	/* we can undefine these when we define diffie-helman keys */
2206
2207	mechanism.pParameter = pubKey->u.dh.publicValue.data;
2208	mechanism.ulParameterLen = pubKey->u.dh.publicValue.len;
2209
2210	pk11_EnterKeyMonitor(symKey);
2211	crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_DeriveKey(symKey->session, &mechanism,
2212	privKey->pkcs11ID, keyTemplate,
2213	templateCount, &symKey->objectID);
2214	pk11_ExitKeyMonitor(symKey);
2215	if (crv == CKR_OK0x00000000UL)
2216	return symKey;
2217	PORT_SetErrorPORT_SetError_Util(PK11_MapError(crv));
2218	} break;
2219	case ecKey: {
2220	CK_BBOOL cktrue = CK_TRUE1;
2221	CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY0x00000004UL;
2222	CK_KEY_TYPE keyType = CKK_GENERIC_SECRET0x00000010UL;
2223	CK_ULONG key_size = 0;
2224	CK_ATTRIBUTE keyTemplate[4];
2225	int templateCount;
2226	CK_ATTRIBUTE *attrs = keyTemplate;
2227	CK_ECDH1_DERIVE_PARAMS mechParams = NULL((void)0);
2228
2229	if (pubKey->keyType != ecKey) {
2230	PORT_SetErrorPORT_SetError_Util(SEC_ERROR_BAD_KEY);
2231	break;
2232	}
2233
2234	PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, sizeof(keyClass))(attrs)->type = (0x00000000UL); (attrs)->pValue = (& keyClass); (attrs)->ulValueLen = (sizeof(keyClass));;
2235	attrs++;
2236	PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof(keyType))(attrs)->type = (0x00000100UL); (attrs)->pValue = (& keyType); (attrs)->ulValueLen = (sizeof(keyType));;
2237	attrs++;
2238	PK11_SETATTRS(attrs, operation, &cktrue, 1)(attrs)->type = (operation); (attrs)->pValue = (&cktrue ); (attrs)->ulValueLen = (1);;
2239	attrs++;
2240	PK11_SETATTRS(attrs, CKA_VALUE_LEN, &key_size, sizeof(key_size))(attrs)->type = (0x00000161UL); (attrs)->pValue = (& key_size); (attrs)->ulValueLen = (sizeof(key_size));;
2241	attrs++;
2242	templateCount = attrs - keyTemplate;
2243	PR_ASSERT(templateCount <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE))((templateCount <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE ))?((void)0):PR_Assert("templateCount <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE)" ,"/root/firefox-clang/security/nss/lib/pk11wrap/pk11skey.c",2243 ));
2244
2245	keyType = PK11_GetKeyType(target, keySize);
2246	key_size = keySize;
2247	if (key_size == 0) {
2248	if ((key_size = pk11_GetPredefinedKeyLength(keyType))) {
2249	templateCount--;
2250	} else {
2251	/* sigh, some tokens can't figure this out and require
2252	* CKA_VALUE_LEN to be set */
2253	key_size = SHA1_LENGTH20;
2254	}
2255	}
2256	symKey->size = key_size;
2257
2258	mechParams = PORT_ZNew(CK_ECDH1_DERIVE_PARAMS)(CK_ECDH1_DERIVE_PARAMS *)PORT_ZAlloc_Util(sizeof(CK_ECDH1_DERIVE_PARAMS ));
2259	mechParams->kdf = CKD_SHA1_KDF0x00000002UL;
2260	mechParams->ulSharedDataLen = 0;
2261	mechParams->pSharedData = NULL((void*)0);
2262	mechParams->ulPublicDataLen = pubKey->u.ec.publicValue.len;
2263	mechParams->pPublicData = pubKey->u.ec.publicValue.data;
2264
2265	mechanism.mechanism = derive;
2266	mechanism.pParameter = mechParams;
2267	mechanism.ulParameterLen = sizeof(CK_ECDH1_DERIVE_PARAMS);
2268
2269	pk11_EnterKeyMonitor(symKey);
2270	crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_DeriveKey(symKey->session,
2271	&mechanism, privKey->pkcs11ID, keyTemplate,
2272	templateCount, &symKey->objectID);
2273	pk11_ExitKeyMonitor(symKey);
2274
2275	/* old PKCS #11 spec was ambiguous on what needed to be passed,
2276	* try this again with and encoded public key */
2277	if (crv != CKR_OK0x00000000UL && pk11_ECGetPubkeyEncoding(pubKey) != ECPoint_XOnly) {
2278	SECItem pubValue = SEC_ASN1EncodeItemSEC_ASN1EncodeItem_Util(NULL((void)0), NULL((void*)0),
2279	&pubKey->u.ec.publicValue,
2280	SEC_ASN1_GET(SEC_OctetStringTemplate)SEC_OctetStringTemplate_Util);
2281	if (pubValue == NULL((void*)0)) {
2282	PORT_ZFreePORT_ZFree_Util(mechParams, sizeof(CK_ECDH1_DERIVE_PARAMS));
2283	break;
2284	}
2285	mechParams->ulPublicDataLen = pubValue->len;
2286	mechParams->pPublicData = pubValue->data;
2287
2288	pk11_EnterKeyMonitor(symKey);
2289	crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_DeriveKey(symKey->session,
2290	&mechanism, privKey->pkcs11ID, keyTemplate,
2291	templateCount, &symKey->objectID);
2292	pk11_ExitKeyMonitor(symKey);
2293
2294	SECITEM_FreeItemSECITEM_FreeItem_Util(pubValue, PR_TRUE1);
2295	}
2296
2297	PORT_ZFreePORT_ZFree_Util(mechParams, sizeof(CK_ECDH1_DERIVE_PARAMS));
2298
2299	if (crv == CKR_OK0x00000000UL)
2300	return symKey;
2301	PORT_SetErrorPORT_SetError_Util(PK11_MapError(crv));
2302	}
2303	}
2304
2305	PK11_FreeSymKey(symKey);
2306	return NULL((void*)0);
2307	}
2308
2309	/* Test for curves that are known to use a special encoding.
2310	* Extend this function when additional curves are added. */
2311	static ECPointEncoding
2312	pk11_ECGetPubkeyEncoding(const SECKEYPublicKey *pubKey)
2313	{
2314	SECItem oid;
2315	SECStatus rv;
2316	PORTCheapArenaPool tmpArena;
2317	ECPointEncoding encoding = ECPoint_Undefined;
2318
2319	PORT_InitCheapArena(&tmpArena, DER_DEFAULT_CHUNKSIZE(2048));
2320
2321	/* decode the OID tag */
2322	rv = SEC_QuickDERDecodeItemSEC_QuickDERDecodeItem_Util(&tmpArena.arena, &oid,
2323	SEC_ASN1_GET(SEC_ObjectIDTemplate)SEC_ObjectIDTemplate_Util,
2324	&pubKey->u.ec.DEREncodedParams);
2325	if (rv == SECSuccess) {
2326	SECOidTag tag = SECOID_FindOIDTagSECOID_FindOIDTag_Util(&oid);
2327	switch (tag) {
2328	case SEC_OID_X25519:
2329	case SEC_OID_CURVE25519:
2330	encoding = ECPoint_XOnly;
2331	break;
2332	case SEC_OID_SECG_EC_SECP256R1SEC_OID_ANSIX962_EC_PRIME256V1:
2333	case SEC_OID_SECG_EC_SECP384R1:
2334	case SEC_OID_SECG_EC_SECP521R1:
2335	default:
2336	/* unknown curve, default to uncompressed */
2337	encoding = ECPoint_Uncompressed;
2338	}
2339	}
2340	PORT_DestroyCheapArena(&tmpArena);
2341	return encoding;
2342	}
2343
2344	/* Returns the size of the public key, or 0 if there
2345	* is an error. */
2346	static CK_ULONG
2347	pk11_ECPubKeySize(SECKEYPublicKey *pubKey)
2348	{
2349	SECItem *publicValue = &pubKey->u.ec.publicValue;
2350
2351	ECPointEncoding encoding = pk11_ECGetPubkeyEncoding(pubKey);
2352	if (encoding == ECPoint_XOnly) {
2353	return publicValue->len;
2354	}
2355	if (encoding == ECPoint_Uncompressed) {
2356	/* key encoded in uncompressed form */
2357	return ((publicValue->len - 1) / 2);
2358	}
2359	/* key encoding not recognized */
2360	return 0;
2361	}
2362
2363	static PK11SymKey *
2364	pk11_PubDeriveECKeyWithKDF(
2365	SECKEYPrivateKey privKey, SECKEYPublicKey pubKey,
2366	PRBool isSender, SECItem randomA, SECItem randomB,
2367	CK_MECHANISM_TYPE derive, CK_MECHANISM_TYPE target,
2368	CK_ATTRIBUTE_TYPE operation, int keySize,
2369	CK_ULONG kdf, SECItem sharedData, void wincx)
2370	{
2371	PK11SlotInfo *slot = privKey->pkcs11Slot;
2372	PK11SymKey *symKey;
2373	PK11SymKey *SharedSecret;
2374	CK_MECHANISM mechanism;
2375	CK_RV crv;
2376	CK_BBOOL cktrue = CK_TRUE1;
2377	CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY0x00000004UL;
2378	CK_KEY_TYPE keyType = CKK_GENERIC_SECRET0x00000010UL;
2379	CK_ULONG key_size = 0;
2380	CK_ATTRIBUTE keyTemplate[4];
2381	int templateCount;
2382	CK_ATTRIBUTE *attrs = keyTemplate;
2383	CK_ECDH1_DERIVE_PARAMS mechParams = NULL((void)0);
2384
2385	if (pubKey->keyType != ecKey && pubKey->keyType != ecMontKey) {
2386	PORT_SetErrorPORT_SetError_Util(SEC_ERROR_BAD_KEY);
2387	return NULL((void*)0);
2388	}
2389	if ((kdf != CKD_NULL0x00000001UL) && (kdf != CKD_SHA1_KDF0x00000002UL) &&
2390	(kdf != CKD_SHA224_KDF0x00000005UL) && (kdf != CKD_SHA256_KDF0x00000006UL) &&
2391	(kdf != CKD_SHA384_KDF0x00000007UL) && (kdf != CKD_SHA512_KDF0x00000008UL)) {
2392	PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ALGORITHM);
2393	return NULL((void*)0);
2394	}
2395
2396	/* get our key Structure */
2397	symKey = pk11_CreateSymKey(slot, target, PR_TRUE1, PR_TRUE1, wincx);
2398	if (symKey == NULL((void*)0)) {
2399	return NULL((void*)0);
2400	}
2401	/* CKA_NSS_MESSAGE is a fake operation to distinguish between
2402	* Normal Encrypt/Decrypt and MessageEncrypt/Decrypt. Don't try to set
2403	* it as a real attribute */
2404	if ((operation & CKA_NSS_MESSAGE_MASK0xff000000L) == CKA_NSS_MESSAGE0x82000000L) {
2405	/* Message is or'd with a real Attribute (CKA_ENCRYPT, CKA_DECRYPT),
2406	* etc. Strip out the real attribute here */
2407	operation &= ~CKA_NSS_MESSAGE_MASK0xff000000L;
2408	}
2409
2410	symKey->origin = PK11_OriginDerive;
2411
2412	PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, sizeof(keyClass))(attrs)->type = (0x00000000UL); (attrs)->pValue = (& keyClass); (attrs)->ulValueLen = (sizeof(keyClass));;
2413	attrs++;
2414	PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof(keyType))(attrs)->type = (0x00000100UL); (attrs)->pValue = (& keyType); (attrs)->ulValueLen = (sizeof(keyType));;
2415	attrs++;
2416	PK11_SETATTRS(attrs, operation, &cktrue, 1)(attrs)->type = (operation); (attrs)->pValue = (&cktrue ); (attrs)->ulValueLen = (1);;
2417	attrs++;
2418	PK11_SETATTRS(attrs, CKA_VALUE_LEN, &key_size, sizeof(key_size))(attrs)->type = (0x00000161UL); (attrs)->pValue = (& key_size); (attrs)->ulValueLen = (sizeof(key_size));;
2419	attrs++;
2420	templateCount = attrs - keyTemplate;
2421	PR_ASSERT(templateCount <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE))((templateCount <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE ))?((void)0):PR_Assert("templateCount <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE)" ,"/root/firefox-clang/security/nss/lib/pk11wrap/pk11skey.c",2421 ));
2422
2423	keyType = PK11_GetKeyType(target, keySize);
2424	key_size = keySize;
2425	if (key_size == 0) {
2426	if ((key_size = pk11_GetPredefinedKeyLength(keyType))) {
2427	templateCount--;
2428	} else {
2429	/* sigh, some tokens can't figure this out and require
2430	* CKA_VALUE_LEN to be set */
2431	switch (kdf) {
2432	case CKD_NULL0x00000001UL:
2433	key_size = pk11_ECPubKeySize(pubKey);
2434	if (key_size == 0) {
2435	PK11_FreeSymKey(symKey);
2436	return NULL((void*)0);
2437	}
2438	break;
2439	case CKD_SHA1_KDF0x00000002UL:
2440	key_size = SHA1_LENGTH20;
2441	break;
2442	case CKD_SHA224_KDF0x00000005UL:
2443	key_size = SHA224_LENGTH28;
2444	break;
2445	case CKD_SHA256_KDF0x00000006UL:
2446	key_size = SHA256_LENGTH32;
2447	break;
2448	case CKD_SHA384_KDF0x00000007UL:
2449	key_size = SHA384_LENGTH48;
2450	break;
2451	case CKD_SHA512_KDF0x00000008UL:
2452	key_size = SHA512_LENGTH64;
2453	break;
2454	default:
2455	PORT_AssertNotReached("Invalid CKD")PR_Assert("Invalid CKD","/root/firefox-clang/security/nss/lib/pk11wrap/pk11skey.c" ,2455);
2456	PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ALGORITHM);
2457	PK11_FreeSymKey(symKey);
2458	return NULL((void*)0);
2459	}
2460	}
2461	}
2462	symKey->size = key_size;
2463
2464	mechParams = PORT_ZNew(CK_ECDH1_DERIVE_PARAMS)(CK_ECDH1_DERIVE_PARAMS *)PORT_ZAlloc_Util(sizeof(CK_ECDH1_DERIVE_PARAMS ));
2465	if (!mechParams) {
2466	PK11_FreeSymKey(symKey);
2467	return NULL((void*)0);
2468	}
2469	mechParams->kdf = kdf;
2470	if (sharedData == NULL((void*)0)) {
2471	mechParams->ulSharedDataLen = 0;
2472	mechParams->pSharedData = NULL((void*)0);
2473	} else {
2474	mechParams->ulSharedDataLen = sharedData->len;
2475	mechParams->pSharedData = sharedData->data;
2476	}
2477	mechParams->ulPublicDataLen = pubKey->u.ec.publicValue.len;
2478	mechParams->pPublicData = pubKey->u.ec.publicValue.data;
2479
2480	mechanism.mechanism = derive;
2481	mechanism.pParameter = mechParams;
2482	mechanism.ulParameterLen = sizeof(CK_ECDH1_DERIVE_PARAMS);
2483
2484	pk11_EnterKeyMonitor(symKey);
2485	crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_DeriveKey(symKey->session, &mechanism,
2486	privKey->pkcs11ID, keyTemplate,
2487	templateCount, &symKey->objectID);
2488	pk11_ExitKeyMonitor(symKey);
2489
2490	/* old PKCS #11 spec was ambiguous on what needed to be passed,
2491	* try this again with an encoded public key */
2492	if (crv != CKR_OK0x00000000UL) {
2493	/* For curves that only use X as public value and no encoding we don't
2494	* have to try again. (Currently only Curve25519) */
2495	if (pk11_ECGetPubkeyEncoding(pubKey) == ECPoint_XOnly) {
2496	goto loser;
2497	}
2498	SECItem pubValue = SEC_ASN1EncodeItemSEC_ASN1EncodeItem_Util(NULL((void)0), NULL((void*)0),
2499	&pubKey->u.ec.publicValue,
2500	SEC_ASN1_GET(SEC_OctetStringTemplate)SEC_OctetStringTemplate_Util);
2501	if (pubValue == NULL((void*)0)) {
2502	goto loser;
2503	}
2504	mechParams->ulPublicDataLen = pubValue->len;
2505	mechParams->pPublicData = pubValue->data;
2506
2507	pk11_EnterKeyMonitor(symKey);
2508	crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_DeriveKey(symKey->session,
2509	&mechanism, privKey->pkcs11ID, keyTemplate,
2510	templateCount, &symKey->objectID);
2511	pk11_ExitKeyMonitor(symKey);
2512
2513	if ((crv != CKR_OK0x00000000UL) && (kdf != CKD_NULL0x00000001UL)) {
2514	/* Some PKCS #11 libraries cannot perform the key derivation
2515	* function. So, try calling C_DeriveKey with CKD_NULL and then
2516	* performing the KDF separately.
2517	*/
2518	CK_ULONG derivedKeySize = key_size;
2519
2520	keyType = CKK_GENERIC_SECRET0x00000010UL;
2521	key_size = pk11_ECPubKeySize(pubKey);
2522	if (key_size == 0) {
2523	SECITEM_FreeItemSECITEM_FreeItem_Util(pubValue, PR_TRUE1);
2524	goto loser;
2525	}
2526	SharedSecret = symKey;
2527	SharedSecret->size = key_size;
2528
2529	mechParams->kdf = CKD_NULL0x00000001UL;
2530	mechParams->ulSharedDataLen = 0;
2531	mechParams->pSharedData = NULL((void*)0);
2532	mechParams->ulPublicDataLen = pubKey->u.ec.publicValue.len;
2533	mechParams->pPublicData = pubKey->u.ec.publicValue.data;
2534
2535	pk11_EnterKeyMonitor(SharedSecret);
2536	crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_DeriveKey(SharedSecret->session,
2537	&mechanism, privKey->pkcs11ID, keyTemplate,
2538	templateCount, &SharedSecret->objectID);
2539	pk11_ExitKeyMonitor(SharedSecret);
2540
2541	if (crv != CKR_OK0x00000000UL) {
2542	/* old PKCS #11 spec was ambiguous on what needed to be passed,
2543	* try this one final time with an encoded public key */
2544	mechParams->ulPublicDataLen = pubValue->len;
2545	mechParams->pPublicData = pubValue->data;
2546
2547	pk11_EnterKeyMonitor(SharedSecret);
2548	crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_DeriveKey(SharedSecret->session,
2549	&mechanism, privKey->pkcs11ID, keyTemplate,
2550	templateCount, &SharedSecret->objectID);
2551	pk11_ExitKeyMonitor(SharedSecret);
2552	}
2553
2554	/* Perform KDF. */
2555	if (crv == CKR_OK0x00000000UL) {
2556	symKey = pk11_ANSIX963Derive(SharedSecret, kdf,
2557	sharedData, target, operation,
2558	derivedKeySize);
2559	PK11_FreeSymKey(SharedSecret);
2560	if (symKey == NULL((void*)0)) {
2561	SECITEM_FreeItemSECITEM_FreeItem_Util(pubValue, PR_TRUE1);
2562	PORT_ZFreePORT_ZFree_Util(mechParams, sizeof(CK_ECDH1_DERIVE_PARAMS));
2563	return NULL((void*)0);
2564	}
2565	}
2566	}
2567	SECITEM_FreeItemSECITEM_FreeItem_Util(pubValue, PR_TRUE1);
2568	}
2569
2570	loser:
2571	PORT_ZFreePORT_ZFree_Util(mechParams, sizeof(CK_ECDH1_DERIVE_PARAMS));
2572
2573	if (crv != CKR_OK0x00000000UL) {
2574	PK11_FreeSymKey(symKey);
2575	symKey = NULL((void*)0);
2576	PORT_SetErrorPORT_SetError_Util(PK11_MapError(crv));
2577	}
2578	return symKey;
2579	}
2580
2581	PK11SymKey *
2582	PK11_PubDeriveWithKDF(SECKEYPrivateKey privKey, SECKEYPublicKey pubKey,
2583	PRBool isSender, SECItem randomA, SECItem randomB,
2584	CK_MECHANISM_TYPE derive, CK_MECHANISM_TYPE target,
2585	CK_ATTRIBUTE_TYPE operation, int keySize,
2586	CK_ULONG kdf, SECItem sharedData, void wincx)
2587	{
2588
2589	switch (privKey->keyType) {
2590	case rsaKey:
2591	case nullKey:
2592	case dsaKey:
2593	case keaKey:
2594	case fortezzaKey:
2595	case dhKey:
2596	return PK11_PubDerive(privKey, pubKey, isSender, randomA, randomB,
2597	derive, target, operation, keySize, wincx);
2598	case ecKey:
2599	case ecMontKey:
2600	return pk11_PubDeriveECKeyWithKDF(privKey, pubKey, isSender,
2601	randomA, randomB, derive, target,
2602	operation, keySize,
2603	kdf, sharedData, wincx);
2604	default:
2605	PORT_SetErrorPORT_SetError_Util(SEC_ERROR_BAD_KEY);
2606	break;
2607	}
2608
2609	return NULL((void*)0);
2610	}
2611
2612	/*
2613	* this little function uses the Decrypt function to unwrap a key, just in
2614	* case we are having problem with unwrap. NOTE: The key size may
2615	* not be preserved properly for some algorithms!
2616	*/
2617	static PK11SymKey *
2618	pk11_HandUnwrap(PK11SlotInfo *slot, CK_OBJECT_HANDLE wrappingKey,
2619	CK_MECHANISM mech, SECItem inKey, CK_MECHANISM_TYPE target,
2620	CK_ATTRIBUTE *keyTemplate, unsigned int templateCount,
2621	int key_size, void wincx, CK_RV crvp, PRBool isPerm)
2622	{
2623	CK_ULONG len;
2624	SECItem outKey;
2625	PK11SymKey *symKey;
2626	CK_RV crv;
2627	PRBool owner = PR_TRUE1;
2628	CK_SESSION_HANDLE session;
2629
2630	/* remove any VALUE_LEN parameters */
2631	if (keyTemplate[templateCount - 1].type == CKA_VALUE_LEN0x00000161UL) {
2632	templateCount--;
2633	}
2634
2635	/* keys are almost always aligned, but if we get this far,
2636	* we've gone above and beyond anyway... */
2637	outKey.data = (unsigned char *)PORT_AllocPORT_Alloc_Util(inKey->len);
2638	if (outKey.data == NULL((void*)0)) {
2639	PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY);
2640	if (crvp)
2641	*crvp = CKR_HOST_MEMORY0x00000002UL;
2642	return NULL((void*)0);
2643	}
2644	len = inKey->len;
2645
2646	/* use NULL IV's for wrapping */
2647	session = pk11_GetNewSession(slot, &owner);
2648	if (!owner \|\| !(slot->isThreadSafe))
2649	PK11_EnterSlotMonitor(slot);
2650	crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_DecryptInit(session, mech, wrappingKey);
2651	if (crv != CKR_OK0x00000000UL) {
2652	if (!owner \|\| !(slot->isThreadSafe))
2653	PK11_ExitSlotMonitor(slot);
2654	pk11_CloseSession(slot, session, owner);
2655	PORT_FreePORT_Free_Util(outKey.data);
2656	PORT_SetErrorPORT_SetError_Util(PK11_MapError(crv));
2657	if (crvp)
2658	*crvp = crv;
2659	return NULL((void*)0);
2660	}
2661	crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_Decrypt(session, inKey->data, inKey->len,
2662	outKey.data, &len);
2663	if (!owner \|\| !(slot->isThreadSafe))
2664	PK11_ExitSlotMonitor(slot);
2665	pk11_CloseSession(slot, session, owner);
2666	if (crv != CKR_OK0x00000000UL) {
2667	PORT_FreePORT_Free_Util(outKey.data);
2668	PORT_SetErrorPORT_SetError_Util(PK11_MapError(crv));
2669	if (crvp)
2670	*crvp = crv;
2671	return NULL((void*)0);
2672	}
2673
2674	outKey.len = (key_size == 0) ? len : key_size;
2675	outKey.type = siBuffer;
2676
2677	if (PK11_DoesMechanism(slot, target)) {
2678	symKey = pk11_ImportSymKeyWithTempl(slot, target, PK11_OriginUnwrap,
2679	isPerm, keyTemplate,
2680	templateCount, &outKey, wincx);
2681	} else {
2682	slot = PK11_GetBestSlot(target, wincx);
2683	if (slot == NULL((void*)0)) {
2684	PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MODULE);
2685	PORT_FreePORT_Free_Util(outKey.data);
2686	if (crvp)
2687	*crvp = CKR_DEVICE_ERROR0x00000030UL;
2688	return NULL((void*)0);
2689	}
2690	symKey = pk11_ImportSymKeyWithTempl(slot, target, PK11_OriginUnwrap,
2691	isPerm, keyTemplate,
2692	templateCount, &outKey, wincx);
2693	PK11_FreeSlot(slot);
2694	}
2695	PORT_FreePORT_Free_Util(outKey.data);
2696
2697	if (crvp)
2698	*crvp = symKey ? CKR_OK0x00000000UL : CKR_DEVICE_ERROR0x00000030UL;
2699	return symKey;
2700	}
2701
2702	/*
2703	* The wrap/unwrap function is pretty much the same for private and
2704	* public keys. It's just getting the Object ID and slot right. This is
2705	* the combined unwrap function.
2706	*/
2707	static PK11SymKey *
2708	pk11_AnyUnwrapKey(PK11SlotInfo *slot, CK_OBJECT_HANDLE wrappingKey,
2709	CK_MECHANISM_TYPE wrapType, SECItem param, SECItem wrappedKey,
2710	CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, int keySize,
2711	void wincx, CK_ATTRIBUTE userAttr, unsigned int numAttrs, PRBool isPerm)
2712	{
2713	PK11SymKey *symKey;
2714	SECItem param_free = NULL((void)0);
2715	CK_BBOOL cktrue = CK_TRUE1;
2716	CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY0x00000004UL;
2717	CK_KEY_TYPE keyType = CKK_GENERIC_SECRET0x00000010UL;
2718	CK_ULONG valueLen = 0;
2719	CK_MECHANISM mechanism;
2720	CK_SESSION_HANDLE rwsession;
2721	CK_RV crv;
2722	CK_MECHANISM_INFO mechanism_info;
2723	#define MAX_ADD_ATTRS 4
2724	CK_ATTRIBUTE keyTemplate[MAX_TEMPL_ATTRS16 + MAX_ADD_ATTRS];
2725	#undef MAX_ADD_ATTRS
2726	CK_ATTRIBUTE *attrs = keyTemplate;
2727	unsigned int templateCount;
2728
2729	if (numAttrs > MAX_TEMPL_ATTRS16) {
2730	PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS);
2731	return NULL((void*)0);
2732	}
2733	/* CKA_NSS_MESSAGE is a fake operation to distinguish between
2734	* Normal Encrypt/Decrypt and MessageEncrypt/Decrypt. Don't try to set
2735	* it as a real attribute */
2736	if ((operation & CKA_NSS_MESSAGE_MASK0xff000000L) == CKA_NSS_MESSAGE0x82000000L) {
2737	/* Message is or'd with a real Attribute (CKA_ENCRYPT, CKA_DECRYPT),
2738	* etc. Strip out the real attribute here */
2739	operation &= ~CKA_NSS_MESSAGE_MASK0xff000000L;
2740	}
2741
2742	/* first copy caller attributes in. */
2743	for (templateCount = 0; templateCount < numAttrs; ++templateCount) {
2744	attrs++ = userAttr++;
2745	}
2746
2747	/* We only add the following attributes to the template if the caller
2748	** didn't already supply them.
2749	*/
2750	if (!pk11_FindAttrInTemplate(keyTemplate, numAttrs, CKA_CLASS0x00000000UL)) {
2751	PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, sizeof keyClass)(attrs)->type = (0x00000000UL); (attrs)->pValue = (& keyClass); (attrs)->ulValueLen = (sizeof keyClass);;
2752	attrs++;
2753	}
2754	if (!pk11_FindAttrInTemplate(keyTemplate, numAttrs, CKA_KEY_TYPE0x00000100UL)) {
2755	keyType = PK11_GetKeyType(target, keySize);
2756	PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof keyType)(attrs)->type = (0x00000100UL); (attrs)->pValue = (& keyType); (attrs)->ulValueLen = (sizeof keyType);;
2757	attrs++;
2758	}
2759	if ((operation != CKA_FLAGS_ONLY0) &&
2760	!pk11_FindAttrInTemplate(keyTemplate, numAttrs, operation)) {
2761	PK11_SETATTRS(attrs, operation, &cktrue, 1)(attrs)->type = (operation); (attrs)->pValue = (&cktrue ); (attrs)->ulValueLen = (1);;
2762	attrs++;
2763	}
2764
2765	/*
2766	* must be last in case we need to use this template to import the key
2767	*/
2768	if (keySize > 0 &&
2769	!pk11_FindAttrInTemplate(keyTemplate, numAttrs, CKA_VALUE_LEN0x00000161UL)) {
2770	valueLen = (CK_ULONG)keySize;
2771	PK11_SETATTRS(attrs, CKA_VALUE_LEN, &valueLen, sizeof valueLen)(attrs)->type = (0x00000161UL); (attrs)->pValue = (& valueLen); (attrs)->ulValueLen = (sizeof valueLen);;
2772	attrs++;
2773	}
2774
2775	templateCount = attrs - keyTemplate;
2776	PR_ASSERT(templateCount <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE))((templateCount <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE ))?((void)0):PR_Assert("templateCount <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE)" ,"/root/firefox-clang/security/nss/lib/pk11wrap/pk11skey.c",2776 ));
2777
2778	/* find out if we can do wrap directly. Because the RSA case if very
2779	* common, cache the results for it. */
2780	if ((wrapType == CKM_RSA_PKCS0x00000001UL) && (slot->hasRSAInfo)) {
2781	mechanism_info.flags = slot->RSAInfoFlags;
2782	} else {
2783	if (!slot->isThreadSafe)
2784	PK11_EnterSlotMonitor(slot);
2785	crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_GetMechanismInfo(slot->slotID, wrapType,
2786	&mechanism_info);
2787	if (!slot->isThreadSafe)
2788	PK11_ExitSlotMonitor(slot);
2789	if (crv != CKR_OK0x00000000UL) {
2790	mechanism_info.flags = 0;
2791	}
2792	if (wrapType == CKM_RSA_PKCS0x00000001UL) {
2793	slot->RSAInfoFlags = mechanism_info.flags;
2794	slot->hasRSAInfo = PR_TRUE1;
2795	}
2796	}
2797
2798	/* initialize the mechanism structure */
2799	mechanism.mechanism = wrapType;
2800	/* use NULL IV's for wrapping */
2801	if (param == NULL((void*)0))
2802	param = param_free = PK11_ParamFromIV(wrapType, NULL((void*)0));
2803	if (param) {
2804	mechanism.pParameter = param->data;
2805	mechanism.ulParameterLen = param->len;
2806	} else {
2807	mechanism.pParameter = NULL((void*)0);
2808	mechanism.ulParameterLen = 0;
2809	}
2810
2811	if ((mechanism_info.flags & CKF_DECRYPT0x00000200UL) && !PK11_DoesMechanism(slot, target)) {
2812	symKey = pk11_HandUnwrap(slot, wrappingKey, &mechanism, wrappedKey,
2813	target, keyTemplate, templateCount, keySize,
2814	wincx, &crv, isPerm);
2815	if (symKey) {
2816	if (param_free)
2817	SECITEM_FreeItemSECITEM_FreeItem_Util(param_free, PR_TRUE1);
2818	return symKey;
2819	}
2820	/*
2821	* if the RSA OP simply failed, don't try to unwrap again
2822	* with this module.
2823	*/
2824	if (crv == CKR_DEVICE_ERROR0x00000030UL) {
2825	if (param_free)
2826	SECITEM_FreeItemSECITEM_FreeItem_Util(param_free, PR_TRUE1);
2827	return NULL((void*)0);
2828	}
2829	/* fall through, maybe they incorrectly set CKF_DECRYPT */
2830	}
2831
2832	/* get our key Structure */
2833	symKey = pk11_CreateSymKey(slot, target, !isPerm, PR_TRUE1, wincx);
2834	if (symKey == NULL((void*)0)) {
2835	if (param_free)
2836	SECITEM_FreeItemSECITEM_FreeItem_Util(param_free, PR_TRUE1);
2837	return NULL((void*)0);
2838	}
2839
2840	symKey->size = keySize;
2841	symKey->origin = PK11_OriginUnwrap;
2842
2843	if (isPerm) {
2844	rwsession = PK11_GetRWSession(slot);
2845	} else {
2846	pk11_EnterKeyMonitor(symKey);
2847	rwsession = symKey->session;
2848	}
2849	PORT_Assert(rwsession != CK_INVALID_HANDLE)((rwsession != 0)?((void)0):PR_Assert("rwsession != CK_INVALID_HANDLE" ,"/root/firefox-clang/security/nss/lib/pk11wrap/pk11skey.c",2849 ));
2850	if (rwsession == CK_INVALID_HANDLE0)
2851	crv = CKR_SESSION_HANDLE_INVALID0x000000B3UL;
2852	else
2853	crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_UnwrapKey(rwsession, &mechanism, wrappingKey,
2854	wrappedKey->data, wrappedKey->len,
2855	keyTemplate, templateCount,
2856	&symKey->objectID);
2857	if (isPerm) {
2858	if (rwsession != CK_INVALID_HANDLE0)
2859	PK11_RestoreROSession(slot, rwsession);
2860	} else {
2861	pk11_ExitKeyMonitor(symKey);
2862	}
2863	if (param_free)
2864	SECITEM_FreeItemSECITEM_FreeItem_Util(param_free, PR_TRUE1);
2865	if (crv != CKR_OK0x00000000UL) {
2866	PK11_FreeSymKey(symKey);
2867	symKey = NULL((void*)0);
2868	if (crv != CKR_DEVICE_ERROR0x00000030UL) {
2869	/* try hand Unwrapping */
2870	symKey = pk11_HandUnwrap(slot, wrappingKey, &mechanism, wrappedKey,
2871	target, keyTemplate, templateCount,
2872	keySize, wincx, NULL((void*)0), isPerm);
2873	}
2874	}
2875
2876	return symKey;
2877	}
2878
2879	/* use a symetric key to unwrap another symetric key */
2880	PK11SymKey *
2881	PK11_UnwrapSymKey(PK11SymKey *wrappingKey, CK_MECHANISM_TYPE wrapType,
2882	SECItem param, SECItem wrappedKey,
2883	CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation,
2884	int keySize)
2885	{
2886	return pk11_AnyUnwrapKey(wrappingKey->slot, wrappingKey->objectID,
2887	wrapType, param, wrappedKey, target, operation, keySize,
2888	wrappingKey->cx, NULL((void*)0), 0, PR_FALSE0);
2889	}
2890
2891	/* use a symetric key to unwrap another symetric key */
2892	PK11SymKey *
2893	PK11_UnwrapSymKeyWithFlags(PK11SymKey *wrappingKey, CK_MECHANISM_TYPE wrapType,
2894	SECItem param, SECItem wrappedKey,
2895	CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation,
2896	int keySize, CK_FLAGS flags)
2897	{
2898	CK_BBOOL ckTrue = CK_TRUE1;
2899	CK_ATTRIBUTE keyTemplate[MAX_TEMPL_ATTRS16];
2900	unsigned int templateCount;
2901
2902	templateCount = pk11_OpFlagsToAttributes(flags, keyTemplate, &ckTrue);
2903	return pk11_AnyUnwrapKey(wrappingKey->slot, wrappingKey->objectID,
2904	wrapType, param, wrappedKey, target, operation, keySize,
2905	wrappingKey->cx, keyTemplate, templateCount, PR_FALSE0);
2906	}
2907
2908	PK11SymKey *
2909	PK11_UnwrapSymKeyWithFlagsPerm(PK11SymKey *wrappingKey,
2910	CK_MECHANISM_TYPE wrapType,
2911	SECItem param, SECItem wrappedKey,
2912	CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation,
2913	int keySize, CK_FLAGS flags, PRBool isPerm)
2914	{
2915	CK_BBOOL cktrue = CK_TRUE1;
2916	CK_ATTRIBUTE keyTemplate[MAX_TEMPL_ATTRS16];
2917	CK_ATTRIBUTE *attrs;
2918	unsigned int templateCount;
2919
2920	attrs = keyTemplate;
2921	if (isPerm) {
2922	PK11_SETATTRS(attrs, CKA_TOKEN, &cktrue, sizeof(CK_BBOOL))(attrs)->type = (0x00000001UL); (attrs)->pValue = (& cktrue); (attrs)->ulValueLen = (sizeof(CK_BBOOL));;
2923	attrs++;
2924	}
2925	templateCount = attrs - keyTemplate;
2926	templateCount += pk11_OpFlagsToAttributes(flags, attrs, &cktrue);
2927
2928	return pk11_AnyUnwrapKey(wrappingKey->slot, wrappingKey->objectID,
2929	wrapType, param, wrappedKey, target, operation, keySize,
2930	wrappingKey->cx, keyTemplate, templateCount, isPerm);
2931	}
2932
2933	/* unwrap a symmetric key with a private key. Only supports CKM_RSA_PKCS. */
2934	PK11SymKey *
2935	PK11_PubUnwrapSymKey(SECKEYPrivateKey wrappingKey, SECItem wrappedKey,
2936	CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, int keySize)
2937	{
2938	CK_MECHANISM_TYPE wrapType = pk11_mapWrapKeyType(wrappingKey->keyType);
2939
2940	return PK11_PubUnwrapSymKeyWithMechanism(wrappingKey, wrapType, NULL((void*)0),
2941	wrappedKey, target, operation,
2942	keySize);
2943	}
2944
2945	/* unwrap a symmetric key with a private key with the given parameters. */
2946	PK11SymKey *
2947	PK11_PubUnwrapSymKeyWithMechanism(SECKEYPrivateKey *wrappingKey,
2948	CK_MECHANISM_TYPE mechType, SECItem *param,
2949	SECItem *wrappedKey, CK_MECHANISM_TYPE target,
2950	CK_ATTRIBUTE_TYPE operation, int keySize)
2951	{
2952	PK11SlotInfo *slot = wrappingKey->pkcs11Slot;
2953
2954	if (SECKEY_HAS_ATTRIBUTE_SET(wrappingKey, CKA_PRIVATE)(0 != (wrappingKey->staticflags & 0x1)) ? (0 != (wrappingKey ->staticflags & (1U << 1))) : PK11_HasAttributeSet (wrappingKey->pkcs11Slot, wrappingKey->pkcs11ID, 0x00000002UL , 0)) {
2955	PK11_HandlePasswordCheck(slot, wrappingKey->wincx);
2956	}
2957
2958	return pk11_AnyUnwrapKey(slot, wrappingKey->pkcs11ID, mechType, param,
2959	wrappedKey, target, operation, keySize,
2960	wrappingKey->wincx, NULL((void*)0), 0, PR_FALSE0);
2961	}
2962
2963	/* unwrap a symetric key with a private key. */
2964	PK11SymKey *
2965	PK11_PubUnwrapSymKeyWithFlags(SECKEYPrivateKey *wrappingKey,
2966	SECItem *wrappedKey, CK_MECHANISM_TYPE target,
2967	CK_ATTRIBUTE_TYPE operation, int keySize, CK_FLAGS flags)
2968	{
2969	CK_MECHANISM_TYPE wrapType = pk11_mapWrapKeyType(wrappingKey->keyType);
2970	CK_BBOOL ckTrue = CK_TRUE1;
2971	CK_ATTRIBUTE keyTemplate[MAX_TEMPL_ATTRS16];
2972	unsigned int templateCount;
2973	PK11SlotInfo *slot = wrappingKey->pkcs11Slot;
2974
2975	templateCount = pk11_OpFlagsToAttributes(flags, keyTemplate, &ckTrue);
2976
2977	if (SECKEY_HAS_ATTRIBUTE_SET(wrappingKey, CKA_PRIVATE)(0 != (wrappingKey->staticflags & 0x1)) ? (0 != (wrappingKey ->staticflags & (1U << 1))) : PK11_HasAttributeSet (wrappingKey->pkcs11Slot, wrappingKey->pkcs11ID, 0x00000002UL , 0)) {
2978	PK11_HandlePasswordCheck(slot, wrappingKey->wincx);
2979	}
2980
2981	return pk11_AnyUnwrapKey(slot, wrappingKey->pkcs11ID,
2982	wrapType, NULL((void*)0), wrappedKey, target, operation, keySize,
2983	wrappingKey->wincx, keyTemplate, templateCount, PR_FALSE0);
2984	}
2985
2986	PK11SymKey *
2987	PK11_PubUnwrapSymKeyWithFlagsPerm(SECKEYPrivateKey *wrappingKey,
2988	SECItem *wrappedKey, CK_MECHANISM_TYPE target,
2989	CK_ATTRIBUTE_TYPE operation, int keySize,
2990	CK_FLAGS flags, PRBool isPerm)
2991	{
2992	CK_MECHANISM_TYPE wrapType = pk11_mapWrapKeyType(wrappingKey->keyType);
2993	CK_BBOOL cktrue = CK_TRUE1;
2994	CK_ATTRIBUTE keyTemplate[MAX_TEMPL_ATTRS16];
2995	CK_ATTRIBUTE *attrs;
2996	unsigned int templateCount;
2997	PK11SlotInfo *slot = wrappingKey->pkcs11Slot;
2998
2999	attrs = keyTemplate;
3000	if (isPerm) {
3001	PK11_SETATTRS(attrs, CKA_TOKEN, &cktrue, sizeof(CK_BBOOL))(attrs)->type = (0x00000001UL); (attrs)->pValue = (& cktrue); (attrs)->ulValueLen = (sizeof(CK_BBOOL));;
3002	attrs++;
3003	}
3004	templateCount = attrs - keyTemplate;
3005
3006	templateCount += pk11_OpFlagsToAttributes(flags, attrs, &cktrue);
3007
3008	if (SECKEY_HAS_ATTRIBUTE_SET(wrappingKey, CKA_PRIVATE)(0 != (wrappingKey->staticflags & 0x1)) ? (0 != (wrappingKey ->staticflags & (1U << 1))) : PK11_HasAttributeSet (wrappingKey->pkcs11Slot, wrappingKey->pkcs11ID, 0x00000002UL , 0)) {
3009	PK11_HandlePasswordCheck(slot, wrappingKey->wincx);
3010	}
3011
3012	return pk11_AnyUnwrapKey(slot, wrappingKey->pkcs11ID,
3013	wrapType, NULL((void*)0), wrappedKey, target, operation, keySize,
3014	wrappingKey->wincx, keyTemplate, templateCount, isPerm);
3015	}
3016
3017	PK11SymKey *
3018	PK11_CopySymKeyForSigning(PK11SymKey *originalKey, CK_MECHANISM_TYPE mech)
3019	{
3020	CK_RV crv;
3021	CK_ATTRIBUTE setTemplate;
3022	CK_BBOOL ckTrue = CK_TRUE1;
3023	PK11SlotInfo *slot = originalKey->slot;
3024
3025	/* first just try to set this key up for signing */
3026	PK11_SETATTRS(&setTemplate, CKA_SIGN, &ckTrue, sizeof(ckTrue))(&setTemplate)->type = (0x00000108UL); (&setTemplate )->pValue = (&ckTrue); (&setTemplate)->ulValueLen = (sizeof(ckTrue));;
3027	pk11_EnterKeyMonitor(originalKey);
3028	crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_SetAttributeValue(originalKey->session,
3029	originalKey->objectID, &setTemplate, 1);
3030	pk11_ExitKeyMonitor(originalKey);
3031	if (crv == CKR_OK0x00000000UL) {
3032	return PK11_ReferenceSymKey(originalKey);
3033	}
3034
3035	/* nope, doesn't like it, use the pk11 copy object command */
3036	return pk11_CopyToSlot(slot, mech, CKA_SIGN0x00000108UL, originalKey);
3037	}
3038
3039	void
3040	PK11_SetFortezzaHack(PK11SymKey *symKey)
3041	{
3042	symKey->origin = PK11_OriginFortezzaHack;
3043	}
3044
3045	/*
3046	* This is required to allow FORTEZZA_NULL and FORTEZZA_RC4
3047	* working. This function simply gets a valid IV for the keys.
3048	*/
3049	SECStatus
3050	PK11_GenerateFortezzaIV(PK11SymKey symKey, unsigned char iv, int len)
3051	{
3052	CK_MECHANISM mech_info;
3053	CK_ULONG count = 0;
3054	CK_RV crv;
3055	SECStatus rv = SECFailure;
3056
3057	mech_info.mechanism = CKM_SKIPJACK_CBC640x00001002UL;
3058	mech_info.pParameter = iv;
3059	mech_info.ulParameterLen = len;
3060
3061	/* generate the IV for fortezza */
3062	PK11_EnterSlotMonitor(symKey->slot);
3063	crv = PK11_GETTAB(symKey->slot)((CK_FUNCTION_LIST_3_0_PTR)((symKey->slot)->functionList ))->C_EncryptInit(symKey->slot->session, &mech_info, symKey->objectID);
3064	if (crv == CKR_OK0x00000000UL) {
3065	PK11_GETTAB(symKey->slot)((CK_FUNCTION_LIST_3_0_PTR)((symKey->slot)->functionList ))->C_EncryptFinal(symKey->slot->session, NULL((void*)0), &count);
3066	rv = SECSuccess;
3067	}
3068	PK11_ExitSlotMonitor(symKey->slot);
3069	return rv;
3070	}
3071
3072	CK_OBJECT_HANDLE
3073	PK11_GetSymKeyHandle(PK11SymKey *symKey)
3074	{
3075	return symKey->objectID;
3076	}
3077
3078	static CK_ULONG
3079	pk11_KyberCiphertextLength(SECKEYKyberPublicKey *pubKey)
3080	{
3081	switch (pubKey->params) {
3082	case params_kyber768_round3:
3083	case params_kyber768_round3_test_mode:
3084	case params_ml_kem768:
3085	case params_ml_kem768_test_mode:
3086	return KYBER768_CIPHERTEXT_BYTES1088U;
3087	default:
3088	// unreachable
3089	return 0;
3090	}
3091	}
3092
3093	static CK_ULONG
3094	pk11_KEMCiphertextLength(SECKEYPublicKey *pubKey)
3095	{
3096	switch (pubKey->keyType) {
3097	case kyberKey:
3098	return pk11_KyberCiphertextLength(&pubKey->u.kyber);
3099	default:
3100	// unreachable
3101	PORT_Assert(0)((0)?((void)0):PR_Assert("0","/root/firefox-clang/security/nss/lib/pk11wrap/pk11skey.c" ,3101));
3102	return 0;
3103	}
3104	}
3105
3106	SECStatus
3107	PK11_Encapsulate(SECKEYPublicKey pubKey, CK_MECHANISM_TYPE target, PK11AttrFlags attrFlags, CK_FLAGS opFlags, PK11SymKey outKey, SECItem *outCiphertext)
3108	{
3109	PORT_Assert(pubKey)((pubKey)?((void)0):PR_Assert("pubKey","/root/firefox-clang/security/nss/lib/pk11wrap/pk11skey.c" ,3109));
3110	PORT_Assert(outKey)((outKey)?((void)0):PR_Assert("outKey","/root/firefox-clang/security/nss/lib/pk11wrap/pk11skey.c" ,3110));
3111	PORT_Assert(outCiphertext)((outCiphertext)?((void)0):PR_Assert("outCiphertext","/root/firefox-clang/security/nss/lib/pk11wrap/pk11skey.c" ,3111));
3112
3113	PK11SlotInfo *slot = pubKey->pkcs11Slot;
3114
3115	PK11SymKey sharedSecret = NULL((void)0);
3116	SECItem ciphertext = NULL((void)0);
3117
3118	CK_ATTRIBUTE keyTemplate[MAX_TEMPL_ATTRS16];
3119	unsigned int templateCount;
3120
3121	CK_ATTRIBUTE *attrs;
3122	CK_BBOOL cktrue = CK_TRUE1;
3123	CK_BBOOL ckfalse = CK_FALSE0;
3124	CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY0x00000004UL;
3125	CK_KEY_TYPE keyType = CKK_GENERIC_SECRET0x00000010UL;
3126
3127	CK_INTERFACE_PTR KEMInterface = NULL((void*)0);
3128	CK_UTF8CHAR_PTR KEMInterfaceName = (CK_UTF8CHAR_PTR) "Vendor NSS KEM Interface";
3129	CK_VERSION KEMInterfaceVersion = { 1, 0 };
3130	CK_NSS_KEM_FUNCTIONS KEMInterfaceFunctions = NULL((void)0);
3131
3132	CK_RV crv;
3133
3134	outKey = NULL((void)0);
3135	outCiphertext = NULL((void)0);
3136
3137	CK_MECHANISM_TYPE kemType;
3138	CK_NSS_KEM_PARAMETER_SET_TYPE kemParameterSet = PK11_ReadULongAttribute(slot, pubKey->pkcs11ID, CKA_NSS_PARAMETER_SET((0x80000000UL \| 0x4E534350) + 40));
3139	switch (kemParameterSet) {
3140	case CKP_NSS_KYBER_768_ROUND3((0x80000000UL \| 0x4E534350) + 1):
3141	kemType = CKM_NSS_KYBER((0x80000000UL \| 0x4E534350) + 46);
3142	break;
3143	case CKP_NSS_ML_KEM_768((0x80000000UL \| 0x4E534350) + 2):
3144	kemType = CKM_NSS_ML_KEM((0x80000000UL \| 0x4E534350) + 49);
3145	break;
3146	default:
3147	PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_KEY);
3148	return SECFailure;
3149	}
3150	CK_MECHANISM mech = { kemType, &kemParameterSet, sizeof(kemParameterSet) };
3151
3152	sharedSecret = pk11_CreateSymKey(slot, target, PR_TRUE1, PR_TRUE1, NULL((void*)0));
3153	if (sharedSecret == NULL((void*)0)) {
3154	PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY);
3155	return SECFailure;
3156	}
3157	sharedSecret->origin = PK11_OriginGenerated;
3158
3159	attrs = keyTemplate;
3160	PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, sizeof(keyClass))(attrs)->type = (0x00000000UL); (attrs)->pValue = (& keyClass); (attrs)->ulValueLen = (sizeof(keyClass));;
3161	attrs++;
3162
3163	PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof(keyType))(attrs)->type = (0x00000100UL); (attrs)->pValue = (& keyType); (attrs)->ulValueLen = (sizeof(keyType));;
3164	attrs++;
3165
3166	attrs += pk11_AttrFlagsToAttributes(attrFlags, attrs, &cktrue, &ckfalse);
3167	attrs += pk11_OpFlagsToAttributes(opFlags, attrs, &cktrue);
3168
3169	templateCount = attrs - keyTemplate;
3170	PR_ASSERT(templateCount <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE))((templateCount <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE ))?((void)0):PR_Assert("templateCount <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE)" ,"/root/firefox-clang/security/nss/lib/pk11wrap/pk11skey.c",3170 ));
3171
3172	crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_GetInterface(KEMInterfaceName, &KEMInterfaceVersion, &KEMInterface, 0);
3173	if (crv != CKR_OK0x00000000UL) {
3174	goto error;
3175	}
3176	KEMInterfaceFunctions = (CK_NSS_KEM_FUNCTIONS *)(KEMInterface->pFunctionList);
3177
3178	CK_ULONG ciphertextLen = pk11_KEMCiphertextLength(pubKey);
3179	ciphertext = SECITEM_AllocItemSECITEM_AllocItem_Util(NULL((void)0), NULL((void)0), ciphertextLen);
3180	if (ciphertext == NULL((void*)0)) {
3181	crv = CKR_HOST_MEMORY0x00000002UL;
3182	goto error;
3183	}
3184
3185	pk11_EnterKeyMonitor(sharedSecret);
3186	crv = KEMInterfaceFunctions->C_Encapsulate(sharedSecret->session,
3187	&mech,
3188	pubKey->pkcs11ID,
3189	keyTemplate,
3190	templateCount,
3191	&sharedSecret->objectID,
3192	ciphertext->data,
3193	&ciphertextLen);
3194	pk11_ExitKeyMonitor(sharedSecret);
3195	if (crv != CKR_OK0x00000000UL) {
3196	goto error;
3197	}
3198
3199	PORT_Assert(ciphertextLen == ciphertext->len)((ciphertextLen == ciphertext->len)?((void)0):PR_Assert("ciphertextLen == ciphertext->len" ,"/root/firefox-clang/security/nss/lib/pk11wrap/pk11skey.c",3199 ));
3200
3201	*outKey = sharedSecret;
3202	*outCiphertext = ciphertext;
3203
3204	return SECSuccess;
3205
3206	error:
3207	PORT_SetErrorPORT_SetError_Util(PK11_MapError(crv));
3208	PK11_FreeSymKey(sharedSecret);
3209	SECITEM_FreeItemSECITEM_FreeItem_Util(ciphertext, PR_TRUE1);
3210	return SECFailure;
3211	}
3212
3213	SECStatus
3214	PK11_Decapsulate(SECKEYPrivateKey privKey, const SECItem ciphertext, CK_MECHANISM_TYPE target, PK11AttrFlags attrFlags, CK_FLAGS opFlags, PK11SymKey **outKey)
3215	{
3216	PORT_Assert(privKey)((privKey)?((void)0):PR_Assert("privKey","/root/firefox-clang/security/nss/lib/pk11wrap/pk11skey.c" ,3216));
3217	PORT_Assert(ciphertext)((ciphertext)?((void)0):PR_Assert("ciphertext","/root/firefox-clang/security/nss/lib/pk11wrap/pk11skey.c" ,3217));
3218	PORT_Assert(outKey)((outKey)?((void)0):PR_Assert("outKey","/root/firefox-clang/security/nss/lib/pk11wrap/pk11skey.c" ,3218));
3219
3220	PK11SlotInfo *slot = privKey->pkcs11Slot;
3221
3222	PK11SymKey *sharedSecret;
3223
3224	CK_ATTRIBUTE keyTemplate[MAX_TEMPL_ATTRS16];
3225	unsigned int templateCount;
3226
3227	CK_ATTRIBUTE *attrs;
3228	CK_BBOOL cktrue = CK_TRUE1;
3229	CK_BBOOL ckfalse = CK_FALSE0;
3230	CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY0x00000004UL;
3231	CK_KEY_TYPE keyType = CKK_GENERIC_SECRET0x00000010UL;
3232
3233	CK_INTERFACE_PTR KEMInterface = NULL((void*)0);
3234	CK_UTF8CHAR_PTR KEMInterfaceName = (CK_UTF8CHAR_PTR) "Vendor NSS KEM Interface";
3235	CK_VERSION KEMInterfaceVersion = { 1, 0 };
3236	CK_NSS_KEM_FUNCTIONS KEMInterfaceFunctions = NULL((void)0);
3237
3238	CK_RV crv;
3239
3240	outKey = NULL((void)0);
3241
3242	CK_MECHANISM_TYPE kemType;
3243	CK_NSS_KEM_PARAMETER_SET_TYPE kemParameterSet = PK11_ReadULongAttribute(slot, privKey->pkcs11ID, CKA_NSS_PARAMETER_SET((0x80000000UL \| 0x4E534350) + 40));
3244	switch (kemParameterSet) {
3245	case CKP_NSS_KYBER_768_ROUND3((0x80000000UL \| 0x4E534350) + 1):
3246	kemType = CKM_NSS_KYBER((0x80000000UL \| 0x4E534350) + 46);
3247	break;
3248	case CKP_NSS_ML_KEM_768((0x80000000UL \| 0x4E534350) + 2):
3249	kemType = CKM_NSS_ML_KEM((0x80000000UL \| 0x4E534350) + 49);
3250	break;
3251	default:
3252	PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_KEY);
3253	return SECFailure;
3254	}
3255	CK_MECHANISM mech = { kemType, &kemParameterSet, sizeof(kemParameterSet) };
3256
3257	sharedSecret = pk11_CreateSymKey(slot, target, PR_TRUE1, PR_TRUE1, NULL((void*)0));
3258	if (sharedSecret == NULL((void*)0)) {
3259	PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY);
3260	return SECFailure;
3261	}
3262	sharedSecret->origin = PK11_OriginUnwrap;
3263
3264	attrs = keyTemplate;
3265	PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, sizeof(keyClass))(attrs)->type = (0x00000000UL); (attrs)->pValue = (& keyClass); (attrs)->ulValueLen = (sizeof(keyClass));;
3266	attrs++;
3267
3268	PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof(keyType))(attrs)->type = (0x00000100UL); (attrs)->pValue = (& keyType); (attrs)->ulValueLen = (sizeof(keyType));;
3269	attrs++;
3270
3271	attrs += pk11_AttrFlagsToAttributes(attrFlags, attrs, &cktrue, &ckfalse);
3272	attrs += pk11_OpFlagsToAttributes(opFlags, attrs, &cktrue);
3273
3274	templateCount = attrs - keyTemplate;
3275	PR_ASSERT(templateCount <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE))((templateCount <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE ))?((void)0):PR_Assert("templateCount <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE)" ,"/root/firefox-clang/security/nss/lib/pk11wrap/pk11skey.c",3275 ));
3276
3277	crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_GetInterface(KEMInterfaceName, &KEMInterfaceVersion, &KEMInterface, 0);
3278	if (crv != CKR_OK0x00000000UL) {
3279	PORT_SetErrorPORT_SetError_Util(PK11_MapError(crv));
3280	goto error;
3281	}
3282	KEMInterfaceFunctions = (CK_NSS_KEM_FUNCTIONS *)(KEMInterface->pFunctionList);
3283
3284	pk11_EnterKeyMonitor(sharedSecret);
3285	crv = KEMInterfaceFunctions->C_Decapsulate(sharedSecret->session,
3286	&mech,
3287	privKey->pkcs11ID,
3288	ciphertext->data,
3289	ciphertext->len,
3290	keyTemplate,
3291	templateCount,
3292	&sharedSecret->objectID);
3293	pk11_ExitKeyMonitor(sharedSecret);
3294	if (crv != CKR_OK0x00000000UL) {
3295	goto error;
3296	}
3297
3298	*outKey = sharedSecret;
3299	return SECSuccess;
3300
3301	error:
3302	PK11_FreeSymKey(sharedSecret);
3303	return SECFailure;
3304	}