/security/nss/lib/softoken/pkcs11c.c
http://github.com/zpao/v8monkey · C · 6575 lines · 5055 code · 667 blank · 853 comment · 1335 complexity · dc7e5c203f1d91eb1f4d216671ed2d02 MD5 · raw file
Large files are truncated click here to view the full file
- /* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- * Dr Stephen Henson <stephen.henson@gemplus.com>
- * Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
- /*
- * This file implements PKCS 11 on top of our existing security modules
- *
- * For more information about PKCS 11 See PKCS 11 Token Inteface Standard.
- * This implementation has two slots:
- * slot 1 is our generic crypto support. It does not require login.
- * It supports Public Key ops, and all they bulk ciphers and hashes.
- * It can also support Private Key ops for imported Private keys. It does
- * not have any token storage.
- * slot 2 is our private key support. It requires a login before use. It
- * can store Private Keys and Certs as token objects. Currently only private
- * keys and their associated Certificates are saved on the token.
- *
- * In this implementation, session objects are only visible to the session
- * that created or generated them.
- */
- #include "seccomon.h"
- #include "secitem.h"
- #include "secport.h"
- #include "blapi.h"
- #include "pkcs11.h"
- #include "pkcs11i.h"
- #include "lowkeyi.h"
- #include "sechash.h"
- #include "secder.h"
- #include "secdig.h"
- #include "lowpbe.h" /* We do PBE below */
- #include "pkcs11t.h"
- #include "secoid.h"
- #include "alghmac.h"
- #include "softoken.h"
- #include "secasn1.h"
- #include "secerr.h"
- #include "prprf.h"
- #define __PASTE(x,y) x##y
- /*
- * we renamed all our internal functions, get the correct
- * definitions for them...
- */
- #undef CK_PKCS11_FUNCTION_INFO
- #undef CK_NEED_ARG_LIST
- #define CK_EXTERN extern
- #define CK_PKCS11_FUNCTION_INFO(func) \
- CK_RV __PASTE(NS,func)
- #define CK_NEED_ARG_LIST 1
-
- #include "pkcs11f.h"
- typedef struct {
- uint8 client_version[2];
- uint8 random[46];
- } SSL3RSAPreMasterSecret;
- static void sftk_Null(void *data, PRBool freeit)
- {
- return;
- }
- #ifdef NSS_ENABLE_ECC
- #ifdef EC_DEBUG
- #define SEC_PRINT(str1, str2, num, sitem) \
- printf("pkcs11c.c:%s:%s (keytype=%d) [len=%d]\n", \
- str1, str2, num, sitem->len); \
- for (i = 0; i < sitem->len; i++) { \
- printf("%02x:", sitem->data[i]); \
- } \
- printf("\n")
- #else
- #define SEC_PRINT(a, b, c, d)
- #endif
- #endif /* NSS_ENABLE_ECC */
- /*
- * free routines.... Free local type allocated data, and convert
- * other free routines to the destroy signature.
- */
- static void
- sftk_FreePrivKey(NSSLOWKEYPrivateKey *key, PRBool freeit)
- {
- nsslowkey_DestroyPrivateKey(key);
- }
- static void
- sftk_Space(void *data, PRBool freeit)
- {
- PORT_Free(data);
- }
- /*
- * map all the SEC_ERROR_xxx error codes that may be returned by freebl
- * functions to CKR_xxx. return CKR_DEVICE_ERROR by default for backward
- * compatibility.
- */
- static CK_RV
- sftk_MapCryptError(int error)
- {
- switch (error) {
- case SEC_ERROR_INVALID_ARGS:
- case SEC_ERROR_BAD_DATA: /* MP_RANGE gets mapped to this */
- return CKR_ARGUMENTS_BAD;
- case SEC_ERROR_INPUT_LEN:
- return CKR_DATA_LEN_RANGE;
- case SEC_ERROR_OUTPUT_LEN:
- return CKR_BUFFER_TOO_SMALL;
- case SEC_ERROR_LIBRARY_FAILURE:
- return CKR_GENERAL_ERROR;
- case SEC_ERROR_NO_MEMORY:
- return CKR_HOST_MEMORY;
- case SEC_ERROR_BAD_SIGNATURE:
- return CKR_SIGNATURE_INVALID;
- case SEC_ERROR_INVALID_KEY:
- return CKR_KEY_SIZE_RANGE;
- case SEC_ERROR_BAD_KEY: /* an EC public key that fails validation */
- return CKR_KEY_SIZE_RANGE; /* the closest error code */
- case SEC_ERROR_UNSUPPORTED_EC_POINT_FORM:
- return CKR_TEMPLATE_INCONSISTENT;
- /* EC functions set this error if NSS_ENABLE_ECC is not defined */
- case SEC_ERROR_UNSUPPORTED_KEYALG:
- return CKR_MECHANISM_INVALID;
- case SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE:
- return CKR_DOMAIN_PARAMS_INVALID;
- /* key pair generation failed after max number of attempts */
- case SEC_ERROR_NEED_RANDOM:
- return CKR_FUNCTION_FAILED;
- }
- return CKR_DEVICE_ERROR;
- }
- /* used by Decrypt and UnwrapKey (indirectly) */
- static CK_RV
- sftk_MapDecryptError(int error)
- {
- switch (error) {
- case SEC_ERROR_BAD_DATA:
- return CKR_ENCRYPTED_DATA_INVALID;
- default:
- return sftk_MapCryptError(error);
- }
- }
- /*
- * return CKR_SIGNATURE_INVALID instead of CKR_DEVICE_ERROR by default for
- * backward compatibilty.
- */
- static CK_RV
- sftk_MapVerifyError(int error)
- {
- CK_RV crv = sftk_MapCryptError(error);
- if (crv == CKR_DEVICE_ERROR)
- crv = CKR_SIGNATURE_INVALID;
- return crv;
- }
- /*
- * turn a CDMF key into a des key. CDMF is an old IBM scheme to export DES by
- * Deprecating a full des key to 40 bit key strenth.
- */
- static CK_RV
- sftk_cdmf2des(unsigned char *cdmfkey, unsigned char *deskey)
- {
- unsigned char key1[8] = { 0xc4, 0x08, 0xb0, 0x54, 0x0b, 0xa1, 0xe0, 0xae };
- unsigned char key2[8] = { 0xef, 0x2c, 0x04, 0x1c, 0xe6, 0x38, 0x2f, 0xe6 };
- unsigned char enc_src[8];
- unsigned char enc_dest[8];
- unsigned int leng,i;
- DESContext *descx;
- SECStatus rv;
-
-
- /* zero the parity bits */
- for (i=0; i < 8; i++) {
- enc_src[i] = cdmfkey[i] & 0xfe;
- }
- /* encrypt with key 1 */
- descx = DES_CreateContext(key1, NULL, NSS_DES, PR_TRUE);
- if (descx == NULL) return CKR_HOST_MEMORY;
- rv = DES_Encrypt(descx, enc_dest, &leng, 8, enc_src, 8);
- DES_DestroyContext(descx,PR_TRUE);
- if (rv != SECSuccess) return sftk_MapCryptError(PORT_GetError());
- /* xor source with des, zero the parity bits and deprecate the key*/
- for (i=0; i < 8; i++) {
- if (i & 1) {
- enc_src[i] = (enc_src[i] ^ enc_dest[i]) & 0xfe;
- } else {
- enc_src[i] = (enc_src[i] ^ enc_dest[i]) & 0x0e;
- }
- }
- /* encrypt with key 2 */
- descx = DES_CreateContext(key2, NULL, NSS_DES, PR_TRUE);
- if (descx == NULL) return CKR_HOST_MEMORY;
- rv = DES_Encrypt(descx, deskey, &leng, 8, enc_src, 8);
- DES_DestroyContext(descx,PR_TRUE);
- if (rv != SECSuccess) return sftk_MapCryptError(PORT_GetError());
- /* set the corret parity on our new des key */
- sftk_FormatDESKey(deskey, 8);
- return CKR_OK;
- }
- /* NSC_DestroyObject destroys an object. */
- CK_RV
- NSC_DestroyObject(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject)
- {
- SFTKSlot *slot = sftk_SlotFromSessionHandle(hSession);
- SFTKSession *session;
- SFTKObject *object;
- SFTKFreeStatus status;
- CHECK_FORK();
- if (slot == NULL) {
- return CKR_SESSION_HANDLE_INVALID;
- }
- /*
- * This whole block just makes sure we really can destroy the
- * requested object.
- */
- session = sftk_SessionFromHandle(hSession);
- if (session == NULL) {
- return CKR_SESSION_HANDLE_INVALID;
- }
- object = sftk_ObjectFromHandle(hObject,session);
- if (object == NULL) {
- sftk_FreeSession(session);
- return CKR_OBJECT_HANDLE_INVALID;
- }
- /* don't destroy a private object if we aren't logged in */
- if ((!slot->isLoggedIn) && (slot->needLogin) &&
- (sftk_isTrue(object,CKA_PRIVATE))) {
- sftk_FreeSession(session);
- sftk_FreeObject(object);
- return CKR_USER_NOT_LOGGED_IN;
- }
- /* don't destroy a token object if we aren't in a rw session */
- if (((session->info.flags & CKF_RW_SESSION) == 0) &&
- (sftk_isTrue(object,CKA_TOKEN))) {
- sftk_FreeSession(session);
- sftk_FreeObject(object);
- return CKR_SESSION_READ_ONLY;
- }
- sftk_DeleteObject(session,object);
- sftk_FreeSession(session);
- /*
- * get some indication if the object is destroyed. Note: this is not
- * 100%. Someone may have an object reference outstanding (though that
- * should not be the case by here. Also note that the object is "half"
- * destroyed. Our internal representation is destroyed, but it may still
- * be in the data base.
- */
- status = sftk_FreeObject(object);
- return (status != SFTK_DestroyFailure) ? CKR_OK : CKR_DEVICE_ERROR;
- }
- /*
- ************** Crypto Functions: Utilities ************************
- */
- /*
- * return a context based on the SFTKContext type.
- */
- SFTKSessionContext *
- sftk_ReturnContextByType(SFTKSession *session, SFTKContextType type)
- {
- switch (type) {
- case SFTK_ENCRYPT:
- case SFTK_DECRYPT:
- return session->enc_context;
- case SFTK_HASH:
- return session->hash_context;
- case SFTK_SIGN:
- case SFTK_SIGN_RECOVER:
- case SFTK_VERIFY:
- case SFTK_VERIFY_RECOVER:
- return session->hash_context;
- }
- return NULL;
- }
- /*
- * change a context based on the SFTKContext type.
- */
- void
- sftk_SetContextByType(SFTKSession *session, SFTKContextType type,
- SFTKSessionContext *context)
- {
- switch (type) {
- case SFTK_ENCRYPT:
- case SFTK_DECRYPT:
- session->enc_context = context;
- break;
- case SFTK_HASH:
- session->hash_context = context;
- break;
- case SFTK_SIGN:
- case SFTK_SIGN_RECOVER:
- case SFTK_VERIFY:
- case SFTK_VERIFY_RECOVER:
- session->hash_context = context;
- break;
- }
- return;
- }
- /*
- * code to grab the context. Needed by every C_XXXUpdate, C_XXXFinal,
- * and C_XXX function. The function takes a session handle, the context type,
- * and wether or not the session needs to be multipart. It returns the context,
- * and optionally returns the session pointer (if sessionPtr != NULL) if session
- * pointer is returned, the caller is responsible for freeing it.
- */
- static CK_RV
- sftk_GetContext(CK_SESSION_HANDLE handle,SFTKSessionContext **contextPtr,
- SFTKContextType type, PRBool needMulti, SFTKSession **sessionPtr)
- {
- SFTKSession *session;
- SFTKSessionContext *context;
- session = sftk_SessionFromHandle(handle);
- if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
- context = sftk_ReturnContextByType(session,type);
- /* make sure the context is valid */
- if((context==NULL)||(context->type!=type)||(needMulti&&!(context->multi))){
- sftk_FreeSession(session);
- return CKR_OPERATION_NOT_INITIALIZED;
- }
- *contextPtr = context;
- if (sessionPtr != NULL) {
- *sessionPtr = session;
- } else {
- sftk_FreeSession(session);
- }
- return CKR_OK;
- }
- /** Terminate operation (in the PKCS#11 spec sense).
- * Intuitive name for FreeContext/SetNullContext pair.
- */
- static void
- sftk_TerminateOp( SFTKSession *session, SFTKContextType ctype,
- SFTKSessionContext *context )
- {
- sftk_FreeContext( context );
- sftk_SetContextByType( session, ctype, NULL );
- }
- /*
- ************** Crypto Functions: Encrypt ************************
- */
- /*
- * All the NSC_InitXXX functions have a set of common checks and processing they
- * all need to do at the beginning. This is done here.
- */
- static CK_RV
- sftk_InitGeneric(SFTKSession *session,SFTKSessionContext **contextPtr,
- SFTKContextType ctype,SFTKObject **keyPtr,
- CK_OBJECT_HANDLE hKey, CK_KEY_TYPE *keyTypePtr,
- CK_OBJECT_CLASS pubKeyType, CK_ATTRIBUTE_TYPE operation)
- {
- SFTKObject *key = NULL;
- SFTKAttribute *att;
- SFTKSessionContext *context;
- /* We can only init if there is not current context active */
- if (sftk_ReturnContextByType(session,ctype) != NULL) {
- return CKR_OPERATION_ACTIVE;
- }
- /* find the key */
- if (keyPtr) {
- key = sftk_ObjectFromHandle(hKey,session);
- if (key == NULL) {
- return CKR_KEY_HANDLE_INVALID;
- }
- /* make sure it's a valid key for this operation */
- if (((key->objclass != CKO_SECRET_KEY) && (key->objclass != pubKeyType))
- || !sftk_isTrue(key,operation)) {
- sftk_FreeObject(key);
- return CKR_KEY_TYPE_INCONSISTENT;
- }
- /* get the key type */
- att = sftk_FindAttribute(key,CKA_KEY_TYPE);
- if (att == NULL) {
- sftk_FreeObject(key);
- return CKR_KEY_TYPE_INCONSISTENT;
- }
- PORT_Assert(att->attrib.ulValueLen == sizeof(CK_KEY_TYPE));
- if (att->attrib.ulValueLen != sizeof(CK_KEY_TYPE)) {
- sftk_FreeAttribute(att);
- sftk_FreeObject(key);
- return CKR_ATTRIBUTE_VALUE_INVALID;
- }
- PORT_Memcpy(keyTypePtr, att->attrib.pValue, sizeof(CK_KEY_TYPE));
- sftk_FreeAttribute(att);
- *keyPtr = key;
- }
- /* allocate the context structure */
- context = (SFTKSessionContext *)PORT_Alloc(sizeof(SFTKSessionContext));
- if (context == NULL) {
- if (key) sftk_FreeObject(key);
- return CKR_HOST_MEMORY;
- }
- context->type = ctype;
- context->multi = PR_TRUE;
- context->cipherInfo = NULL;
- context->hashInfo = NULL;
- context->doPad = PR_FALSE;
- context->padDataLength = 0;
- context->key = key;
- context->blockSize = 0;
- *contextPtr = context;
- return CKR_OK;
- }
- /** NSC_CryptInit initializes an encryption/Decryption operation.
- *
- * Always called by NSC_EncryptInit, NSC_DecryptInit, NSC_WrapKey,NSC_UnwrapKey.
- * Called by NSC_SignInit, NSC_VerifyInit (via sftk_InitCBCMac) only for block
- * ciphers MAC'ing.
- */
- static CK_RV
- sftk_CryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hKey,
- CK_ATTRIBUTE_TYPE mechUsage, CK_ATTRIBUTE_TYPE keyUsage,
- SFTKContextType contextType, PRBool isEncrypt)
- {
- SFTKSession *session;
- SFTKObject *key;
- SFTKSessionContext *context;
- SFTKAttribute *att;
- CK_RC2_CBC_PARAMS *rc2_param;
- #if NSS_SOFTOKEN_DOES_RC5
- CK_RC5_CBC_PARAMS *rc5_param;
- SECItem rc5Key;
- #endif
- CK_KEY_TYPE key_type;
- CK_RV crv = CKR_OK;
- unsigned effectiveKeyLength;
- unsigned char newdeskey[24];
- PRBool useNewKey=PR_FALSE;
- int t;
- crv = sftk_MechAllowsOperation(pMechanism->mechanism, mechUsage );
- if (crv != CKR_OK)
- return crv;
- session = sftk_SessionFromHandle(hSession);
- if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
- crv = sftk_InitGeneric(session,&context,contextType,&key,hKey,&key_type,
- isEncrypt ?CKO_PUBLIC_KEY:CKO_PRIVATE_KEY, keyUsage);
-
- if (crv != CKR_OK) {
- sftk_FreeSession(session);
- return crv;
- }
- context->doPad = PR_FALSE;
- switch(pMechanism->mechanism) {
- case CKM_RSA_PKCS:
- case CKM_RSA_X_509:
- if (key_type != CKK_RSA) {
- crv = CKR_KEY_TYPE_INCONSISTENT;
- break;
- }
- context->multi = PR_FALSE;
- if (isEncrypt) {
- NSSLOWKEYPublicKey *pubKey = sftk_GetPubKey(key,CKK_RSA,&crv);
- if (pubKey == NULL) {
- break;
- }
- context->maxLen = nsslowkey_PublicModulusLen(pubKey);
- context->cipherInfo = (void *)pubKey;
- context->update = (SFTKCipher)
- (pMechanism->mechanism == CKM_RSA_X_509
- ? RSA_EncryptRaw : RSA_EncryptBlock);
- } else {
- NSSLOWKEYPrivateKey *privKey = sftk_GetPrivKey(key,CKK_RSA,&crv);
- if (privKey == NULL) {
- break;
- }
- context->maxLen = nsslowkey_PrivateModulusLen(privKey);
- context->cipherInfo = (void *)privKey;
- context->update = (SFTKCipher)
- (pMechanism->mechanism == CKM_RSA_X_509
- ? RSA_DecryptRaw : RSA_DecryptBlock);
- }
- context->destroy = sftk_Null;
- break;
- case CKM_RC2_CBC_PAD:
- context->doPad = PR_TRUE;
- /* fall thru */
- case CKM_RC2_ECB:
- case CKM_RC2_CBC:
- context->blockSize = 8;
- if (key_type != CKK_RC2) {
- crv = CKR_KEY_TYPE_INCONSISTENT;
- break;
- }
- att = sftk_FindAttribute(key,CKA_VALUE);
- if (att == NULL) {
- crv = CKR_KEY_HANDLE_INVALID;
- break;
- }
- rc2_param = (CK_RC2_CBC_PARAMS *)pMechanism->pParameter;
- effectiveKeyLength = (rc2_param->ulEffectiveBits+7)/8;
- context->cipherInfo =
- RC2_CreateContext((unsigned char*)att->attrib.pValue,
- att->attrib.ulValueLen, rc2_param->iv,
- pMechanism->mechanism == CKM_RC2_ECB ? NSS_RC2 :
- NSS_RC2_CBC,effectiveKeyLength);
- sftk_FreeAttribute(att);
- if (context->cipherInfo == NULL) {
- crv = CKR_HOST_MEMORY;
- break;
- }
- context->update = (SFTKCipher) (isEncrypt ? RC2_Encrypt : RC2_Decrypt);
- context->destroy = (SFTKDestroy) RC2_DestroyContext;
- break;
- #if NSS_SOFTOKEN_DOES_RC5
- case CKM_RC5_CBC_PAD:
- context->doPad = PR_TRUE;
- /* fall thru */
- case CKM_RC5_ECB:
- case CKM_RC5_CBC:
- if (key_type != CKK_RC5) {
- crv = CKR_KEY_TYPE_INCONSISTENT;
- break;
- }
- att = sftk_FindAttribute(key,CKA_VALUE);
- if (att == NULL) {
- crv = CKR_KEY_HANDLE_INVALID;
- break;
- }
- rc5_param = (CK_RC5_CBC_PARAMS *)pMechanism->pParameter;
- context->blockSize = rc5_param->ulWordsize*2;
- rc5Key.data = (unsigned char*)att->attrib.pValue;
- rc5Key.len = att->attrib.ulValueLen;
- context->cipherInfo = RC5_CreateContext(&rc5Key,rc5_param->ulRounds,
- rc5_param->ulWordsize,rc5_param->pIv,
- pMechanism->mechanism == CKM_RC5_ECB ? NSS_RC5 : NSS_RC5_CBC);
- sftk_FreeAttribute(att);
- if (context->cipherInfo == NULL) {
- crv = CKR_HOST_MEMORY;
- break;
- }
- context->update = (SFTKCipher) (isEncrypt ? RC5_Encrypt : RC5_Decrypt);
- context->destroy = (SFTKDestroy) RC5_DestroyContext;
- break;
- #endif
- case CKM_RC4:
- if (key_type != CKK_RC4) {
- crv = CKR_KEY_TYPE_INCONSISTENT;
- break;
- }
- att = sftk_FindAttribute(key,CKA_VALUE);
- if (att == NULL) {
- crv = CKR_KEY_HANDLE_INVALID;
- break;
- }
- context->cipherInfo =
- RC4_CreateContext((unsigned char*)att->attrib.pValue,
- att->attrib.ulValueLen);
- sftk_FreeAttribute(att);
- if (context->cipherInfo == NULL) {
- crv = CKR_HOST_MEMORY; /* WRONG !!! */
- break;
- }
- context->update = (SFTKCipher) (isEncrypt ? RC4_Encrypt : RC4_Decrypt);
- context->destroy = (SFTKDestroy) RC4_DestroyContext;
- break;
- case CKM_CDMF_CBC_PAD:
- context->doPad = PR_TRUE;
- /* fall thru */
- case CKM_CDMF_ECB:
- case CKM_CDMF_CBC:
- if (key_type != CKK_CDMF) {
- crv = CKR_KEY_TYPE_INCONSISTENT;
- break;
- }
- t = (pMechanism->mechanism == CKM_CDMF_ECB) ? NSS_DES : NSS_DES_CBC;
- if (crv != CKR_OK) break;
- goto finish_des;
- case CKM_DES_ECB:
- if (key_type != CKK_DES) {
- crv = CKR_KEY_TYPE_INCONSISTENT;
- break;
- }
- t = NSS_DES;
- goto finish_des;
- case CKM_DES_CBC_PAD:
- context->doPad = PR_TRUE;
- /* fall thru */
- case CKM_DES_CBC:
- if (key_type != CKK_DES) {
- crv = CKR_KEY_TYPE_INCONSISTENT;
- break;
- }
- t = NSS_DES_CBC;
- goto finish_des;
- case CKM_DES3_ECB:
- if ((key_type != CKK_DES2) && (key_type != CKK_DES3)) {
- crv = CKR_KEY_TYPE_INCONSISTENT;
- break;
- }
- t = NSS_DES_EDE3;
- goto finish_des;
- case CKM_DES3_CBC_PAD:
- context->doPad = PR_TRUE;
- /* fall thru */
- case CKM_DES3_CBC:
- if ((key_type != CKK_DES2) && (key_type != CKK_DES3)) {
- crv = CKR_KEY_TYPE_INCONSISTENT;
- break;
- }
- t = NSS_DES_EDE3_CBC;
- finish_des:
- context->blockSize = 8;
- att = sftk_FindAttribute(key,CKA_VALUE);
- if (att == NULL) {
- crv = CKR_KEY_HANDLE_INVALID;
- break;
- }
- if (key_type == CKK_DES2 &&
- (t == NSS_DES_EDE3_CBC || t == NSS_DES_EDE3)) {
- /* extend DES2 key to DES3 key. */
- memcpy(newdeskey, att->attrib.pValue, 16);
- memcpy(newdeskey + 16, newdeskey, 8);
- useNewKey=PR_TRUE;
- } else if (key_type == CKK_CDMF) {
- crv = sftk_cdmf2des((unsigned char*)att->attrib.pValue,newdeskey);
- if (crv != CKR_OK) {
- sftk_FreeAttribute(att);
- break;
- }
- useNewKey=PR_TRUE;
- }
- context->cipherInfo = DES_CreateContext(
- useNewKey ? newdeskey : (unsigned char*)att->attrib.pValue,
- (unsigned char*)pMechanism->pParameter,t, isEncrypt);
- if (useNewKey)
- memset(newdeskey, 0, sizeof newdeskey);
- sftk_FreeAttribute(att);
- if (context->cipherInfo == NULL) {
- crv = CKR_HOST_MEMORY;
- break;
- }
- context->update = (SFTKCipher) (isEncrypt ? DES_Encrypt : DES_Decrypt);
- context->destroy = (SFTKDestroy) DES_DestroyContext;
- break;
- case CKM_SEED_CBC_PAD:
- context->doPad = PR_TRUE;
- /* fall thru */
- case CKM_SEED_CBC:
- if (!pMechanism->pParameter ||
- pMechanism->ulParameterLen != 16) {
- crv = CKR_MECHANISM_PARAM_INVALID;
- break;
- }
- /* fall thru */
- case CKM_SEED_ECB:
- context->blockSize = 16;
- if (key_type != CKK_SEED) {
- crv = CKR_KEY_TYPE_INCONSISTENT;
- break;
- }
- att = sftk_FindAttribute(key,CKA_VALUE);
- if (att == NULL) {
- crv = CKR_KEY_HANDLE_INVALID;
- break;
- }
- context->cipherInfo = SEED_CreateContext(
- (unsigned char*)att->attrib.pValue,
- (unsigned char*)pMechanism->pParameter,
- pMechanism->mechanism == CKM_SEED_ECB ? NSS_SEED : NSS_SEED_CBC,
- isEncrypt);
- sftk_FreeAttribute(att);
- if (context->cipherInfo == NULL) {
- crv = CKR_HOST_MEMORY;
- break;
- }
- context->update = (SFTKCipher)(isEncrypt ? SEED_Encrypt : SEED_Decrypt);
- context->destroy = (SFTKDestroy) SEED_DestroyContext;
- break;
- case CKM_CAMELLIA_CBC_PAD:
- context->doPad = PR_TRUE;
- /* fall thru */
- case CKM_CAMELLIA_CBC:
- if (!pMechanism->pParameter ||
- pMechanism->ulParameterLen != 16) {
- crv = CKR_MECHANISM_PARAM_INVALID;
- break;
- }
- /* fall thru */
- case CKM_CAMELLIA_ECB:
- context->blockSize = 16;
- if (key_type != CKK_CAMELLIA) {
- crv = CKR_KEY_TYPE_INCONSISTENT;
- break;
- }
- att = sftk_FindAttribute(key,CKA_VALUE);
- if (att == NULL) {
- crv = CKR_KEY_HANDLE_INVALID;
- break;
- }
- context->cipherInfo = Camellia_CreateContext(
- (unsigned char*)att->attrib.pValue,
- (unsigned char*)pMechanism->pParameter,
- pMechanism->mechanism ==
- CKM_CAMELLIA_ECB ? NSS_CAMELLIA : NSS_CAMELLIA_CBC,
- isEncrypt, att->attrib.ulValueLen);
- sftk_FreeAttribute(att);
- if (context->cipherInfo == NULL) {
- crv = CKR_HOST_MEMORY;
- break;
- }
- context->update = (SFTKCipher) (isEncrypt ?
- Camellia_Encrypt : Camellia_Decrypt);
- context->destroy = (SFTKDestroy) Camellia_DestroyContext;
- break;
- case CKM_AES_CBC_PAD:
- context->doPad = PR_TRUE;
- /* fall thru */
- case CKM_AES_ECB:
- case CKM_AES_CBC:
- context->blockSize = 16;
- if (key_type != CKK_AES) {
- crv = CKR_KEY_TYPE_INCONSISTENT;
- break;
- }
- att = sftk_FindAttribute(key,CKA_VALUE);
- if (att == NULL) {
- crv = CKR_KEY_HANDLE_INVALID;
- break;
- }
- context->cipherInfo = AES_CreateContext(
- (unsigned char*)att->attrib.pValue,
- (unsigned char*)pMechanism->pParameter,
- pMechanism->mechanism == CKM_AES_ECB ? NSS_AES : NSS_AES_CBC,
- isEncrypt, att->attrib.ulValueLen, 16);
- sftk_FreeAttribute(att);
- if (context->cipherInfo == NULL) {
- crv = CKR_HOST_MEMORY;
- break;
- }
- context->update = (SFTKCipher) (isEncrypt ? AES_Encrypt : AES_Decrypt);
- context->destroy = (SFTKDestroy) AES_DestroyContext;
- break;
- case CKM_NETSCAPE_AES_KEY_WRAP_PAD:
- context->doPad = PR_TRUE;
- /* fall thru */
- case CKM_NETSCAPE_AES_KEY_WRAP:
- context->multi = PR_FALSE;
- context->blockSize = 8;
- if (key_type != CKK_AES) {
- crv = CKR_KEY_TYPE_INCONSISTENT;
- break;
- }
- att = sftk_FindAttribute(key,CKA_VALUE);
- if (att == NULL) {
- crv = CKR_KEY_HANDLE_INVALID;
- break;
- }
- context->cipherInfo = AESKeyWrap_CreateContext(
- (unsigned char*)att->attrib.pValue,
- (unsigned char*)pMechanism->pParameter,
- isEncrypt, att->attrib.ulValueLen);
- sftk_FreeAttribute(att);
- if (context->cipherInfo == NULL) {
- crv = CKR_HOST_MEMORY;
- break;
- }
- context->update = (SFTKCipher) (isEncrypt ? AESKeyWrap_Encrypt
- : AESKeyWrap_Decrypt);
- context->destroy = (SFTKDestroy) AESKeyWrap_DestroyContext;
- break;
- default:
- crv = CKR_MECHANISM_INVALID;
- break;
- }
- if (crv != CKR_OK) {
- sftk_FreeContext(context);
- sftk_FreeSession(session);
- return crv;
- }
- sftk_SetContextByType(session, contextType, context);
- sftk_FreeSession(session);
- return CKR_OK;
- }
- /* NSC_EncryptInit initializes an encryption operation. */
- CK_RV NSC_EncryptInit(CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
- {
- CHECK_FORK();
- return sftk_CryptInit(hSession, pMechanism, hKey, CKA_ENCRYPT, CKA_ENCRYPT,
- SFTK_ENCRYPT, PR_TRUE);
- }
- /* NSC_EncryptUpdate continues a multiple-part encryption operation. */
- CK_RV NSC_EncryptUpdate(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pPart, CK_ULONG ulPartLen, CK_BYTE_PTR pEncryptedPart,
- CK_ULONG_PTR pulEncryptedPartLen)
- {
- SFTKSessionContext *context;
- unsigned int outlen,i;
- unsigned int padoutlen = 0;
- unsigned int maxout = *pulEncryptedPartLen;
- CK_RV crv;
- SECStatus rv;
- CHECK_FORK();
- /* make sure we're legal */
- crv = sftk_GetContext(hSession,&context,SFTK_ENCRYPT,PR_TRUE,NULL);
- if (crv != CKR_OK) return crv;
- if (!pEncryptedPart) {
- if (context->doPad) {
- CK_ULONG totalDataAvailable = ulPartLen + context->padDataLength;
- CK_ULONG blocksToSend = totalDataAvailable/context->blockSize;
- *pulEncryptedPartLen = blocksToSend * context->blockSize;
- return CKR_OK;
- }
- *pulEncryptedPartLen = ulPartLen;
- return CKR_OK;
- }
- /* do padding */
- if (context->doPad) {
- /* deal with previous buffered data */
- if (context->padDataLength != 0) {
- /* fill in the padded to a full block size */
- for (i=context->padDataLength;
- (ulPartLen != 0) && i < context->blockSize; i++) {
- context->padBuf[i] = *pPart++;
- ulPartLen--;
- context->padDataLength++;
- }
- /* not enough data to encrypt yet? then return */
- if (context->padDataLength != context->blockSize) {
- *pulEncryptedPartLen = 0;
- return CKR_OK;
- }
- /* encrypt the current padded data */
- rv = (*context->update)(context->cipherInfo, pEncryptedPart,
- &padoutlen, context->blockSize, context->padBuf,
- context->blockSize);
- if (rv != SECSuccess) {
- return sftk_MapCryptError(PORT_GetError());
- }
- pEncryptedPart += padoutlen;
- maxout -= padoutlen;
- }
- /* save the residual */
- context->padDataLength = ulPartLen % context->blockSize;
- if (context->padDataLength) {
- PORT_Memcpy(context->padBuf,
- &pPart[ulPartLen-context->padDataLength],
- context->padDataLength);
- ulPartLen -= context->padDataLength;
- }
- /* if we've exhausted our new buffer, we're done */
- if (ulPartLen == 0) {
- *pulEncryptedPartLen = padoutlen;
- return CKR_OK;
- }
- }
- /* do it: NOTE: this assumes buf size in is >= buf size out! */
- rv = (*context->update)(context->cipherInfo,pEncryptedPart,
- &outlen, maxout, pPart, ulPartLen);
- *pulEncryptedPartLen = (CK_ULONG) (outlen + padoutlen);
- return (rv == SECSuccess) ? CKR_OK : sftk_MapCryptError(PORT_GetError());
- }
- /* NSC_EncryptFinal finishes a multiple-part encryption operation. */
- CK_RV NSC_EncryptFinal(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pLastEncryptedPart, CK_ULONG_PTR pulLastEncryptedPartLen)
- {
- SFTKSession *session;
- SFTKSessionContext *context;
- unsigned int outlen,i;
- unsigned int maxout = *pulLastEncryptedPartLen;
- CK_RV crv;
- SECStatus rv = SECSuccess;
- PRBool contextFinished = PR_TRUE;
- CHECK_FORK();
- /* make sure we're legal */
- crv = sftk_GetContext(hSession,&context,SFTK_ENCRYPT,PR_TRUE,&session);
- if (crv != CKR_OK) return crv;
- *pulLastEncryptedPartLen = 0;
- if (!pLastEncryptedPart) {
- /* caller is checking the amount of remaining data */
- if (context->blockSize > 0 && context->doPad) {
- *pulLastEncryptedPartLen = context->blockSize;
- contextFinished = PR_FALSE; /* still have padding to go */
- }
- goto finish;
- }
- /* do padding */
- if (context->doPad) {
- unsigned char padbyte = (unsigned char)
- (context->blockSize - context->padDataLength);
- /* fill out rest of pad buffer with pad magic*/
- for (i=context->padDataLength; i < context->blockSize; i++) {
- context->padBuf[i] = padbyte;
- }
- rv = (*context->update)(context->cipherInfo,pLastEncryptedPart,
- &outlen, maxout, context->padBuf, context->blockSize);
- if (rv == SECSuccess) *pulLastEncryptedPartLen = (CK_ULONG) outlen;
- }
- finish:
- if (contextFinished)
- sftk_TerminateOp( session, SFTK_ENCRYPT, context );
- sftk_FreeSession(session);
- return (rv == SECSuccess) ? CKR_OK : sftk_MapCryptError(PORT_GetError());
- }
- /* NSC_Encrypt encrypts single-part data. */
- CK_RV NSC_Encrypt (CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
- CK_ULONG ulDataLen, CK_BYTE_PTR pEncryptedData,
- CK_ULONG_PTR pulEncryptedDataLen)
- {
- SFTKSession *session;
- SFTKSessionContext *context;
- unsigned int outlen;
- unsigned int maxoutlen = *pulEncryptedDataLen;
- CK_RV crv;
- CK_RV crv2;
- SECStatus rv = SECSuccess;
- SECItem pText;
- pText.type = siBuffer;
- pText.data = pData;
- pText.len = ulDataLen;
- CHECK_FORK();
- /* make sure we're legal */
- crv = sftk_GetContext(hSession,&context,SFTK_ENCRYPT,PR_FALSE,&session);
- if (crv != CKR_OK) return crv;
- if (!pEncryptedData) {
- *pulEncryptedDataLen = context->multi ?
- ulDataLen + 2 * context->blockSize : context->maxLen;
- goto finish;
- }
- if (context->doPad) {
- if (context->multi) {
- CK_ULONG finalLen;
- /* padding is fairly complicated, have the update and final
- * code deal with it */
- sftk_FreeSession(session);
- crv = NSC_EncryptUpdate(hSession, pData, ulDataLen, pEncryptedData,
- pulEncryptedDataLen);
- if (crv != CKR_OK)
- *pulEncryptedDataLen = 0;
- maxoutlen -= *pulEncryptedDataLen;
- pEncryptedData += *pulEncryptedDataLen;
- finalLen = maxoutlen;
- crv2 = NSC_EncryptFinal(hSession, pEncryptedData, &finalLen);
- if (crv2 == CKR_OK)
- *pulEncryptedDataLen += finalLen;
- return crv == CKR_OK ? crv2 : crv;
- }
- /* doPad without multi means that padding must be done on the first
- ** and only update. There will be no final.
- */
- PORT_Assert(context->blockSize > 1);
- if (context->blockSize > 1) {
- CK_ULONG remainder = ulDataLen % context->blockSize;
- CK_ULONG padding = context->blockSize - remainder;
- pText.len += padding;
- pText.data = PORT_ZAlloc(pText.len);
- if (pText.data) {
- memcpy(pText.data, pData, ulDataLen);
- memset(pText.data + ulDataLen, padding, padding);
- } else {
- crv = CKR_HOST_MEMORY;
- goto fail;
- }
- }
- }
- /* do it: NOTE: this assumes buf size is big enough. */
- rv = (*context->update)(context->cipherInfo, pEncryptedData,
- &outlen, maxoutlen, pText.data, pText.len);
- crv = (rv == SECSuccess) ? CKR_OK : sftk_MapCryptError(PORT_GetError());
- *pulEncryptedDataLen = (CK_ULONG) outlen;
- if (pText.data != pData)
- PORT_ZFree(pText.data, pText.len);
- fail:
- sftk_TerminateOp( session, SFTK_ENCRYPT, context );
- finish:
- sftk_FreeSession(session);
- return crv;
- }
- /*
- ************** Crypto Functions: Decrypt ************************
- */
- /* NSC_DecryptInit initializes a decryption operation. */
- CK_RV NSC_DecryptInit( CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
- {
- CHECK_FORK();
- return sftk_CryptInit(hSession, pMechanism, hKey, CKA_DECRYPT, CKA_DECRYPT,
- SFTK_DECRYPT, PR_FALSE);
- }
- /* NSC_DecryptUpdate continues a multiple-part decryption operation. */
- CK_RV NSC_DecryptUpdate(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pEncryptedPart, CK_ULONG ulEncryptedPartLen,
- CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen)
- {
- SFTKSessionContext *context;
- unsigned int padoutlen = 0;
- unsigned int outlen;
- unsigned int maxout = *pulPartLen;
- CK_RV crv;
- SECStatus rv;
- CHECK_FORK();
- /* make sure we're legal */
- crv = sftk_GetContext(hSession,&context,SFTK_DECRYPT,PR_TRUE,NULL);
- if (crv != CKR_OK) return crv;
- /* this can only happen on an NSS programming error */
- PORT_Assert((context->padDataLength == 0)
- || context->padDataLength == context->blockSize);
- if (!pPart) {
- if (context->doPad) {
- /* we can check the data length here because if we are padding,
- * then we must be using a block cipher. In the non-padding case
- * the error will be returned by the underlying decryption
- * function when do do the actual decrypt. We need to do the
- * check here to avoid returning a negative length to the caller.
- */
- if ((ulEncryptedPartLen == 0) ||
- (ulEncryptedPartLen % context->blockSize) != 0) {
- return CKR_ENCRYPTED_DATA_LEN_RANGE;
- }
- *pulPartLen =
- ulEncryptedPartLen + context->padDataLength - context->blockSize;
- return CKR_OK;
- }
- /* for stream ciphers there is are no constraints on ulEncryptedPartLen.
- * for block ciphers, it must be a multiple of blockSize. The error is
- * detected when this function is called again do decrypt the output.
- */
- *pulPartLen = ulEncryptedPartLen;
- return CKR_OK;
- }
- if (context->doPad) {
- /* first decrypt our saved buffer */
- if (context->padDataLength != 0) {
- rv = (*context->update)(context->cipherInfo, pPart, &padoutlen,
- maxout, context->padBuf, context->blockSize);
- if (rv != SECSuccess) return sftk_MapDecryptError(PORT_GetError());
- pPart += padoutlen;
- maxout -= padoutlen;
- }
- /* now save the final block for the next decrypt or the final */
- PORT_Memcpy(context->padBuf,&pEncryptedPart[ulEncryptedPartLen -
- context->blockSize], context->blockSize);
- context->padDataLength = context->blockSize;
- ulEncryptedPartLen -= context->padDataLength;
- }
- /* do it: NOTE: this assumes buf size in is >= buf size out! */
- rv = (*context->update)(context->cipherInfo,pPart, &outlen,
- maxout, pEncryptedPart, ulEncryptedPartLen);
- *pulPartLen = (CK_ULONG) (outlen + padoutlen);
- return (rv == SECSuccess) ? CKR_OK : sftk_MapDecryptError(PORT_GetError());
- }
- /* NSC_DecryptFinal finishes a multiple-part decryption operation. */
- CK_RV NSC_DecryptFinal(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pLastPart, CK_ULONG_PTR pulLastPartLen)
- {
- SFTKSession *session;
- SFTKSessionContext *context;
- unsigned int outlen;
- unsigned int maxout = *pulLastPartLen;
- CK_RV crv;
- SECStatus rv = SECSuccess;
- CHECK_FORK();
- /* make sure we're legal */
- crv = sftk_GetContext(hSession,&context,SFTK_DECRYPT,PR_TRUE,&session);
- if (crv != CKR_OK) return crv;
- *pulLastPartLen = 0;
- if (!pLastPart) {
- /* caller is checking the amount of remaining data */
- if (context->padDataLength > 0) {
- *pulLastPartLen = context->padDataLength;
- }
- rv = SECSuccess;
- goto finish;
- }
- if (context->doPad) {
- /* decrypt our saved buffer */
- if (context->padDataLength != 0) {
- /* this assumes that pLastPart is big enough to hold the *whole*
- * buffer!!! */
- rv = (*context->update)(context->cipherInfo, pLastPart, &outlen,
- maxout, context->padBuf, context->blockSize);
- if (rv == SECSuccess) {
- unsigned int padSize =
- (unsigned int) pLastPart[context->blockSize-1];
- if ((padSize > context->blockSize) || (padSize == 0)) {
- rv = SECFailure;
- } else {
- *pulLastPartLen = outlen - padSize;
- }
- }
- }
- }
- sftk_TerminateOp( session, SFTK_DECRYPT, context );
- finish:
- sftk_FreeSession(session);
- return (rv == SECSuccess) ? CKR_OK : sftk_MapDecryptError(PORT_GetError());
- }
- /* NSC_Decrypt decrypts encrypted data in a single part. */
- CK_RV NSC_Decrypt(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pEncryptedData,CK_ULONG ulEncryptedDataLen,CK_BYTE_PTR pData,
- CK_ULONG_PTR pulDataLen)
- {
- SFTKSession *session;
- SFTKSessionContext *context;
- unsigned int outlen;
- unsigned int maxoutlen = *pulDataLen;
- CK_RV crv;
- CK_RV crv2;
- SECStatus rv = SECSuccess;
- CHECK_FORK();
- /* make sure we're legal */
- crv = sftk_GetContext(hSession,&context,SFTK_DECRYPT,PR_FALSE,&session);
- if (crv != CKR_OK) return crv;
- if (!pData) {
- *pulDataLen = ulEncryptedDataLen + context->blockSize;
- goto finish;
- }
- if (context->doPad && context->multi) {
- CK_ULONG finalLen;
- /* padding is fairly complicated, have the update and final
- * code deal with it */
- sftk_FreeSession(session);
- crv = NSC_DecryptUpdate(hSession,pEncryptedData,ulEncryptedDataLen,
- pData, pulDataLen);
- if (crv != CKR_OK)
- *pulDataLen = 0;
- maxoutlen -= *pulDataLen;
- pData += *pulDataLen;
- finalLen = maxoutlen;
- crv2 = NSC_DecryptFinal(hSession, pData, &finalLen);
- if (crv2 == CKR_OK)
- *pulDataLen += finalLen;
- return crv == CKR_OK ? crv2 : crv;
- }
- rv = (*context->update)(context->cipherInfo, pData, &outlen, maxoutlen,
- pEncryptedData, ulEncryptedDataLen);
- /* XXX need to do MUCH better error mapping than this. */
- crv = (rv == SECSuccess) ? CKR_OK : sftk_MapDecryptError(PORT_GetError());
- if (rv == SECSuccess && context->doPad) {
- CK_ULONG padding = pData[outlen - 1];
- if (padding > context->blockSize || !padding) {
- crv = CKR_ENCRYPTED_DATA_INVALID;
- } else
- outlen -= padding;
- }
- *pulDataLen = (CK_ULONG) outlen;
- sftk_TerminateOp( session, SFTK_DECRYPT, context );
- finish:
- sftk_FreeSession(session);
- return crv;
- }
- /*
- ************** Crypto Functions: Digest (HASH) ************************
- */
- /* NSC_DigestInit initializes a message-digesting operation. */
- CK_RV NSC_DigestInit(CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism)
- {
- SFTKSession *session;
- SFTKSessionContext *context;
- CK_RV crv = CKR_OK;
- CHECK_FORK();
- session = sftk_SessionFromHandle(hSession);
- if (session == NULL)
- return CKR_SESSION_HANDLE_INVALID;
- crv = sftk_InitGeneric(session,&context,SFTK_HASH,NULL,0,NULL, 0, 0);
- if (crv != CKR_OK) {
- sftk_FreeSession(session);
- return crv;
- }
- #define INIT_MECH(mech,mmm) \
- case mech: { \
- mmm ## Context * mmm ## _ctx = mmm ## _NewContext(); \
- context->cipherInfo = (void *)mmm ## _ctx; \
- context->cipherInfoLen = mmm ## _FlattenSize(mmm ## _ctx); \
- context->currentMech = mech; \
- context->hashUpdate = (SFTKHash) mmm ## _Update; \
- context->end = (SFTKEnd) mmm ## _End; \
- context->destroy = (SFTKDestroy) mmm ## _DestroyContext; \
- context->maxLen = mmm ## _LENGTH; \
- if (mmm ## _ctx) \
- mmm ## _Begin(mmm ## _ctx); \
- else \
- crv = CKR_HOST_MEMORY; \
- break; \
- }
- switch(pMechanism->mechanism) {
- INIT_MECH(CKM_MD2, MD2)
- INIT_MECH(CKM_MD5, MD5)
- INIT_MECH(CKM_SHA_1, SHA1)
- INIT_MECH(CKM_SHA224, SHA224)
- INIT_MECH(CKM_SHA256, SHA256)
- INIT_MECH(CKM_SHA384, SHA384)
- INIT_MECH(CKM_SHA512, SHA512)
- default:
- crv = CKR_MECHANISM_INVALID;
- break;
- }
- if (crv != CKR_OK) {
- sftk_FreeContext(context);
- sftk_FreeSession(session);
- return crv;
- }
- sftk_SetContextByType(session, SFTK_HASH, context);
- sftk_FreeSession(session);
- return CKR_OK;
- }
- /* NSC_Digest digests data in a single part. */
- CK_RV NSC_Digest(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pDigest,
- CK_ULONG_PTR pulDigestLen)
- {
- SFTKSession *session;
- SFTKSessionContext *context;
- unsigned int digestLen;
- unsigned int maxout = *pulDigestLen;
- CK_RV crv;
- CHECK_FORK();
- /* make sure we're legal */
- crv = sftk_GetContext(hSession,&context,SFTK_HASH,PR_FALSE,&session);
- if (crv != CKR_OK) return crv;
- if (pDigest == NULL) {
- *pulDigestLen = context->maxLen;
- goto finish;
- }
- /* do it: */
- (*context->hashUpdate)(context->cipherInfo, pData, ulDataLen);
- /* NOTE: this assumes buf size is bigenough for the algorithm */
- (*context->end)(context->cipherInfo, pDigest, &digestLen,maxout);
- *pulDigestLen = digestLen;
- sftk_TerminateOp( session, SFTK_HASH, context );
- finish:
- sftk_FreeSession(session);
- return CKR_OK;
- }
- /* NSC_DigestUpdate continues a multiple-part message-digesting operation. */
- CK_RV NSC_DigestUpdate(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pPart,
- CK_ULONG ulPartLen)
- {
- SFTKSessionContext *context;
- CK_RV crv;
- CHECK_FORK();
- /* make sure we're legal */
- crv = sftk_GetContext(hSession,&context,SFTK_HASH,PR_TRUE,NULL);
- if (crv != CKR_OK) return crv;
- /* do it: */
- (*context->hashUpdate)(context->cipherInfo, pPart, ulPartLen);
- return CKR_OK;
- }
- /* NSC_DigestFinal finishes a multiple-part message-digesting operation. */
- CK_RV NSC_DigestFinal(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pDigest,
- CK_ULONG_PTR pulDigestLen)
- {
- SFTKSession *session;
- SFTKSessionContext *context;
- unsigned int maxout = *pulDigestLen;
- unsigned int digestLen;
- CK_RV crv;
- CHECK_FORK();
- /* make sure we're legal */
- crv = sftk_GetContext(hSession, &context, SFTK_HASH, PR_TRUE, &session);
- if (crv != CKR_OK) return crv;
- if (pDigest != NULL) {
- (*context->end)(context->cipherInfo, pDigest, &digestLen, maxout);
- *pulDigestLen = digestLen;
- sftk_TerminateOp( session, SFTK_HASH, context );
- } else {
- *pulDigestLen = context->maxLen;
- }
- sftk_FreeSession(session);
- return CKR_OK;
- }
- /*
- * these helper functions are used by Generic Macing and Signing functions
- * that use hashes as part of their operations.
- */
- #define DOSUB(mmm) \
- static CK_RV \
- sftk_doSub ## mmm(SFTKSessionContext *context) { \
- mmm ## Context * mmm ## _ctx = mmm ## _NewContext(); \
- context->hashInfo = (void *) mmm ## _ctx; \
- context->hashUpdate = (SFTKHash) mmm ## _Update; \
- context->end = (SFTKEnd) mmm ## _End; \
- context->hashdestroy = (SFTKDestroy) mmm ## _DestroyContext; \
- if (!context->hashInfo) { \
- return CKR_HOST_MEMORY; \
- } \
- mmm ## _Begin( mmm ## _ctx ); \
- return CKR_OK; \
- }
- DOSUB(MD2)
- DOSUB(MD5)
- DOSUB(SHA1)
- DOSUB(SHA224)
- DOSUB(SHA256)
- DOSUB(SHA384)
- DOSUB(SHA512)
- /*
- * HMAC General copies only a portion of the result. This update routine likes
- * the final HMAC output with the signature.
- */
- static SECStatus
- sftk_HMACCopy(CK_ULONG *copyLen,unsigned char *sig,unsigned int *sigLen,
- unsigned int maxLen,unsigned char *hash, unsigned int hashLen)
- {
- if (maxLen < *copyLen) return SECFailure;
- PORT_Memcpy(sig,hash,*copyLen);
- *sigLen = *copyLen;
- return SECSuccess;
- }
- /* Verify is just a compare for HMAC */
- static SECStatus
- sftk_HMACCmp(CK_ULONG *copyLen,unsigned char *sig,unsigned int sigLen,
- unsigned char *hash, unsigned int hashLen)
- {
- return (PORT_Memcmp(sig,hash,*copyLen) == 0) ? SECSuccess : SECFailure ;
- }
- /*
- * common HMAC initalization routine
- */
- static CK_RV
- sftk_doHMACInit(SFTKSessionContext *context,HASH_HashType hash,
- SFTKObject *key, CK_ULONG mac_size)
- {
- SFTKAttribute *keyval;
- HMACContext *HMACcontext;
- CK_ULONG *intpointer;
- const SECHashObject *hashObj = HASH_GetRawHashObject(hash);
- PRBool isFIPS = (key->slot->slotID == FIPS_SLOT_ID);
- /* required by FIPS 198 Section 4 */
- if (isFIPS && (mac_size < 4 || mac_size < hashObj->length/2)) {
- return CKR_BUFFER_TOO_SMALL;
- }
- keyval = sftk_FindAttribute(key,CKA_VALUE);
- if (keyval == NULL) return CKR_KEY_SIZE_RANGE;
- HMACcontext = HMAC_Create(hashObj,
- (const unsigned char*)keyval->attrib.pValue,
- keyval->attrib.ulValueLen, isFIPS);
- context->hashInfo = HMACcontext;
- context->multi = PR_TRUE;
- sftk_FreeAttribute(keyval);
- if (context->hashInfo == NULL) {
- if (PORT_GetError() == SEC_ERROR_INVALID_ARGS) {
- return CKR_KEY_SIZE_RANGE;
- }
- return CKR_HOST_MEMORY;
- }
- context->hashUpdate = (SFTKHash) HMAC_Update;
- context->end = (SFTKEnd) HMAC_Finish;
- context->hashdestroy = (SFTKDestroy) HMAC_Destroy;
- intpointer = (CK_ULONG *) PORT_Alloc(sizeof(CK_ULONG));
- if (intpointer == NULL) {
- return CKR_HOST_MEMORY;
- }
- *intpointer = mac_size;
- context->cipherInfo = (void *) intpointer;
- context->destroy = (SFTKDestroy) sftk_Space;
- context->update = (SFTKCipher) sftk_HMACCopy;
- context->verify = (SFTKVerify) sftk_HMACCmp;
- context->maxLen = hashObj->length;
- HMAC_Begin(HMACcontext);
- return CKR_OK;
- }
- /*
- * SSL Macing support. SSL Macs are inited, then update with the base
- * hashing algorithm, then finalized in sign and verify
- */
- /*
- * FROM SSL:
- * 60 bytes is 3 times the maximum length MAC size that is supported.
- * We probably should have one copy of this table. We still need this table
- * in ssl to 'sign' the handshake hashes.
- */
- static unsigned char ssl_pad_1 [60] = {
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36
- };
- static unsigned char ssl_pad_2 [60] = {
- 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
- 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
- 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
- 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
- 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
- 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
- 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
- 0x5c, 0x5c, 0x5c, 0x5c
- };
- static SECStatus
- sftk_SSLMACSign(SFTKSSLMACInfo *info,unsigned char *sig,unsigned int *sigLen,
- unsigned int maxLen,unsigned char *hash, unsigned int hashLen)
- {
- unsigned char tmpBuf[SFTK_MAX_MAC_LENGTH];
- unsigned int out;
- info->begin(info->hashContext);
- info->update(info->hashContext,info->key,info->keySize);
- info->update(info->hashContext,ssl_pad_2,info->padSize);
- info->update(info->hashContext,hash,hashLen);
- info->end(info->hashContext,tmpBuf,&out,SFTK_MAX_MAC_LENGTH);
- PORT_Memcpy(sig,tmpBuf,info->macSize);
- *sigLen = info->macSize;
- return SECSuccess;
- }
- static SECStatus
- sftk_SSLMACVerify(SFTKSSLMACInfo *info,unsigned char *sig,unsigned int sigLen,
- unsigned char *hash, unsigned int hashLen)
- {
- unsigned char tmpBuf[SFTK_MAX_MAC_LENGTH];
- unsigned int out;
- info->begin(info->hashContext);
- info->update(info->hashContext,info->key,info->keySize);
- info->update(info->hashContext,ssl_pad_2,info->padSize);
- info->update(info->hashContext,hash,hashLen);
- info->end(info->hashContext,tmpBuf,&out,SFTK_MAX_MAC_LENGTH);
- return (PORT_Memcmp(sig,tmpBuf,info->macSize) == 0) ?
- SECSuccess : SECFailure;
- }
- /*
- * common HMAC initalization routine
- */
- static CK_RV
- sftk_doSSLMACInit(SFTKSessionContext *context,SECOidTag oid,
- SFTKObject *key, CK_ULONG mac_size)
- {
- SFTKAttribute *keyval;
- SFTKBegin begin;
- int padSize;
- SFTKSSLMACInfo *sslmacinfo;
- CK_RV crv = CKR_MECHANISM_INVALID;
- if (oid == SEC_OID_SHA1) {
- crv = sftk_doSubSHA1(context);
- if (crv != CKR_OK) return crv;
- begin = (SFTKBegin) SHA1_Begin;
- padSize = 40;
- } else {
- crv = sftk_doSubMD5(context);
- if (crv != CKR_OK) return crv;
- begin = (SFTKBegin) MD5_Begin;
- padSize = 48;
- }
- context->multi = PR_TRUE;
- keyval = sftk_FindAttribute(key,CKA_VALUE);
- if (keyval == NULL) return CKR_KEY_SIZE_RANGE;
- context->hashUpdate(context->hashInfo,keyval->attrib.pValue,
- keyval->attrib.ulValueLen);
- context->hashUpdate(context->hashInfo,ssl_pad_1,padSize);
- sslmacinfo = (SFTKSSLMACInfo *) PORT_Alloc(sizeof(SFTKSSLMACInfo));
- if (sslmacinfo == NULL) {
- sftk_FreeAttribute(keyval);
- return CKR_HOST_MEMORY;
- }
- sslmacinfo->macSize = mac_size;
- sslmacinfo->hashContext = context->hashInfo;
- PORT_Memcpy(sslmacinfo->key,keyval->attrib.pValue,
- keyval->attrib.ulValueLen);
- sslmacinfo->keySize = keyval->attrib.ulValueLen;
- sslmacinfo->begin = begin;
- sslmacinfo->end = context->end;
- sslmacinfo->update = context->hashUpdate;
- sslmacinfo->padSize = padSize;
- sftk_FreeAttribute(keyval);
- context->cipherInfo = (void *) sslmacinfo;
- context->destroy = (SFTKDestroy) sftk_Space;
- context->update = (SFTKCipher) sftk_SSLMACSign;
- context->verify = (SFTKVerify) sftk_SSLMACVerify;
- context->maxLen = mac_size;
- return CKR_OK;
- }
- /*
- ************** Crypto Functions: Sign ************************
- */
- /**
- * Check if We're using CBCMacing and initialize the session context if we are.
- * @param contextType SFTK_SIGN or SFTK_VERIFY
- * @param keyUsage check whether key allows this usage
- */
- static CK_RV
- sftk_InitCBCMac(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hKey, CK_ATTRIBUTE_TYPE keyUsage,
- SFTKContextType contextType)
-
- {
- CK_MECHANISM cbc_mechanism;
- CK_ULONG mac_bytes = SFTK_INVALID_MAC_SIZE;
- CK_RC2_CBC_PARAMS rc2_params;
- #if NSS_SOFTOKEN_DOES_RC5
- CK_RC5_CBC_PARAMS rc5_params;
- CK_RC5_MAC_GENERAL_PARAMS *rc5_mac;
- #endif
- unsigned char ivBlock[SFTK_MAX_BLOCK_SIZE];
- SFTKSessionContext *context;
- CK_RV crv;
- unsigned int blockSize;
- switch (pMechanism->mechanism) {
- case CKM_RC2_MAC_GENERAL:
- mac_bytes =
- ((CK_RC2_MAC_GENERAL_PARAMS *)pMechanism->pParameter)->ulMacLength;
- /* fall through */
- case CKM_RC2_MAC:
- /* this works because ulEffectiveBits is in t…