| /* This Source Code Form is subject to the terms of the Mozilla Public |
| * License, v. 2.0. If a copy of the MPL was not distributed with this |
| * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| /* |
| * This file contains functions to manage asymetric keys, (public and |
| * private keys). |
| */ |
| #include <stddef.h> |
| |
| #include "seccomon.h" |
| #include "secmod.h" |
| #include "secmodi.h" |
| #include "secmodti.h" |
| #include "pkcs11.h" |
| #include "pkcs11t.h" |
| #include "pk11func.h" |
| #include "cert.h" |
| #include "keyhi.h" |
| #include "keyi.h" |
| #include "secitem.h" |
| #include "secasn1.h" |
| #include "secoid.h" |
| #include "secerr.h" |
| #include "sechash.h" |
| |
| #include "secpkcs5.h" |
| #include "blapit.h" |
| |
| static SECItem * |
| pk11_MakeIDFromPublicKey(SECKEYPublicKey *pubKey) |
| { |
| /* set the ID to the public key so we can find it again */ |
| SECItem *pubKeyIndex = NULL; |
| switch (pubKey->keyType) { |
| case rsaKey: |
| pubKeyIndex = &pubKey->u.rsa.modulus; |
| break; |
| case dsaKey: |
| pubKeyIndex = &pubKey->u.dsa.publicValue; |
| break; |
| case dhKey: |
| pubKeyIndex = &pubKey->u.dh.publicValue; |
| break; |
| case ecKey: |
| pubKeyIndex = &pubKey->u.ec.publicValue; |
| break; |
| default: |
| return NULL; |
| } |
| PORT_Assert(pubKeyIndex != NULL); |
| |
| return PK11_MakeIDFromPubKey(pubKeyIndex); |
| } |
| |
| /* |
| * import a public key into the desired slot |
| * |
| * This function takes a public key structure and creates a public key in a |
| * given slot. If isToken is set, then a persistant public key is created. |
| * |
| * Note: it is possible for this function to return a handle for a key which |
| * is persistant, even if isToken is not set. |
| */ |
| CK_OBJECT_HANDLE |
| PK11_ImportPublicKey(PK11SlotInfo *slot, SECKEYPublicKey *pubKey, |
| PRBool isToken) |
| { |
| CK_BBOOL cktrue = CK_TRUE; |
| CK_BBOOL ckfalse = CK_FALSE; |
| CK_OBJECT_CLASS keyClass = CKO_PUBLIC_KEY; |
| CK_KEY_TYPE keyType = CKK_GENERIC_SECRET; |
| CK_OBJECT_HANDLE objectID; |
| CK_ATTRIBUTE theTemplate[11]; |
| CK_ATTRIBUTE *signedattr = NULL; |
| CK_ATTRIBUTE *attrs = theTemplate; |
| SECItem *ckaId = NULL; |
| SECItem *pubValue = NULL; |
| int signedcount = 0; |
| unsigned int templateCount = 0; |
| SECStatus rv; |
| |
| /* if we already have an object in the desired slot, use it */ |
| if (!isToken && pubKey->pkcs11Slot == slot) { |
| return pubKey->pkcs11ID; |
| } |
| |
| /* free the existing key */ |
| if (pubKey->pkcs11Slot != NULL) { |
| PK11SlotInfo *oSlot = pubKey->pkcs11Slot; |
| if (!PK11_IsPermObject(pubKey->pkcs11Slot, pubKey->pkcs11ID)) { |
| PK11_EnterSlotMonitor(oSlot); |
| (void)PK11_GETTAB(oSlot)->C_DestroyObject(oSlot->session, |
| pubKey->pkcs11ID); |
| PK11_ExitSlotMonitor(oSlot); |
| } |
| PK11_FreeSlot(oSlot); |
| pubKey->pkcs11Slot = NULL; |
| } |
| PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, sizeof(keyClass)); |
| attrs++; |
| PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof(keyType)); |
| attrs++; |
| PK11_SETATTRS(attrs, CKA_TOKEN, isToken ? &cktrue : &ckfalse, |
| sizeof(CK_BBOOL)); |
| attrs++; |
| if (isToken) { |
| ckaId = pk11_MakeIDFromPublicKey(pubKey); |
| if (ckaId == NULL) { |
| PORT_SetError(SEC_ERROR_BAD_KEY); |
| return CK_INVALID_HANDLE; |
| } |
| PK11_SETATTRS(attrs, CKA_ID, ckaId->data, ckaId->len); |
| attrs++; |
| } |
| |
| /* now import the key */ |
| { |
| switch (pubKey->keyType) { |
| case rsaKey: |
| keyType = CKK_RSA; |
| PK11_SETATTRS(attrs, CKA_WRAP, &cktrue, sizeof(CK_BBOOL)); |
| attrs++; |
| PK11_SETATTRS(attrs, CKA_ENCRYPT, &cktrue, |
| sizeof(CK_BBOOL)); |
| attrs++; |
| PK11_SETATTRS(attrs, CKA_VERIFY, &cktrue, sizeof(CK_BBOOL)); |
| attrs++; |
| signedattr = attrs; |
| PK11_SETATTRS(attrs, CKA_MODULUS, pubKey->u.rsa.modulus.data, |
| pubKey->u.rsa.modulus.len); |
| attrs++; |
| PK11_SETATTRS(attrs, CKA_PUBLIC_EXPONENT, |
| pubKey->u.rsa.publicExponent.data, |
| pubKey->u.rsa.publicExponent.len); |
| attrs++; |
| break; |
| case dsaKey: |
| keyType = CKK_DSA; |
| PK11_SETATTRS(attrs, CKA_VERIFY, &cktrue, sizeof(CK_BBOOL)); |
| attrs++; |
| signedattr = attrs; |
| PK11_SETATTRS(attrs, CKA_PRIME, pubKey->u.dsa.params.prime.data, |
| pubKey->u.dsa.params.prime.len); |
| attrs++; |
| PK11_SETATTRS(attrs, CKA_SUBPRIME, pubKey->u.dsa.params.subPrime.data, |
| pubKey->u.dsa.params.subPrime.len); |
| attrs++; |
| PK11_SETATTRS(attrs, CKA_BASE, pubKey->u.dsa.params.base.data, |
| pubKey->u.dsa.params.base.len); |
| attrs++; |
| PK11_SETATTRS(attrs, CKA_VALUE, pubKey->u.dsa.publicValue.data, |
| pubKey->u.dsa.publicValue.len); |
| attrs++; |
| break; |
| case fortezzaKey: |
| keyType = CKK_DSA; |
| PK11_SETATTRS(attrs, CKA_VERIFY, &cktrue, sizeof(CK_BBOOL)); |
| attrs++; |
| signedattr = attrs; |
| PK11_SETATTRS(attrs, CKA_PRIME, pubKey->u.fortezza.params.prime.data, |
| pubKey->u.fortezza.params.prime.len); |
| attrs++; |
| PK11_SETATTRS(attrs, CKA_SUBPRIME, |
| pubKey->u.fortezza.params.subPrime.data, |
| pubKey->u.fortezza.params.subPrime.len); |
| attrs++; |
| PK11_SETATTRS(attrs, CKA_BASE, pubKey->u.fortezza.params.base.data, |
| pubKey->u.fortezza.params.base.len); |
| attrs++; |
| PK11_SETATTRS(attrs, CKA_VALUE, pubKey->u.fortezza.DSSKey.data, |
| pubKey->u.fortezza.DSSKey.len); |
| attrs++; |
| break; |
| case dhKey: |
| keyType = CKK_DH; |
| PK11_SETATTRS(attrs, CKA_DERIVE, &cktrue, sizeof(CK_BBOOL)); |
| attrs++; |
| signedattr = attrs; |
| PK11_SETATTRS(attrs, CKA_PRIME, pubKey->u.dh.prime.data, |
| pubKey->u.dh.prime.len); |
| attrs++; |
| PK11_SETATTRS(attrs, CKA_BASE, pubKey->u.dh.base.data, |
| pubKey->u.dh.base.len); |
| attrs++; |
| PK11_SETATTRS(attrs, CKA_VALUE, pubKey->u.dh.publicValue.data, |
| pubKey->u.dh.publicValue.len); |
| attrs++; |
| break; |
| case ecKey: |
| keyType = CKK_EC; |
| PK11_SETATTRS(attrs, CKA_VERIFY, &cktrue, sizeof(CK_BBOOL)); |
| attrs++; |
| PK11_SETATTRS(attrs, CKA_DERIVE, &cktrue, sizeof(CK_BBOOL)); |
| attrs++; |
| PK11_SETATTRS(attrs, CKA_EC_PARAMS, |
| pubKey->u.ec.DEREncodedParams.data, |
| pubKey->u.ec.DEREncodedParams.len); |
| attrs++; |
| if (PR_GetEnvSecure("NSS_USE_DECODED_CKA_EC_POINT")) { |
| PK11_SETATTRS(attrs, CKA_EC_POINT, |
| pubKey->u.ec.publicValue.data, |
| pubKey->u.ec.publicValue.len); |
| attrs++; |
| } else { |
| pubValue = SEC_ASN1EncodeItem(NULL, NULL, |
| &pubKey->u.ec.publicValue, |
| SEC_ASN1_GET(SEC_OctetStringTemplate)); |
| if (pubValue == NULL) { |
| if (ckaId) { |
| SECITEM_FreeItem(ckaId, PR_TRUE); |
| } |
| return CK_INVALID_HANDLE; |
| } |
| PK11_SETATTRS(attrs, CKA_EC_POINT, |
| pubValue->data, pubValue->len); |
| attrs++; |
| } |
| break; |
| default: |
| if (ckaId) { |
| SECITEM_FreeItem(ckaId, PR_TRUE); |
| } |
| PORT_SetError(SEC_ERROR_BAD_KEY); |
| return CK_INVALID_HANDLE; |
| } |
| templateCount = attrs - theTemplate; |
| PORT_Assert(templateCount <= (sizeof(theTemplate) / sizeof(CK_ATTRIBUTE))); |
| if (pubKey->keyType != ecKey) { |
| PORT_Assert(signedattr); |
| signedcount = attrs - signedattr; |
| for (attrs = signedattr; signedcount; attrs++, signedcount--) { |
| pk11_SignedToUnsigned(attrs); |
| } |
| } |
| rv = PK11_CreateNewObject(slot, CK_INVALID_HANDLE, theTemplate, |
| templateCount, isToken, &objectID); |
| if (ckaId) { |
| SECITEM_FreeItem(ckaId, PR_TRUE); |
| } |
| if (pubValue) { |
| SECITEM_FreeItem(pubValue, PR_TRUE); |
| } |
| if (rv != SECSuccess) { |
| return CK_INVALID_HANDLE; |
| } |
| } |
| |
| pubKey->pkcs11ID = objectID; |
| pubKey->pkcs11Slot = PK11_ReferenceSlot(slot); |
| |
| return objectID; |
| } |
| |
| /* |
| * take an attribute and copy it into a secitem |
| */ |
| static CK_RV |
| pk11_Attr2SecItem(PLArenaPool *arena, const CK_ATTRIBUTE *attr, SECItem *item) |
| { |
| item->data = NULL; |
| |
| (void)SECITEM_AllocItem(arena, item, attr->ulValueLen); |
| if (item->data == NULL) { |
| return CKR_HOST_MEMORY; |
| } |
| PORT_Memcpy(item->data, attr->pValue, item->len); |
| return CKR_OK; |
| } |
| |
| /* |
| * get a curve length from a set of ecParams. |
| * |
| * We need this so we can reliably determine if the ecPoint passed to us |
| * was encoded or not. With out this, for many curves, we would incorrectly |
| * identify an unencoded curve as an encoded curve 1 in 65536 times, and for |
| * a few we would make that same mistake 1 in 32768 times. These are bad |
| * numbers since they are rare enough to pass tests, but common enough to |
| * be tripped over in the field. |
| * |
| * This function will only work for curves we recognized as of March 2009. |
| * The assumption is curves in use after March of 2009 would be supplied by |
| * PKCS #11 modules that already pass the correct encoding to us. |
| * |
| * Point length = (Roundup(curveLenInBits/8)*2+1) |
| */ |
| static int |
| pk11_get_EC_PointLenInBytes(PLArenaPool *arena, const SECItem *ecParams, |
| PRBool *plain) |
| { |
| SECItem oid; |
| SECOidTag tag; |
| SECStatus rv; |
| |
| /* decode the OID tag */ |
| rv = SEC_QuickDERDecodeItem(arena, &oid, |
| SEC_ASN1_GET(SEC_ObjectIDTemplate), ecParams); |
| if (rv != SECSuccess) { |
| /* could be explict curves, allow them to work if the |
| * PKCS #11 module support them. If we try to parse the |
| * explicit curve value in the future, we may return -1 here |
| * to indicate an invalid parameter if the explicit curve |
| * decode fails. */ |
| return 0; |
| } |
| |
| *plain = PR_FALSE; |
| tag = SECOID_FindOIDTag(&oid); |
| switch (tag) { |
| case SEC_OID_SECG_EC_SECP112R1: |
| case SEC_OID_SECG_EC_SECP112R2: |
| return 29; /* curve len in bytes = 14 bytes */ |
| case SEC_OID_SECG_EC_SECT113R1: |
| case SEC_OID_SECG_EC_SECT113R2: |
| return 31; /* curve len in bytes = 15 bytes */ |
| case SEC_OID_SECG_EC_SECP128R1: |
| case SEC_OID_SECG_EC_SECP128R2: |
| return 33; /* curve len in bytes = 16 bytes */ |
| case SEC_OID_SECG_EC_SECT131R1: |
| case SEC_OID_SECG_EC_SECT131R2: |
| return 35; /* curve len in bytes = 17 bytes */ |
| case SEC_OID_SECG_EC_SECP160K1: |
| case SEC_OID_SECG_EC_SECP160R1: |
| case SEC_OID_SECG_EC_SECP160R2: |
| return 41; /* curve len in bytes = 20 bytes */ |
| case SEC_OID_SECG_EC_SECT163K1: |
| case SEC_OID_SECG_EC_SECT163R1: |
| case SEC_OID_SECG_EC_SECT163R2: |
| case SEC_OID_ANSIX962_EC_C2PNB163V1: |
| case SEC_OID_ANSIX962_EC_C2PNB163V2: |
| case SEC_OID_ANSIX962_EC_C2PNB163V3: |
| return 43; /* curve len in bytes = 21 bytes */ |
| case SEC_OID_ANSIX962_EC_C2PNB176V1: |
| return 45; /* curve len in bytes = 22 bytes */ |
| case SEC_OID_ANSIX962_EC_C2TNB191V1: |
| case SEC_OID_ANSIX962_EC_C2TNB191V2: |
| case SEC_OID_ANSIX962_EC_C2TNB191V3: |
| case SEC_OID_SECG_EC_SECP192K1: |
| case SEC_OID_ANSIX962_EC_PRIME192V1: |
| case SEC_OID_ANSIX962_EC_PRIME192V2: |
| case SEC_OID_ANSIX962_EC_PRIME192V3: |
| return 49; /*curve len in bytes = 24 bytes */ |
| case SEC_OID_SECG_EC_SECT193R1: |
| case SEC_OID_SECG_EC_SECT193R2: |
| return 51; /*curve len in bytes = 25 bytes */ |
| case SEC_OID_ANSIX962_EC_C2PNB208W1: |
| return 53; /*curve len in bytes = 26 bytes */ |
| case SEC_OID_SECG_EC_SECP224K1: |
| case SEC_OID_SECG_EC_SECP224R1: |
| return 57; /*curve len in bytes = 28 bytes */ |
| case SEC_OID_SECG_EC_SECT233K1: |
| case SEC_OID_SECG_EC_SECT233R1: |
| case SEC_OID_SECG_EC_SECT239K1: |
| case SEC_OID_ANSIX962_EC_PRIME239V1: |
| case SEC_OID_ANSIX962_EC_PRIME239V2: |
| case SEC_OID_ANSIX962_EC_PRIME239V3: |
| case SEC_OID_ANSIX962_EC_C2TNB239V1: |
| case SEC_OID_ANSIX962_EC_C2TNB239V2: |
| case SEC_OID_ANSIX962_EC_C2TNB239V3: |
| return 61; /*curve len in bytes = 30 bytes */ |
| case SEC_OID_ANSIX962_EC_PRIME256V1: |
| case SEC_OID_SECG_EC_SECP256K1: |
| return 65; /*curve len in bytes = 32 bytes */ |
| case SEC_OID_ANSIX962_EC_C2PNB272W1: |
| return 69; /*curve len in bytes = 34 bytes */ |
| case SEC_OID_SECG_EC_SECT283K1: |
| case SEC_OID_SECG_EC_SECT283R1: |
| return 73; /*curve len in bytes = 36 bytes */ |
| case SEC_OID_ANSIX962_EC_C2PNB304W1: |
| return 77; /*curve len in bytes = 38 bytes */ |
| case SEC_OID_ANSIX962_EC_C2TNB359V1: |
| return 91; /*curve len in bytes = 45 bytes */ |
| case SEC_OID_ANSIX962_EC_C2PNB368W1: |
| return 93; /*curve len in bytes = 46 bytes */ |
| case SEC_OID_SECG_EC_SECP384R1: |
| return 97; /*curve len in bytes = 48 bytes */ |
| case SEC_OID_SECG_EC_SECT409K1: |
| case SEC_OID_SECG_EC_SECT409R1: |
| return 105; /*curve len in bytes = 52 bytes */ |
| case SEC_OID_ANSIX962_EC_C2TNB431R1: |
| return 109; /*curve len in bytes = 54 bytes */ |
| case SEC_OID_SECG_EC_SECP521R1: |
| return 133; /*curve len in bytes = 66 bytes */ |
| case SEC_OID_SECG_EC_SECT571K1: |
| case SEC_OID_SECG_EC_SECT571R1: |
| return 145; /*curve len in bytes = 72 bytes */ |
| case SEC_OID_CURVE25519: |
| *plain = PR_TRUE; |
| return 32; /* curve len in bytes = 32 bytes (only X) */ |
| /* unknown or unrecognized OIDs. return unknown length */ |
| default: |
| break; |
| } |
| return 0; |
| } |
| |
| /* |
| * returns the decoded point. In some cases the point may already be decoded. |
| * this function tries to detect those cases and return the point in |
| * publicKeyValue. In other cases it's DER encoded. In those cases the point |
| * is first decoded and returned. Space for the point is allocated out of |
| * the passed in arena. |
| */ |
| static CK_RV |
| pk11_get_Decoded_ECPoint(PLArenaPool *arena, const SECItem *ecParams, |
| const CK_ATTRIBUTE *ecPoint, SECItem *publicKeyValue) |
| { |
| SECItem encodedPublicValue; |
| SECStatus rv; |
| int keyLen; |
| PRBool plain = PR_FALSE; |
| |
| if (ecPoint->ulValueLen == 0) { |
| return CKR_ATTRIBUTE_VALUE_INVALID; |
| } |
| |
| /* |
| * The PKCS #11 spec requires ecPoints to be encoded as a DER OCTET String. |
| * NSS has mistakenly passed unencoded values, and some PKCS #11 vendors |
| * followed that mistake. Now we need to detect which encoding we were |
| * passed in. The task is made more complicated by the fact the the |
| * DER encoding byte (SEC_ASN_OCTET_STRING) is the same as the |
| * EC_POINT_FORM_UNCOMPRESSED byte (0x04), so we can't use that to |
| * determine which curve we are using. |
| */ |
| |
| /* get the expected key length for the passed in curve. |
| * pk11_get_EC_PointLenInBytes only returns valid values for curves |
| * NSS has traditionally recognized. If the curve is not recognized, |
| * it will return '0', and we have to figure out if the key was |
| * encoded or not heuristically. If the ecParams are invalid, it |
| * will return -1 for the keyLen. |
| */ |
| keyLen = pk11_get_EC_PointLenInBytes(arena, ecParams, &plain); |
| if (keyLen < 0) { |
| return CKR_ATTRIBUTE_VALUE_INVALID; |
| } |
| |
| /* |
| * Some curves are not encoded but we don't have the name here. |
| * Instead, pk11_get_EC_PointLenInBytes returns true plain if this is the |
| * case. |
| */ |
| if (plain && ecPoint->ulValueLen == (unsigned int)keyLen) { |
| return pk11_Attr2SecItem(arena, ecPoint, publicKeyValue); |
| } |
| |
| /* If the point is uncompressed and the lengths match, it |
| * must be an unencoded point */ |
| if ((*((char *)ecPoint->pValue) == EC_POINT_FORM_UNCOMPRESSED) && |
| (ecPoint->ulValueLen == (unsigned int)keyLen)) { |
| return pk11_Attr2SecItem(arena, ecPoint, publicKeyValue); |
| } |
| |
| /* now assume the key passed to us was encoded and decode it */ |
| if (*((char *)ecPoint->pValue) == SEC_ASN1_OCTET_STRING) { |
| /* OK, now let's try to decode it and see if it's valid */ |
| encodedPublicValue.data = ecPoint->pValue; |
| encodedPublicValue.len = ecPoint->ulValueLen; |
| rv = SEC_QuickDERDecodeItem(arena, publicKeyValue, |
| SEC_ASN1_GET(SEC_OctetStringTemplate), &encodedPublicValue); |
| |
| /* it coded correctly & we know the key length (and they match) |
| * then we are done, return the results. */ |
| if (keyLen && rv == SECSuccess && publicKeyValue->len == (unsigned int)keyLen) { |
| return CKR_OK; |
| } |
| |
| /* if we know the key length, one of the above tests should have |
| * succeded. If it doesn't the module gave us bad data */ |
| if (keyLen) { |
| return CKR_ATTRIBUTE_VALUE_INVALID; |
| } |
| |
| /* We don't know the key length, so we don't know deterministically |
| * which encoding was used. We now will try to pick the most likely |
| * form that's correct, with a preference for the encoded form if we |
| * can't determine for sure. We do this by checking the key we got |
| * back from SEC_QuickDERDecodeItem for defects. If no defects are |
| * found, we assume the encoded parameter was was passed to us. |
| * our defect tests include: |
| * 1) it didn't decode. |
| * 2) The decode key had an invalid length (must be odd). |
| * 3) The decoded key wasn't an UNCOMPRESSED key. |
| * 4) The decoded key didn't include the entire encoded block |
| * except the DER encoding values. (fixing DER length to one |
| * particular value). |
| */ |
| if ((rv != SECSuccess) || ((publicKeyValue->len & 1) != 1) || |
| (publicKeyValue->data[0] != EC_POINT_FORM_UNCOMPRESSED) || |
| (PORT_Memcmp(&encodedPublicValue.data[encodedPublicValue.len - publicKeyValue->len], |
| publicKeyValue->data, |
| publicKeyValue->len) != 0)) { |
| /* The decoded public key was flawed, the original key must have |
| * already been in decoded form. Do a quick sanity check then |
| * return the original key value. |
| */ |
| if ((encodedPublicValue.len & 1) == 0) { |
| return CKR_ATTRIBUTE_VALUE_INVALID; |
| } |
| return pk11_Attr2SecItem(arena, ecPoint, publicKeyValue); |
| } |
| |
| /* as best we can figure, the passed in key was encoded, and we've |
| * now decoded it. Note: there is a chance this could be wrong if the |
| * following conditions hold: |
| * 1) The first byte or bytes of the X point looks like a valid length |
| * of precisely the right size (2*curveSize -1). this means for curves |
| * less than 512 bits (64 bytes), this will happen 1 in 256 times*. |
| * for curves between 512 and 1024, this will happen 1 in 65,536 times* |
| * for curves between 1024 and 256K this will happen 1 in 16 million* |
| * 2) The length of the 'DER length field' is odd |
| * (making both the encoded and decode |
| * values an odd length. this is true of all curves less than 512, |
| * as well as curves between 1024 and 256K). |
| * 3) The X[length of the 'DER length field'] == 0x04, 1 in 256. |
| * |
| * (* assuming all values are equally likely in the first byte, |
| * This isn't true if the curve length is not a multiple of 8. In these |
| * cases, if the DER length is possible, it's more likely, |
| * if it's not possible, then we have no false decodes). |
| * |
| * For reference here are the odds for the various curves we currently |
| * have support for (and the only curves SSL will negotiate at this |
| * time). NOTE: None of the supported curves will show up here |
| * because we return a valid length for all of these curves. |
| * The only way to get here is to have some application (not SSL) |
| * which supports some unknown curve and have some vendor supplied |
| * PKCS #11 module support that curve. NOTE: in this case, one |
| * presumes that that pkcs #11 module is likely to be using the |
| * correct encodings. |
| * |
| * Prime Curves (GFp): |
| * Bit False Odds of |
| * Size DER Len False Decode Positive |
| * 112 27 1 in 65536 |
| * 128 31 1 in 65536 |
| * 160 39 1 in 65536 |
| * 192 47 1 in 65536 |
| * 224 55 1 in 65536 |
| * 239 59 1 in 32768 (top byte can only be 0-127) |
| * 256 63 1 in 65536 |
| * 521 129,131 0 (decoded value would be even) |
| * |
| * Binary curves (GF2m). |
| * Bit False Odds of |
| * Size DER Len False Decode Positive |
| * 131 33 0 (top byte can only be 0-7) |
| * 163 41 0 (top byte can only be 0-7) |
| * 176 43 1 in 65536 |
| * 191 47 1 in 32768 (top byte can only be 0-127) |
| * 193 49 0 (top byte can only be 0-1) |
| * 208 51 1 in 65536 |
| * 233 59 0 (top byte can only be 0-1) |
| * 239 59 1 in 32768 (top byte can only be 0-127) |
| * 272 67 1 in 65536 |
| * 283 71 0 (top byte can only be 0-7) |
| * 304 75 1 in 65536 |
| * 359 89 1 in 32768 (top byte can only be 0-127) |
| * 368 91 1 in 65536 |
| * 409 103 0 (top byte can only be 0-1) |
| * 431 107 1 in 32768 (top byte can only be 0-127) |
| * 571 129,143 0 (decoded value would be even) |
| * |
| */ |
| |
| return CKR_OK; |
| } |
| |
| /* In theory, we should handle the case where the curve == 0 and |
| * the first byte is EC_POINT_FORM_UNCOMPRESSED, (which would be |
| * handled by doing a santity check on the key length and returning |
| * pk11_Attr2SecItem() to copy the ecPoint to the publicKeyValue). |
| * |
| * This test is unnecessary, however, due to the fact that |
| * EC_POINT_FORM_UNCOMPRESSED == SEC_ASIN1_OCTET_STRING, that case is |
| * handled in the above if. That means if we get here, the initial |
| * byte of our ecPoint value was invalid, so we can safely return. |
| * invalid attribute. |
| */ |
| |
| return CKR_ATTRIBUTE_VALUE_INVALID; |
| } |
| |
| /* |
| * extract a public key from a slot and id |
| */ |
| SECKEYPublicKey * |
| PK11_ExtractPublicKey(PK11SlotInfo *slot, KeyType keyType, CK_OBJECT_HANDLE id) |
| { |
| CK_OBJECT_CLASS keyClass = CKO_PUBLIC_KEY; |
| PLArenaPool *arena; |
| PLArenaPool *tmp_arena; |
| SECKEYPublicKey *pubKey; |
| unsigned int templateCount = 0; |
| CK_KEY_TYPE pk11KeyType; |
| CK_RV crv; |
| CK_ATTRIBUTE template[8]; |
| CK_ATTRIBUTE *attrs = template; |
| CK_ATTRIBUTE *modulus, *exponent, *base, *prime, *subprime, *value; |
| CK_ATTRIBUTE *ecparams; |
| |
| /* if we didn't know the key type, get it */ |
| if (keyType == nullKey) { |
| |
| pk11KeyType = PK11_ReadULongAttribute(slot, id, CKA_KEY_TYPE); |
| if (pk11KeyType == CK_UNAVAILABLE_INFORMATION) { |
| return NULL; |
| } |
| switch (pk11KeyType) { |
| case CKK_RSA: |
| keyType = rsaKey; |
| break; |
| case CKK_DSA: |
| keyType = dsaKey; |
| break; |
| case CKK_DH: |
| keyType = dhKey; |
| break; |
| case CKK_EC: |
| keyType = ecKey; |
| break; |
| default: |
| PORT_SetError(SEC_ERROR_BAD_KEY); |
| return NULL; |
| } |
| } |
| |
| /* now we need to create space for the public key */ |
| arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); |
| if (arena == NULL) |
| return NULL; |
| tmp_arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); |
| if (tmp_arena == NULL) { |
| PORT_FreeArena(arena, PR_FALSE); |
| return NULL; |
| } |
| |
| pubKey = (SECKEYPublicKey *) |
| PORT_ArenaZAlloc(arena, sizeof(SECKEYPublicKey)); |
| if (pubKey == NULL) { |
| PORT_FreeArena(arena, PR_FALSE); |
| PORT_FreeArena(tmp_arena, PR_FALSE); |
| return NULL; |
| } |
| |
| pubKey->arena = arena; |
| pubKey->keyType = keyType; |
| pubKey->pkcs11Slot = PK11_ReferenceSlot(slot); |
| pubKey->pkcs11ID = id; |
| PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, |
| sizeof(keyClass)); |
| attrs++; |
| PK11_SETATTRS(attrs, CKA_KEY_TYPE, &pk11KeyType, |
| sizeof(pk11KeyType)); |
| attrs++; |
| switch (pubKey->keyType) { |
| case rsaKey: |
| modulus = attrs; |
| PK11_SETATTRS(attrs, CKA_MODULUS, NULL, 0); |
| attrs++; |
| exponent = attrs; |
| PK11_SETATTRS(attrs, CKA_PUBLIC_EXPONENT, NULL, 0); |
| attrs++; |
| |
| templateCount = attrs - template; |
| PR_ASSERT(templateCount <= sizeof(template) / sizeof(CK_ATTRIBUTE)); |
| crv = PK11_GetAttributes(tmp_arena, slot, id, template, templateCount); |
| if (crv != CKR_OK) |
| break; |
| |
| if ((keyClass != CKO_PUBLIC_KEY) || (pk11KeyType != CKK_RSA)) { |
| crv = CKR_OBJECT_HANDLE_INVALID; |
| break; |
| } |
| crv = pk11_Attr2SecItem(arena, modulus, &pubKey->u.rsa.modulus); |
| if (crv != CKR_OK) |
| break; |
| crv = pk11_Attr2SecItem(arena, exponent, &pubKey->u.rsa.publicExponent); |
| if (crv != CKR_OK) |
| break; |
| break; |
| case dsaKey: |
| prime = attrs; |
| PK11_SETATTRS(attrs, CKA_PRIME, NULL, 0); |
| attrs++; |
| subprime = attrs; |
| PK11_SETATTRS(attrs, CKA_SUBPRIME, NULL, 0); |
| attrs++; |
| base = attrs; |
| PK11_SETATTRS(attrs, CKA_BASE, NULL, 0); |
| attrs++; |
| value = attrs; |
| PK11_SETATTRS(attrs, CKA_VALUE, NULL, 0); |
| attrs++; |
| templateCount = attrs - template; |
| PR_ASSERT(templateCount <= sizeof(template) / sizeof(CK_ATTRIBUTE)); |
| crv = PK11_GetAttributes(tmp_arena, slot, id, template, templateCount); |
| if (crv != CKR_OK) |
| break; |
| |
| if ((keyClass != CKO_PUBLIC_KEY) || (pk11KeyType != CKK_DSA)) { |
| crv = CKR_OBJECT_HANDLE_INVALID; |
| break; |
| } |
| crv = pk11_Attr2SecItem(arena, prime, &pubKey->u.dsa.params.prime); |
| if (crv != CKR_OK) |
| break; |
| crv = pk11_Attr2SecItem(arena, subprime, &pubKey->u.dsa.params.subPrime); |
| if (crv != CKR_OK) |
| break; |
| crv = pk11_Attr2SecItem(arena, base, &pubKey->u.dsa.params.base); |
| if (crv != CKR_OK) |
| break; |
| crv = pk11_Attr2SecItem(arena, value, &pubKey->u.dsa.publicValue); |
| if (crv != CKR_OK) |
| break; |
| break; |
| case dhKey: |
| prime = attrs; |
| PK11_SETATTRS(attrs, CKA_PRIME, NULL, 0); |
| attrs++; |
| base = attrs; |
| PK11_SETATTRS(attrs, CKA_BASE, NULL, 0); |
| attrs++; |
| value = attrs; |
| PK11_SETATTRS(attrs, CKA_VALUE, NULL, 0); |
| attrs++; |
| templateCount = attrs - template; |
| PR_ASSERT(templateCount <= sizeof(template) / sizeof(CK_ATTRIBUTE)); |
| crv = PK11_GetAttributes(tmp_arena, slot, id, template, templateCount); |
| if (crv != CKR_OK) |
| break; |
| |
| if ((keyClass != CKO_PUBLIC_KEY) || (pk11KeyType != CKK_DH)) { |
| crv = CKR_OBJECT_HANDLE_INVALID; |
| break; |
| } |
| crv = pk11_Attr2SecItem(arena, prime, &pubKey->u.dh.prime); |
| if (crv != CKR_OK) |
| break; |
| crv = pk11_Attr2SecItem(arena, base, &pubKey->u.dh.base); |
| if (crv != CKR_OK) |
| break; |
| crv = pk11_Attr2SecItem(arena, value, &pubKey->u.dh.publicValue); |
| if (crv != CKR_OK) |
| break; |
| break; |
| case ecKey: |
| pubKey->u.ec.size = 0; |
| ecparams = attrs; |
| PK11_SETATTRS(attrs, CKA_EC_PARAMS, NULL, 0); |
| attrs++; |
| value = attrs; |
| PK11_SETATTRS(attrs, CKA_EC_POINT, NULL, 0); |
| attrs++; |
| templateCount = attrs - template; |
| PR_ASSERT(templateCount <= sizeof(template) / sizeof(CK_ATTRIBUTE)); |
| crv = PK11_GetAttributes(arena, slot, id, template, templateCount); |
| if (crv != CKR_OK) |
| break; |
| |
| if ((keyClass != CKO_PUBLIC_KEY) || (pk11KeyType != CKK_EC)) { |
| crv = CKR_OBJECT_HANDLE_INVALID; |
| break; |
| } |
| |
| crv = pk11_Attr2SecItem(arena, ecparams, |
| &pubKey->u.ec.DEREncodedParams); |
| if (crv != CKR_OK) |
| break; |
| pubKey->u.ec.encoding = ECPoint_Undefined; |
| crv = pk11_get_Decoded_ECPoint(arena, |
| &pubKey->u.ec.DEREncodedParams, value, |
| &pubKey->u.ec.publicValue); |
| break; |
| case fortezzaKey: |
| case nullKey: |
| default: |
| crv = CKR_OBJECT_HANDLE_INVALID; |
| break; |
| } |
| |
| PORT_FreeArena(tmp_arena, PR_FALSE); |
| |
| if (crv != CKR_OK) { |
| PORT_FreeArena(arena, PR_FALSE); |
| PK11_FreeSlot(slot); |
| PORT_SetError(PK11_MapError(crv)); |
| return NULL; |
| } |
| |
| return pubKey; |
| } |
| |
| /* |
| * Build a Private Key structure from raw PKCS #11 information. |
| */ |
| SECKEYPrivateKey * |
| PK11_MakePrivKey(PK11SlotInfo *slot, KeyType keyType, |
| PRBool isTemp, CK_OBJECT_HANDLE privID, void *wincx) |
| { |
| PLArenaPool *arena; |
| SECKEYPrivateKey *privKey; |
| PRBool isPrivate; |
| SECStatus rv; |
| |
| /* don't know? look it up */ |
| if (keyType == nullKey) { |
| CK_KEY_TYPE pk11Type = CKK_RSA; |
| |
| pk11Type = PK11_ReadULongAttribute(slot, privID, CKA_KEY_TYPE); |
| isTemp = (PRBool)!PK11_HasAttributeSet(slot, privID, CKA_TOKEN, PR_FALSE); |
| switch (pk11Type) { |
| case CKK_RSA: |
| keyType = rsaKey; |
| break; |
| case CKK_DSA: |
| keyType = dsaKey; |
| break; |
| case CKK_DH: |
| keyType = dhKey; |
| break; |
| case CKK_KEA: |
| keyType = fortezzaKey; |
| break; |
| case CKK_EC: |
| keyType = ecKey; |
| break; |
| default: |
| break; |
| } |
| } |
| |
| /* if the key is private, make sure we are authenticated to the |
| * token before we try to use it */ |
| isPrivate = (PRBool)PK11_HasAttributeSet(slot, privID, CKA_PRIVATE, PR_FALSE); |
| if (isPrivate) { |
| rv = PK11_Authenticate(slot, PR_TRUE, wincx); |
| if (rv != SECSuccess) { |
| return NULL; |
| } |
| } |
| |
| /* now we need to create space for the private key */ |
| arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); |
| if (arena == NULL) |
| return NULL; |
| |
| privKey = (SECKEYPrivateKey *) |
| PORT_ArenaZAlloc(arena, sizeof(SECKEYPrivateKey)); |
| if (privKey == NULL) { |
| PORT_FreeArena(arena, PR_FALSE); |
| return NULL; |
| } |
| |
| privKey->arena = arena; |
| privKey->keyType = keyType; |
| privKey->pkcs11Slot = PK11_ReferenceSlot(slot); |
| privKey->pkcs11ID = privID; |
| privKey->pkcs11IsTemp = isTemp; |
| privKey->wincx = wincx; |
| |
| return privKey; |
| } |
| |
| PK11SlotInfo * |
| PK11_GetSlotFromPrivateKey(SECKEYPrivateKey *key) |
| { |
| PK11SlotInfo *slot = key->pkcs11Slot; |
| slot = PK11_ReferenceSlot(slot); |
| return slot; |
| } |
| |
| /* |
| * Get the modulus length for raw parsing |
| */ |
| int |
| PK11_GetPrivateModulusLen(SECKEYPrivateKey *key) |
| { |
| CK_ATTRIBUTE theTemplate = { CKA_MODULUS, NULL, 0 }; |
| PK11SlotInfo *slot = key->pkcs11Slot; |
| CK_RV crv; |
| int length; |
| |
| switch (key->keyType) { |
| case rsaKey: |
| crv = PK11_GetAttributes(NULL, slot, key->pkcs11ID, &theTemplate, 1); |
| if (crv != CKR_OK) { |
| PORT_SetError(PK11_MapError(crv)); |
| return -1; |
| } |
| if (theTemplate.pValue == NULL) { |
| PORT_SetError(PK11_MapError(CKR_ATTRIBUTE_VALUE_INVALID)); |
| return -1; |
| } |
| length = theTemplate.ulValueLen; |
| if (*(unsigned char *)theTemplate.pValue == 0) { |
| length--; |
| } |
| PORT_Free(theTemplate.pValue); |
| return (int)length; |
| |
| case fortezzaKey: |
| case dsaKey: |
| case dhKey: |
| default: |
| break; |
| } |
| if (theTemplate.pValue != NULL) |
| PORT_Free(theTemplate.pValue); |
| PORT_SetError(SEC_ERROR_INVALID_KEY); |
| return -1; |
| } |
| |
| /* |
| * take a private key in one pkcs11 module and load it into another: |
| * NOTE: the source private key is a rare animal... it can't be sensitive. |
| * This is used to do a key gen using one pkcs11 module and storing the |
| * result into another. |
| */ |
| static SECKEYPrivateKey * |
| pk11_loadPrivKeyWithFlags(PK11SlotInfo *slot, SECKEYPrivateKey *privKey, |
| SECKEYPublicKey *pubKey, PK11AttrFlags attrFlags) |
| { |
| CK_ATTRIBUTE privTemplate[] = { |
| /* class must be first */ |
| { CKA_CLASS, NULL, 0 }, |
| { CKA_KEY_TYPE, NULL, 0 }, |
| { CKA_ID, NULL, 0 }, |
| /* RSA - the attributes below will be replaced for other |
| * key types. |
| */ |
| { CKA_MODULUS, NULL, 0 }, |
| { CKA_PRIVATE_EXPONENT, NULL, 0 }, |
| { CKA_PUBLIC_EXPONENT, NULL, 0 }, |
| { CKA_PRIME_1, NULL, 0 }, |
| { CKA_PRIME_2, NULL, 0 }, |
| { CKA_EXPONENT_1, NULL, 0 }, |
| { CKA_EXPONENT_2, NULL, 0 }, |
| { CKA_COEFFICIENT, NULL, 0 }, |
| { CKA_DECRYPT, NULL, 0 }, |
| { CKA_DERIVE, NULL, 0 }, |
| { CKA_SIGN, NULL, 0 }, |
| { CKA_SIGN_RECOVER, NULL, 0 }, |
| { CKA_UNWRAP, NULL, 0 }, |
| /* reserve space for the attributes that may be |
| * specified in attrFlags */ |
| { CKA_TOKEN, NULL, 0 }, |
| { CKA_PRIVATE, NULL, 0 }, |
| { CKA_MODIFIABLE, NULL, 0 }, |
| { CKA_SENSITIVE, NULL, 0 }, |
| { CKA_EXTRACTABLE, NULL, 0 }, |
| #define NUM_RESERVED_ATTRS 5 /* number of reserved attributes above */ |
| }; |
| CK_BBOOL cktrue = CK_TRUE; |
| CK_BBOOL ckfalse = CK_FALSE; |
| CK_ATTRIBUTE *attrs = NULL, *ap; |
| const int templateSize = sizeof(privTemplate) / sizeof(privTemplate[0]); |
| PLArenaPool *arena; |
| CK_OBJECT_HANDLE objectID; |
| int i, count = 0; |
| int extra_count = 0; |
| CK_RV crv; |
| SECStatus rv; |
| PRBool token = ((attrFlags & PK11_ATTR_TOKEN) != 0); |
| |
| if (pk11_BadAttrFlags(attrFlags)) { |
| PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| return NULL; |
| } |
| |
| for (i = 0; i < templateSize; i++) { |
| if (privTemplate[i].type == CKA_MODULUS) { |
| attrs = &privTemplate[i]; |
| count = i; |
| break; |
| } |
| } |
| PORT_Assert(attrs != NULL); |
| if (attrs == NULL) { |
| PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); |
| return NULL; |
| } |
| |
| ap = attrs; |
| |
| switch (privKey->keyType) { |
| case rsaKey: |
| count = templateSize - NUM_RESERVED_ATTRS; |
| extra_count = count - (attrs - privTemplate); |
| break; |
| case dsaKey: |
| ap->type = CKA_PRIME; |
| ap++; |
| count++; |
| extra_count++; |
| ap->type = CKA_SUBPRIME; |
| ap++; |
| count++; |
| extra_count++; |
| ap->type = CKA_BASE; |
| ap++; |
| count++; |
| extra_count++; |
| ap->type = CKA_VALUE; |
| ap++; |
| count++; |
| extra_count++; |
| ap->type = CKA_SIGN; |
| ap++; |
| count++; |
| extra_count++; |
| break; |
| case dhKey: |
| ap->type = CKA_PRIME; |
| ap++; |
| count++; |
| extra_count++; |
| ap->type = CKA_BASE; |
| ap++; |
| count++; |
| extra_count++; |
| ap->type = CKA_VALUE; |
| ap++; |
| count++; |
| extra_count++; |
| ap->type = CKA_DERIVE; |
| ap++; |
| count++; |
| extra_count++; |
| break; |
| case ecKey: |
| ap->type = CKA_EC_PARAMS; |
| ap++; |
| count++; |
| extra_count++; |
| ap->type = CKA_VALUE; |
| ap++; |
| count++; |
| extra_count++; |
| ap->type = CKA_DERIVE; |
| ap++; |
| count++; |
| extra_count++; |
| ap->type = CKA_SIGN; |
| ap++; |
| count++; |
| extra_count++; |
| break; |
| default: |
| count = 0; |
| extra_count = 0; |
| break; |
| } |
| |
| if (count == 0) { |
| PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); |
| return NULL; |
| } |
| |
| arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); |
| if (arena == NULL) |
| return NULL; |
| /* |
| * read out the old attributes. |
| */ |
| crv = PK11_GetAttributes(arena, privKey->pkcs11Slot, privKey->pkcs11ID, |
| privTemplate, count); |
| if (crv != CKR_OK) { |
| PORT_SetError(PK11_MapError(crv)); |
| PORT_FreeArena(arena, PR_TRUE); |
| return NULL; |
| } |
| |
| /* Set token, private, modifiable, sensitive, and extractable */ |
| count += pk11_AttrFlagsToAttributes(attrFlags, &privTemplate[count], |
| &cktrue, &ckfalse); |
| |
| /* Not everyone can handle zero padded key values, give |
| * them the raw data as unsigned. The exception is EC, |
| * where the values are encoded or zero-preserving |
| * per-RFC5915 */ |
| if (privKey->keyType != ecKey) { |
| for (ap = attrs; extra_count; ap++, extra_count--) { |
| pk11_SignedToUnsigned(ap); |
| } |
| } |
| |
| /* now Store the puppies */ |
| rv = PK11_CreateNewObject(slot, CK_INVALID_HANDLE, privTemplate, |
| count, token, &objectID); |
| PORT_FreeArena(arena, PR_TRUE); |
| if (rv != SECSuccess) { |
| return NULL; |
| } |
| |
| /* try loading the public key */ |
| if (pubKey) { |
| PK11_ImportPublicKey(slot, pubKey, token); |
| if (pubKey->pkcs11Slot) { |
| PK11_FreeSlot(pubKey->pkcs11Slot); |
| pubKey->pkcs11Slot = NULL; |
| pubKey->pkcs11ID = CK_INVALID_HANDLE; |
| } |
| } |
| |
| /* build new key structure */ |
| return PK11_MakePrivKey(slot, privKey->keyType, !token, |
| objectID, privKey->wincx); |
| } |
| |
| static SECKEYPrivateKey * |
| pk11_loadPrivKey(PK11SlotInfo *slot, SECKEYPrivateKey *privKey, |
| SECKEYPublicKey *pubKey, PRBool token, PRBool sensitive) |
| { |
| PK11AttrFlags attrFlags = 0; |
| if (token) { |
| attrFlags |= (PK11_ATTR_TOKEN | PK11_ATTR_PRIVATE); |
| } else { |
| attrFlags |= (PK11_ATTR_SESSION | PK11_ATTR_PUBLIC); |
| } |
| if (sensitive) { |
| attrFlags |= PK11_ATTR_SENSITIVE; |
| } else { |
| attrFlags |= PK11_ATTR_INSENSITIVE; |
| } |
| return pk11_loadPrivKeyWithFlags(slot, privKey, pubKey, attrFlags); |
| } |
| |
| /* |
| * export this for PSM |
| */ |
| SECKEYPrivateKey * |
| PK11_LoadPrivKey(PK11SlotInfo *slot, SECKEYPrivateKey *privKey, |
| SECKEYPublicKey *pubKey, PRBool token, PRBool sensitive) |
| { |
| return pk11_loadPrivKey(slot, privKey, pubKey, token, sensitive); |
| } |
| |
| /* |
| * Use the token to generate a key pair. |
| */ |
| SECKEYPrivateKey * |
| PK11_GenerateKeyPairWithOpFlags(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, |
| void *param, SECKEYPublicKey **pubKey, PK11AttrFlags attrFlags, |
| CK_FLAGS opFlags, CK_FLAGS opFlagsMask, void *wincx) |
| { |
| /* we have to use these native types because when we call PKCS 11 modules |
| * we have to make sure that we are using the correct sizes for all the |
| * parameters. */ |
| CK_BBOOL ckfalse = CK_FALSE; |
| CK_BBOOL cktrue = CK_TRUE; |
| CK_ULONG modulusBits; |
| CK_BYTE publicExponent[4]; |
| CK_ATTRIBUTE privTemplate[] = { |
| { CKA_SENSITIVE, NULL, 0 }, |
| { CKA_TOKEN, NULL, 0 }, |
| { CKA_PRIVATE, NULL, 0 }, |
| { CKA_DERIVE, NULL, 0 }, |
| { CKA_UNWRAP, NULL, 0 }, |
| { CKA_SIGN, NULL, 0 }, |
| { CKA_DECRYPT, NULL, 0 }, |
| { CKA_EXTRACTABLE, NULL, 0 }, |
| { CKA_MODIFIABLE, NULL, 0 }, |
| }; |
| CK_ATTRIBUTE rsaPubTemplate[] = { |
| { CKA_MODULUS_BITS, NULL, 0 }, |
| { CKA_PUBLIC_EXPONENT, NULL, 0 }, |
| { CKA_TOKEN, NULL, 0 }, |
| { CKA_DERIVE, NULL, 0 }, |
| { CKA_WRAP, NULL, 0 }, |
| { CKA_VERIFY, NULL, 0 }, |
| { CKA_VERIFY_RECOVER, NULL, 0 }, |
| { CKA_ENCRYPT, NULL, 0 }, |
| { CKA_MODIFIABLE, NULL, 0 }, |
| }; |
| CK_ATTRIBUTE dsaPubTemplate[] = { |
| { CKA_PRIME, NULL, 0 }, |
| { CKA_SUBPRIME, NULL, 0 }, |
| { CKA_BASE, NULL, 0 }, |
| { CKA_TOKEN, NULL, 0 }, |
| { CKA_DERIVE, NULL, 0 }, |
| { CKA_WRAP, NULL, 0 }, |
| { CKA_VERIFY, NULL, 0 }, |
| { CKA_VERIFY_RECOVER, NULL, 0 }, |
| { CKA_ENCRYPT, NULL, 0 }, |
| { CKA_MODIFIABLE, NULL, 0 }, |
| }; |
| CK_ATTRIBUTE dhPubTemplate[] = { |
| { CKA_PRIME, NULL, 0 }, |
| { CKA_BASE, NULL, 0 }, |
| { CKA_TOKEN, NULL, 0 }, |
| { CKA_DERIVE, NULL, 0 }, |
| { CKA_WRAP, NULL, 0 }, |
| { CKA_VERIFY, NULL, 0 }, |
| { CKA_VERIFY_RECOVER, NULL, 0 }, |
| { CKA_ENCRYPT, NULL, 0 }, |
| { CKA_MODIFIABLE, NULL, 0 }, |
| }; |
| CK_ATTRIBUTE ecPubTemplate[] = { |
| { CKA_EC_PARAMS, NULL, 0 }, |
| { CKA_TOKEN, NULL, 0 }, |
| { CKA_DERIVE, NULL, 0 }, |
| { CKA_WRAP, NULL, 0 }, |
| { CKA_VERIFY, NULL, 0 }, |
| { CKA_VERIFY_RECOVER, NULL, 0 }, |
| { CKA_ENCRYPT, NULL, 0 }, |
| { CKA_MODIFIABLE, NULL, 0 }, |
| }; |
| SECKEYECParams *ecParams; |
| |
| /*CK_ULONG key_size = 0;*/ |
| CK_ATTRIBUTE *pubTemplate; |
| int privCount = 0; |
| int pubCount = 0; |
| PK11RSAGenParams *rsaParams; |
| SECKEYPQGParams *dsaParams; |
| SECKEYDHParams *dhParams; |
| CK_MECHANISM mechanism; |
| CK_MECHANISM test_mech; |
| CK_MECHANISM test_mech2; |
| CK_SESSION_HANDLE session_handle; |
| CK_RV crv; |
| CK_OBJECT_HANDLE privID, pubID; |
| SECKEYPrivateKey *privKey; |
| KeyType keyType; |
| PRBool restore; |
| int peCount, i; |
| CK_ATTRIBUTE *attrs; |
| CK_ATTRIBUTE *privattrs; |
| CK_ATTRIBUTE setTemplate; |
| CK_MECHANISM_INFO mechanism_info; |
| CK_OBJECT_CLASS keyClass; |
| SECItem *cka_id; |
| PRBool haslock = PR_FALSE; |
| PRBool pubIsToken = PR_FALSE; |
| PRBool token = ((attrFlags & PK11_ATTR_TOKEN) != 0); |
| /* subset of attrFlags applicable to the public key */ |
| PK11AttrFlags pubKeyAttrFlags = attrFlags & |
| (PK11_ATTR_TOKEN | PK11_ATTR_SESSION | PK11_ATTR_MODIFIABLE | PK11_ATTR_UNMODIFIABLE); |
| |
| if (pk11_BadAttrFlags(attrFlags)) { |
| PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| return NULL; |
| } |
| |
| if (!param) { |
| PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| return NULL; |
| } |
| |
| /* |
| * The opFlags and opFlagMask parameters allow us to control the |
| * settings of the key usage attributes (CKA_ENCRYPT and friends). |
| * opFlagMask is set to one if the flag is specified in opFlags and |
| * zero if it is to take on a default value calculated by |
| * PK11_GenerateKeyPairWithOpFlags. |
| * opFlags specifies the actual value of the flag 1 or 0. |
| * Bits not corresponding to one bits in opFlagMask should be zero. |
| */ |
| |
| /* if we are trying to turn on a flag, it better be in the mask */ |
| PORT_Assert((opFlags & ~opFlagsMask) == 0); |
| opFlags &= opFlagsMask; |
| |
| PORT_Assert(slot != NULL); |
| if (slot == NULL) { |
| PORT_SetError(SEC_ERROR_NO_MODULE); |
| return NULL; |
| } |
| |
| /* if our slot really doesn't do this mechanism, Generate the key |
| * in our internal token and write it out */ |
| if (!PK11_DoesMechanism(slot, type)) { |
| PK11SlotInfo *int_slot = PK11_GetInternalSlot(); |
| |
| /* don't loop forever looking for a slot */ |
| if (slot == int_slot) { |
| PK11_FreeSlot(int_slot); |
| PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); |
| return NULL; |
| } |
| |
| /* if there isn't a suitable slot, then we can't do the keygen */ |
| if (int_slot == NULL) { |
| PORT_SetError(SEC_ERROR_NO_MODULE); |
| return NULL; |
| } |
| |
| /* generate the temporary key to load */ |
| privKey = PK11_GenerateKeyPair(int_slot, type, param, pubKey, PR_FALSE, |
| PR_FALSE, wincx); |
| PK11_FreeSlot(int_slot); |
| |
| /* if successful, load the temp key into the new token */ |
| if (privKey != NULL) { |
| SECKEYPrivateKey *newPrivKey = pk11_loadPrivKeyWithFlags(slot, |
| privKey, *pubKey, attrFlags); |
| SECKEY_DestroyPrivateKey(privKey); |
| if (newPrivKey == NULL) { |
| SECKEY_DestroyPublicKey(*pubKey); |
| *pubKey = NULL; |
| } |
| return newPrivKey; |
| } |
| return NULL; |
| } |
| |
| mechanism.mechanism = type; |
| mechanism.pParameter = NULL; |
| mechanism.ulParameterLen = 0; |
| test_mech.pParameter = NULL; |
| test_mech.ulParameterLen = 0; |
| test_mech2.mechanism = CKM_INVALID_MECHANISM; |
| test_mech2.pParameter = NULL; |
| test_mech2.ulParameterLen = 0; |
| |
| /* set up the private key template */ |
| privattrs = privTemplate; |
| privattrs += pk11_AttrFlagsToAttributes(attrFlags, privattrs, |
| &cktrue, &ckfalse); |
| |
| /* set up the mechanism specific info */ |
| switch (type) { |
| case CKM_RSA_PKCS_KEY_PAIR_GEN: |
| case CKM_RSA_X9_31_KEY_PAIR_GEN: |
| rsaParams = (PK11RSAGenParams *)param; |
| if (rsaParams->pe == 0) { |
| PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| return NULL; |
| } |
| modulusBits = rsaParams->keySizeInBits; |
| peCount = 0; |
| |
| /* convert pe to a PKCS #11 string */ |
| for (i = 0; i < 4; i++) { |
| if (peCount || (rsaParams->pe & |
| ((unsigned long)0xff000000L >> (i * 8)))) { |
| publicExponent[peCount] = |
| (CK_BYTE)((rsaParams->pe >> (3 - i) * 8) & 0xff); |
| peCount++; |
| } |
| } |
| PORT_Assert(peCount != 0); |
| attrs = rsaPubTemplate; |
| PK11_SETATTRS(attrs, CKA_MODULUS_BITS, |
| &modulusBits, sizeof(modulusBits)); |
| attrs++; |
| PK11_SETATTRS(attrs, CKA_PUBLIC_EXPONENT, |
| publicExponent, peCount); |
| attrs++; |
| pubTemplate = rsaPubTemplate; |
| keyType = rsaKey; |
| test_mech.mechanism = CKM_RSA_PKCS; |
| break; |
| case CKM_DSA_KEY_PAIR_GEN: |
| dsaParams = (SECKEYPQGParams *)param; |
| attrs = dsaPubTemplate; |
| PK11_SETATTRS(attrs, CKA_PRIME, dsaParams->prime.data, |
| dsaParams->prime.len); |
| attrs++; |
| PK11_SETATTRS(attrs, CKA_SUBPRIME, dsaParams->subPrime.data, |
| dsaParams->subPrime.len); |
| attrs++; |
| PK11_SETATTRS(attrs, CKA_BASE, dsaParams->base.data, |
| dsaParams->base.len); |
| attrs++; |
| pubTemplate = dsaPubTemplate; |
| keyType = dsaKey; |
| test_mech.mechanism = CKM_DSA; |
| break; |
| case CKM_DH_PKCS_KEY_PAIR_GEN: |
| dhParams = (SECKEYDHParams *)param; |
| attrs = dhPubTemplate; |
| PK11_SETATTRS(attrs, CKA_PRIME, dhParams->prime.data, |
| dhParams->prime.len); |
| attrs++; |
| PK11_SETATTRS(attrs, CKA_BASE, dhParams->base.data, |
| dhParams->base.len); |
| attrs++; |
| pubTemplate = dhPubTemplate; |
| keyType = dhKey; |
| test_mech.mechanism = CKM_DH_PKCS_DERIVE; |
| break; |
| case CKM_EC_KEY_PAIR_GEN: |
| ecParams = (SECKEYECParams *)param; |
| attrs = ecPubTemplate; |
| PK11_SETATTRS(attrs, CKA_EC_PARAMS, ecParams->data, |
| ecParams->len); |
| attrs++; |
| pubTemplate = ecPubTemplate; |
| keyType = ecKey; |
| /* |
| * ECC supports 2 different mechanism types (unlike RSA, which |
| * supports different usages with the same mechanism). |
| * We may need to query both mechanism types and or the results |
| * together -- but we only do that if either the user has |
| * requested both usages, or not specified any usages. |
| */ |
| if ((opFlags & (CKF_SIGN | CKF_DERIVE)) == (CKF_SIGN | CKF_DERIVE)) { |
| /* We've explicitly turned on both flags, use both mechanism */ |
| test_mech.mechanism = CKM_ECDH1_DERIVE; |
| test_mech2.mechanism = CKM_ECDSA; |
| } else if (opFlags & CKF_SIGN) { |
| /* just do signing */ |
| test_mech.mechanism = CKM_ECDSA; |
| } else if (opFlags & CKF_DERIVE) { |
| /* just do ECDH */ |
| test_mech.mechanism = CKM_ECDH1_DERIVE; |
| } else { |
| /* neither was specified default to both */ |
| test_mech.mechanism = CKM_ECDH1_DERIVE; |
| test_mech2.mechanism = CKM_ECDSA; |
| } |
| break; |
| default: |
| PORT_SetError(SEC_ERROR_BAD_KEY); |
| return NULL; |
| } |
| |
| /* now query the slot to find out how "good" a key we can generate */ |
| if (!slot->isThreadSafe) |
| PK11_EnterSlotMonitor(slot); |
| crv = PK11_GETTAB(slot)->C_GetMechanismInfo(slot->slotID, |
| test_mech.mechanism, &mechanism_info); |
| /* |
| * EC keys are used in multiple different types of mechanism, if we |
| * are using dual use keys, we need to query the second mechanism |
| * as well. |
| */ |
| if (test_mech2.mechanism != CKM_INVALID_MECHANISM) { |
| CK_MECHANISM_INFO mechanism_info2; |
| CK_RV crv2; |
| |
| if (crv != CKR_OK) { |
| /* the first failed, make sure there is no trash in the |
| * mechanism flags when we or it below */ |
| mechanism_info.flags = 0; |
| } |
| crv2 = PK11_GETTAB(slot)->C_GetMechanismInfo(slot->slotID, |
| test_mech2.mechanism, &mechanism_info2); |
| if (crv2 == CKR_OK) { |
| crv = CKR_OK; /* succeed if either mechnaism info succeeds */ |
| /* combine the 2 sets of mechnanism flags */ |
| mechanism_info.flags |= mechanism_info2.flags; |
| } |
| } |
| if (!slot->isThreadSafe) |
| PK11_ExitSlotMonitor(slot); |
| if ((crv != CKR_OK) || (mechanism_info.flags == 0)) { |
| /* must be old module... guess what it should be... */ |
| switch (test_mech.mechanism) { |
| case CKM_RSA_PKCS: |
| mechanism_info.flags = (CKF_SIGN | CKF_DECRYPT | |
| CKF_WRAP | CKF_VERIFY_RECOVER | CKF_ENCRYPT | CKF_WRAP); |
| break; |
| case CKM_DSA: |
| mechanism_info.flags = CKF_SIGN | CKF_VERIFY; |
| break; |
| case CKM_DH_PKCS_DERIVE: |
| mechanism_info.flags = CKF_DERIVE; |
| break; |
| case CKM_ECDH1_DERIVE: |
| mechanism_info.flags = CKF_DERIVE; |
| if (test_mech2.mechanism == CKM_ECDSA) { |
| mechanism_info.flags |= CKF_SIGN | CKF_VERIFY; |
| } |
| break; |
| case CKM_ECDSA: |
| mechanism_info.flags = CKF_SIGN | CKF_VERIFY; |
| break; |
| default: |
| break; |
| } |
| } |
| /* now adjust our flags according to the user's key usage passed to us */ |
| mechanism_info.flags = (mechanism_info.flags & (~opFlagsMask)) | opFlags; |
| /* set the public key attributes */ |
| attrs += pk11_AttrFlagsToAttributes(pubKeyAttrFlags, attrs, |
| &cktrue, &ckfalse); |
| PK11_SETATTRS(attrs, CKA_DERIVE, |
| mechanism_info.flags & CKF_DERIVE ? &cktrue : &ckfalse, |
| sizeof(CK_BBOOL)); |
| attrs++; |
| PK11_SETATTRS(attrs, CKA_WRAP, |
| mechanism_info.flags & CKF_WRAP ? &cktrue : &ckfalse, |
| sizeof(CK_BBOOL)); |
| attrs++; |
| PK11_SETATTRS(attrs, CKA_VERIFY, |
| mechanism_info.flags & CKF_VERIFY ? &cktrue : &ckfalse, |
| sizeof(CK_BBOOL)); |
| attrs++; |
| PK11_SETATTRS(attrs, CKA_VERIFY_RECOVER, |
| mechanism_info.flags & CKF_VERIFY_RECOVER ? &cktrue : &ckfalse, |
| sizeof(CK_BBOOL)); |
| attrs++; |
| PK11_SETATTRS(attrs, CKA_ENCRYPT, |
| mechanism_info.flags & CKF_ENCRYPT ? &cktrue : &ckfalse, |
| sizeof(CK_BBOOL)); |
| attrs++; |
| /* set the private key attributes */ |
| PK11_SETATTRS(privattrs, CKA_DERIVE, |
| mechanism_info.flags & CKF_DERIVE ? &cktrue : &ckfalse, |
| sizeof(CK_BBOOL)); |
| privattrs++; |
| PK11_SETATTRS(privattrs, CKA_UNWRAP, |
| mechanism_info.flags & CKF_UNWRAP ? &cktrue : &ckfalse, |
| sizeof(CK_BBOOL)); |
| privattrs++; |
| PK11_SETATTRS(privattrs, CKA_SIGN, |
| mechanism_info.flags & CKF_SIGN ? &cktrue : &ckfalse, |
| sizeof(CK_BBOOL)); |
| privattrs++; |
| PK11_SETATTRS(privattrs, CKA_DECRYPT, |
| mechanism_info.flags & CKF_DECRYPT ? &cktrue : &ckfalse, |
| sizeof(CK_BBOOL)); |
| privattrs++; |
| |
| if (token) { |
| session_handle = PK11_GetRWSession(slot); |
| haslock = PK11_RWSessionHasLock(slot, session_handle); |
| restore = PR_TRUE; |
| } else { |
| session_handle = slot->session; |
| if (session_handle != CK_INVALID_HANDLE) |
| PK11_EnterSlotMonitor(slot); |
| restore = PR_FALSE; |
| haslock = PR_TRUE; |
| } |
| |
| if (session_handle == CK_INVALID_HANDLE) { |
| PORT_SetError(SEC_ERROR_BAD_DATA); |
| return NULL; |
| } |
| privCount = privattrs - privTemplate; |
| pubCount = attrs - pubTemplate; |
| crv = PK11_GETTAB(slot)->C_GenerateKeyPair(session_handle, &mechanism, |
| pubTemplate, pubCount, privTemplate, privCount, &pubID, &privID); |
| |
| if (crv != CKR_OK) { |
| if (restore) { |
| PK11_RestoreROSession(slot, session_handle); |
| } else |
| PK11_ExitSlotMonitor(slot); |
| PORT_SetError(PK11_MapError(crv)); |
| return NULL; |
| } |
| /* This locking code is dangerous and needs to be more thought |
| * out... the real problem is that we're holding the mutex open this long |
| */ |
| if (haslock) { |
| PK11_ExitSlotMonitor(slot); |
| } |
| |
| /* swap around the ID's for older PKCS #11 modules */ |
| keyClass = PK11_ReadULongAttribute(slot, pubID, CKA_CLASS); |
| if (keyClass != CKO_PUBLIC_KEY) { |
| CK_OBJECT_HANDLE tmp = pubID; |
| pubID = privID; |
| privID = tmp; |
| } |
| |
| *pubKey = PK11_ExtractPublicKey(slot, keyType, pubID); |
| if (*pubKey == NULL) { |
| if (restore) { |
| /* we may have to restore the mutex so it get's exited properly |
| * in RestoreROSession */ |
| if (haslock) |
| PK11_EnterSlotMonitor(slot); |
| PK11_RestoreROSession(slot, session_handle); |
| } |
| PK11_DestroyObject(slot, pubID); |
| PK11_DestroyObject(slot, privID); |
| return NULL; |
| } |
| |
| /* set the ID to the public key so we can find it again */ |
| cka_id = pk11_MakeIDFromPublicKey(*pubKey); |
| pubIsToken = (PRBool)PK11_HasAttributeSet(slot, pubID, CKA_TOKEN, PR_FALSE); |
| |
| PK11_SETATTRS(&setTemplate, CKA_ID, cka_id->data, cka_id->len); |
| |
| if (haslock) { |
| PK11_EnterSlotMonitor(slot); |
| } |
| crv = PK11_GETTAB(slot)->C_SetAttributeValue(session_handle, privID, |
| &setTemplate, 1); |
| |
| if (crv == CKR_OK && pubIsToken) { |
| crv = PK11_GETTAB(slot)->C_SetAttributeValue(session_handle, pubID, |
| &setTemplate, 1); |
| } |
| |
| if (restore) { |
| PK11_RestoreROSession(slot, session_handle); |
| } else { |
| PK11_ExitSlotMonitor(slot); |
| } |
| SECITEM_FreeItem(cka_id, PR_TRUE); |
| |
| if (crv != CKR_OK) { |
| PK11_DestroyObject(slot, pubID); |
| PK11_DestroyObject(slot, privID); |
| PORT_SetError(PK11_MapError(crv)); |
| *pubKey = NULL; |
| return NULL; |
| } |
| |
| privKey = PK11_MakePrivKey(slot, keyType, !token, privID, wincx); |
| if (privKey == NULL) { |
| SECKEY_DestroyPublicKey(*pubKey); |
| PK11_DestroyObject(slot, privID); |
| *pubKey = NULL; |
| return NULL; |
| } |
| |
| return privKey; |
| } |
| |
| SECKEYPrivateKey * |
| PK11_GenerateKeyPairWithFlags(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, |
| void *param, SECKEYPublicKey **pubKey, PK11AttrFlags attrFlags, void *wincx) |
| { |
| return PK11_GenerateKeyPairWithOpFlags(slot, type, param, pubKey, attrFlags, |
| 0, 0, wincx); |
| } |
| |
| /* |
| * Use the token to generate a key pair. |
| */ |
| SECKEYPrivateKey * |
| PK11_GenerateKeyPair(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, |
| void *param, SECKEYPublicKey **pubKey, PRBool token, |
| PRBool sensitive, void *wincx) |
| { |
| PK11AttrFlags attrFlags = 0; |
| |
| if (token) { |
| attrFlags |= PK11_ATTR_TOKEN; |
| } else { |
| attrFlags |= PK11_ATTR_SESSION; |
| } |
| if (sensitive) { |
| attrFlags |= (PK11_ATTR_SENSITIVE | PK11_ATTR_PRIVATE); |
| } else { |
| attrFlags |= (PK11_ATTR_INSENSITIVE | PK11_ATTR_PUBLIC); |
| } |
| return PK11_GenerateKeyPairWithFlags(slot, type, param, pubKey, |
| attrFlags, wincx); |
| } |
| |
| /* build a public KEA key from the public value */ |
| SECKEYPublicKey * |
| PK11_MakeKEAPubKey(unsigned char *keyData, int length) |
| { |
| SECKEYPublicKey *pubk; |
| SECItem pkData; |
| SECStatus rv; |
| PLArenaPool *arena; |
| |
| pkData.data = keyData; |
| pkData.len = length; |
| pkData.type = siBuffer; |
| |
| arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); |
| if (arena == NULL) |
| return NULL; |
| |
| pubk = (SECKEYPublicKey *)PORT_ArenaZAlloc(arena, sizeof(SECKEYPublicKey)); |
| if (pubk == NULL) { |
| PORT_FreeArena(arena, PR_FALSE); |
| return NULL; |
| } |
| |
| pubk->arena = arena; |
| pubk->pkcs11Slot = 0; |
| pubk->pkcs11ID = CK_INVALID_HANDLE; |
| pubk->keyType = fortezzaKey; |
| rv = SECITEM_CopyItem(arena, &pubk->u.fortezza.KEAKey, &pkData); |
| if (rv != SECSuccess) { |
| PORT_FreeArena(arena, PR_FALSE); |
| return NULL; |
| } |
| return pubk; |
| } |
| |
| SECStatus |
| SECKEY_SetPublicValue(SECKEYPrivateKey *privKey, SECItem *publicValue) |
| { |
| SECStatus rv; |
| SECKEYPublicKey pubKey; |
| PLArenaPool *arena; |
| PK11SlotInfo *slot; |
| CK_OBJECT_HANDLE privKeyID; |
| |
| if (privKey == NULL || publicValue == NULL || |
| publicValue->data == NULL || publicValue->len == 0) { |
| PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| return SECFailure; |
| } |
| |
| pubKey.arena = NULL; |
| pubKey.keyType = privKey->keyType; |
| pubKey.pkcs11Slot = NULL; |
| pubKey.pkcs11ID = CK_INVALID_HANDLE; |
| /* can't use PORT_InitCheapArena here becase SECKEY_DestroyPublic is used |
| * to free it, and it uses PORT_FreeArena which not only frees the |
| * underlying arena, it also frees the allocated arena struct. */ |
| arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); |
| pubKey.arena = arena; |
| if (arena == NULL) { |
| return SECFailure; |
| } |
| |
| slot = privKey->pkcs11Slot; |
| privKeyID = privKey->pkcs11ID; |
| rv = SECFailure; |
| switch (privKey->keyType) { |
| default: |
| /* error code already set to SECFailure */ |
| break; |
| case rsaKey: |
| pubKey.u.rsa.modulus = *publicValue; |
| rv = PK11_ReadAttribute(slot, privKeyID, CKA_PUBLIC_EXPONENT, |
| arena, &pubKey.u.rsa.publicExponent); |
| break; |
| case dsaKey: |
| pubKey.u.dsa.publicValue = *publicValue; |
| rv = PK11_ReadAttribute(slot, privKeyID, CKA_PRIME, |
| arena, &pubKey.u.dsa.params.prime); |
| if (rv != SECSuccess) { |
| break; |
| } |
| rv = PK11_ReadAttribute(slot, privKeyID, CKA_SUBPRIME, |
| arena, &pubKey.u.dsa.params.subPrime); |
| if (rv != SECSuccess) { |
| break; |
| } |
| rv = PK11_ReadAttribute(slot, privKeyID, CKA_BASE, |
| arena, &pubKey.u.dsa.params.base); |
| break; |
| case dhKey: |
| pubKey.u.dh.publicValue = *publicValue; |
| rv = PK11_ReadAttribute(slot, privKeyID, CKA_PRIME, |
| arena, &pubKey.u.dh.prime); |
| if (rv != SECSuccess) { |
| break; |
| } |
| rv = PK11_ReadAttribute(slot, privKeyID, CKA_BASE, |
| arena, &pubKey.u.dh.base); |
| break; |
| case ecKey: |
| pubKey.u.ec.publicValue = *publicValue; |
| pubKey.u.ec.encoding = ECPoint_Undefined; |
| pubKey.u.ec.size = 0; |
| rv = PK11_ReadAttribute(slot, privKeyID, CKA_EC_PARAMS, |
| arena, &pubKey.u.ec.DEREncodedParams); |
| break; |
| } |
| if (rv == SECSuccess) { |
| rv = PK11_ImportPublicKey(slot, &pubKey, PR_TRUE); |
| } |
| /* Even though pubKey is stored on the stack, we've allocated |
| * some of it's data from the arena. SECKEY_DestroyPublicKey |
| * destroys keys by freeing the arena, so this will clean up all |
| * the data we allocated specifically for the key above. It will |
| * also free any slot references which we may have picked up in |
| * PK11_ImportPublicKey. It won't delete the underlying key if |
| * its a Token/Permanent key (which it will be if |
| * PK11_ImportPublicKey succeeds). */ |
| SECKEY_DestroyPublicKey(&pubKey); |
| |
| return rv; |
| } |
| |
| /* |
| * NOTE: This function doesn't return a SECKEYPrivateKey struct to represent |
| * the new private key object. If it were to create a session object that |
| * could later be looked up by its nickname, it would leak a SECKEYPrivateKey. |
| * So isPerm must be true. |
| */ |
| SECStatus |
| PK11_ImportEncryptedPrivateKeyInfo(PK11SlotInfo *slot, |
| SECKEYEncryptedPrivateKeyInfo *epki, SECItem *pwitem, |
| SECItem *nickname, SECItem *publicValue, PRBool isPerm, |
| PRBool isPrivate, KeyType keyType, |
| unsigned int keyUsage, void *wincx) |
| { |
| if (!isPerm) { |
| PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| return SECFailure; |
| } |
| return PK11_ImportEncryptedPrivateKeyInfoAndReturnKey(slot, epki, |
| pwitem, nickname, publicValue, isPerm, isPrivate, keyType, |
| keyUsage, NULL, wincx); |
| } |
| |
| SECStatus |
| PK11_ImportEncryptedPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot, |
| SECKEYEncryptedPrivateKeyInfo *epki, SECItem *pwitem, |
| SECItem *nickname, SECItem *publicValue, PRBool isPerm, |
| PRBool isPrivate, KeyType keyType, |
| unsigned int keyUsage, SECKEYPrivateKey **privk, |
| void *wincx) |
| { |
| CK_MECHANISM_TYPE pbeMechType; |
| SECItem *crypto_param = NULL; |
| PK11SymKey *key = NULL; |
| SECStatus rv = SECSuccess; |
| CK_MECHANISM_TYPE cryptoMechType; |
| SECKEYPrivateKey *privKey = NULL; |
| PRBool faulty3DES = PR_FALSE; |
| int usageCount = 0; |
| CK_KEY_TYPE key_type; |
| CK_ATTRIBUTE_TYPE *usage = NULL; |
| CK_ATTRIBUTE_TYPE rsaUsage[] = { |
| CKA_UNWRAP, CKA_DECRYPT, CKA_SIGN, CKA_SIGN_RECOVER |
| }; |
| CK_ATTRIBUTE_TYPE dsaUsage[] = { CKA_SIGN }; |
| CK_ATTRIBUTE_TYPE dhUsage[] = { CKA_DERIVE }; |
| CK_ATTRIBUTE_TYPE ecUsage[] = { CKA_SIGN, CKA_DERIVE }; |
| if ((epki == NULL) || (pwitem == NULL)) |
| return SECFailure; |
| |
| pbeMechType = PK11_AlgtagToMechanism(SECOID_FindOIDTag( |
| &epki->algorithm.algorithm)); |
| |
| switch (keyType) { |
| default: |
| case rsaKey: |
| key_type = CKK_RSA; |
| switch (keyUsage & (KU_KEY_ENCIPHERMENT | KU_DIGITAL_SIGNATURE)) { |
| case KU_KEY_ENCIPHERMENT: |
| usage = rsaUsage; |
| usageCount = 2; |
| break; |
| case KU_DIGITAL_SIGNATURE: |
| usage = &rsaUsage[2]; |
| usageCount = 2; |
| break; |
| case KU_KEY_ENCIPHERMENT | KU_DIGITAL_SIGNATURE: |
| case 0: /* default to everything */ |
| usage = rsaUsage; |
| usageCount = 4; |
| break; |
| } |
| break; |
| case dhKey: |
| key_type = CKK_DH; |
| usage = dhUsage; |
| usageCount = sizeof(dhUsage) / sizeof(dhUsage[0]); |
| break; |
| case dsaKey: |
| key_type = CKK_DSA; |
| usage = dsaUsage; |
| usageCount = sizeof(dsaUsage) / sizeof(dsaUsage[0]); |
| break; |
| case ecKey: |
| key_type = CKK_EC; |
| switch (keyUsage & (KU_DIGITAL_SIGNATURE | KU_KEY_AGREEMENT)) { |
| case KU_DIGITAL_SIGNATURE: |
| usage = ecUsage; |
| usageCount = 1; |
| break; |
| case KU_KEY_AGREEMENT: |
| usage = &ecUsage[1]; |
| usageCount = 1; |
| break; |
| case KU_DIGITAL_SIGNATURE | KU_KEY_AGREEMENT: |
| default: /* default to everything */ |
| usage = ecUsage; |
| usageCount = 2; |
| break; |
| } |
| break; |
| } |
| |
| try_faulty_3des: |
| |
| key = PK11_PBEKeyGen(slot, &epki->algorithm, pwitem, faulty3DES, wincx); |
| if (key == NULL) { |
| rv = SECFailure; |
| goto done; |
| } |
| cryptoMechType = pk11_GetPBECryptoMechanism(&epki->algorithm, |
| &crypto_param, pwitem, faulty3DES); |
| if (cryptoMechType == CKM_INVALID_MECHANISM) { |
| rv = SECFailure; |
| goto done; |
| } |
| |
| cryptoMechType = PK11_GetPadMechanism(cryptoMechType); |
| |
| PORT_Assert(usage != NULL); |
| PORT_Assert(usageCount != 0); |
| privKey = PK11_UnwrapPrivKey(slot, key, cryptoMechType, |
| crypto_param, &epki->encryptedData, |
| nickname, publicValue, isPerm, isPrivate, |
| key_type, usage, usageCount, wincx); |
| if (privKey) { |
| rv = SECSuccess; |
| goto done; |
| } |
| |
| /* if we are unable to import the key and the pbeMechType is |
| * CKM_NSS_PBE_SHA1_TRIPLE_DES_CBC, then it is possible that |
| * the encrypted blob was created with a buggy key generation method |
| * which is described in the PKCS 12 implementation notes. So we |
| * need to try importing via that method. |
| */ |
| if ((pbeMechType == CKM_NSS_PBE_SHA1_TRIPLE_DES_CBC) && (!faulty3DES)) { |
| /* clean up after ourselves before redoing the key generation. */ |
| |
| PK11_FreeSymKey(key); |
| key = NULL; |
| |
| if (crypto_param) { |
| SECITEM_ZfreeItem(crypto_param, PR_TRUE); |
| crypto_param = NULL; |
| } |
| |
| faulty3DES = PR_TRUE; |
| goto try_faulty_3des; |
| } |
| |
| /* key import really did fail */ |
| rv = SECFailure; |
| |
| done: |
| if ((rv == SECSuccess) && isPerm) { |
| /* If we are importing a token object, |
| * create the corresponding public key. |
| * If this fails, just continue as the target |
| * token simply might not support persistant |
| * public keys. Such tokens are usable, but |
| * need to be authenticated before searching |
| * for user certs. */ |
| (void)SECKEY_SetPublicValue(privKey, publicValue); |
| } |
| |
| if (privKey) { |
| if (privk) { |
| *privk = privKey; |
| } else { |
| SECKEY_DestroyPrivateKey(privKey); |
| } |
| privKey = NULL; |
| } |
| if (crypto_param != NULL) { |
| SECITEM_ZfreeItem(crypto_param, PR_TRUE); |
| } |
| |
| if (key != NULL) { |
| PK11_FreeSymKey(key); |
| } |
| |
| return rv; |
| } |
| |
| SECKEYPrivateKeyInfo * |
| PK11_ExportPrivateKeyInfo(CERTCertificate *cert, void *wincx) |
| { |
| SECKEYPrivateKeyInfo *pki = NULL; |
| SECKEYPrivateKey *pk = PK11_FindKeyByAnyCert(cert, wincx); |
| if (pk != NULL) { |
| pki = PK11_ExportPrivKeyInfo(pk, wincx); |
| SECKEY_DestroyPrivateKey(pk); |
| } |
| return pki; |
| } |
| |
| /* V2 refers to PKCS #5 V2 here. If a PKCS #5 v1 or PKCS #12 pbe is passed |
| * for pbeTag, then encTag and hashTag are ignored. If pbe is an encryption |
| * algorithm, then PKCS #5 V2 is used with prfTag for the prf. If prfTag isn't |
| * supplied prf will be SEC_OID_HMAC_SHA1 */ |
| SECKEYEncryptedPrivateKeyInfo * |
| PK11_ExportEncryptedPrivKeyInfoV2( |
| PK11SlotInfo *slot, /* optional, encrypt key in this slot */ |
| SECOidTag pbeAlg, /* PBE algorithm to encrypt the with key */ |
| SECOidTag encAlg, /* Encryption algorithm to Encrypt the key with */ |
| SECOidTag prfAlg, /* Hash algorithm for PRF */ |
| SECItem *pwitem, /* password for PBE encryption */ |
| SECKEYPrivateKey *pk, /* encrypt this private key */ |
| int iteration, /* interations for PBE alg */ |
| void *pwArg) /* context for password callback */ |
| { |
| SECKEYEncryptedPrivateKeyInfo *epki = NULL; |
| PLArenaPool *arena = NULL; |
| SECAlgorithmID *algid; |
| SECOidTag pbeAlgTag = SEC_OID_UNKNOWN; |
| SECItem *crypto_param = NULL; |
| PK11SymKey *key = NULL; |
| SECKEYPrivateKey *tmpPK = NULL; |
| SECStatus rv = SECSuccess; |
| CK_RV crv; |
| CK_ULONG encBufLen; |
| CK_MECHANISM_TYPE pbeMechType; |
| CK_MECHANISM_TYPE cryptoMechType; |
| CK_MECHANISM cryptoMech; |
| |
| if (!pwitem || !pk) { |
| PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| return NULL; |
| } |
| |
| algid = sec_pkcs5CreateAlgorithmID(pbeAlg, encAlg, prfAlg, |
| &pbeAlgTag, 0, NULL, iteration); |
| if (algid == NULL) { |
| return NULL; |
| } |
| |
| arena = PORT_NewArena(2048); |
| if (arena) |
| epki = PORT_ArenaZNew(arena, SECKEYEncryptedPrivateKeyInfo); |
| if (epki == NULL) { |
| rv = SECFailure; |
| goto loser; |
| } |
| epki->arena = arena; |
| |
| /* if we didn't specify a slot, use the slot the private key was in */ |
| if (!slot) { |
| slot = pk->pkcs11Slot; |
| } |
| |
| /* if we specified a different slot, and the private key slot can do the |
| * pbe key gen, generate the key in the private key slot so we don't have |
| * to move it later */ |
| pbeMechType = PK11_AlgtagToMechanism(pbeAlgTag); |
| if (slot != pk->pkcs11Slot) { |
| if (PK11_DoesMechanism(pk->pkcs11Slot, pbeMechType)) { |
| slot = pk->pkcs11Slot; |
| } |
| } |
| key = PK11_PBEKeyGen(slot, algid, pwitem, PR_FALSE, pwArg); |
| if (key == NULL) { |
| rv = SECFailure; |
| goto loser; |
| } |
| |
| cryptoMechType = PK11_GetPBECryptoMechanism(algid, &crypto_param, pwitem); |
| if (cryptoMechType == CKM_INVALID_MECHANISM) { |
| rv = SECFailure; |
| goto loser; |
| } |
| |
| cryptoMech.mechanism = PK11_GetPadMechanism(cryptoMechType); |
| cryptoMech.pParameter = crypto_param ? crypto_param->data : NULL; |
| cryptoMech.ulParameterLen = crypto_param ? crypto_param->len : 0; |
| |
| /* If the key isn't in the private key slot, move it */ |
| if (key->slot != pk->pkcs11Slot) { |
| PK11SymKey *newkey = pk11_CopyToSlot(pk->pkcs11Slot, |
| key->type, CKA_WRAP, key); |
| if (newkey == NULL) { |
| /* couldn't import the wrapping key, try exporting the |
| * private key */ |
| tmpPK = pk11_loadPrivKey(key->slot, pk, NULL, PR_FALSE, PR_TRUE); |
| if (tmpPK == NULL) { |
| rv = SECFailure; |
| goto loser; |
| } |
| pk = tmpPK; |
| } else { |
| /* free the old key and use the new key */ |
| PK11_FreeSymKey(key); |
| key = newkey; |
| } |
| } |
| |
| /* we are extracting an encrypted privateKey structure. |
| * which needs to be freed along with the buffer into which it is |
| * returned. eventually, we should retrieve an encrypted key using |
| * pkcs8/pkcs5. |
| */ |
| encBufLen = 0; |
| PK11_EnterSlotMonitor(pk->pkcs11Slot); |
| crv = PK11_GETTAB(pk->pkcs11Slot)->C_WrapKey(pk->pkcs11Slot->session, &cryptoMech, key->objectID, pk->pkcs11ID, NULL, &encBufLen); |
| PK11_ExitSlotMonitor(pk->pkcs11Slot); |
| if (crv != CKR_OK) { |
| rv = SECFailure; |
| goto loser; |
| } |
| epki->encryptedData.data = PORT_ArenaAlloc(arena, encBufLen); |
| if (!epki->encryptedData.data) { |
| rv = SECFailure; |
| goto loser; |
| } |
| PK11_EnterSlotMonitor(pk->pkcs11Slot); |
| crv = PK11_GETTAB(pk->pkcs11Slot)->C_WrapKey(pk->pkcs11Slot->session, &cryptoMech, key->objectID, pk->pkcs11ID, epki->encryptedData.data, &encBufLen); |
| PK11_ExitSlotMonitor(pk->pkcs11Slot); |
| epki->encryptedData.len = (unsigned int)encBufLen; |
| if (crv != CKR_OK) { |
| rv = SECFailure; |
| goto loser; |
| } |
| |
| if (!epki->encryptedData.len) { |
| rv = SECFailure; |
| goto loser; |
| } |
| |
| rv = SECOID_CopyAlgorithmID(arena, &epki->algorithm, algid); |
| |
| loser: |
| if (crypto_param != NULL) { |
| SECITEM_ZfreeItem(crypto_param, PR_TRUE); |
| crypto_param = NULL; |
| } |
| |
| if (key != NULL) { |
| PK11_FreeSymKey(key); |
| } |
| if (tmpPK != NULL) { |
| SECKEY_DestroyPrivateKey(tmpPK); |
| } |
| SECOID_DestroyAlgorithmID(algid, PR_TRUE); |
| |
| if (rv == SECFailure) { |
| if (arena != NULL) { |
| PORT_FreeArena(arena, PR_TRUE); |
| } |
| epki = NULL; |
| } |
| |
| return epki; |
| } |
| |
| SECKEYEncryptedPrivateKeyInfo * |
| PK11_ExportEncryptedPrivKeyInfo( |
| PK11SlotInfo *slot, /* optional, encrypt key in this slot */ |
| SECOidTag algTag, /* PBE algorithm to encrypt the with key */ |
| SECItem *pwitem, /* password for PBE encryption */ |
| SECKEYPrivateKey *pk, /* encrypt this private key */ |
| int iteration, /* interations for PBE alg */ |
| void *pwArg) /* context for password callback */ |
| { |
| return PK11_ExportEncryptedPrivKeyInfoV2(slot, algTag, SEC_OID_UNKNOWN, |
| SEC_OID_UNKNOWN, pwitem, pk, |
| iteration, pwArg); |
| } |
| |
| /* V2 refers to PKCS #5 V2 here. If a PKCS #5 v1 or PKCS #12 pbe is passed |
| * for pbeTag, then encTag and hashTag are ignored. If pbe is an encryption |
| * algorithm, then PKCS #5 V2 is used with prfTag for the prf. If prfTag isn't |
| * supplied prf will be SEC_OID_HMAC_SHA1 */ |
| SECKEYEncryptedPrivateKeyInfo * |
| PK11_ExportEncryptedPrivateKeyInfoV2( |
| PK11SlotInfo *slot, /* optional, encrypt key in this slot */ |
| SECOidTag pbeAlg, /* PBE algorithm to encrypt the with key */ |
| SECOidTag encAlg, /* Encryption algorithm to Encrypt the key with */ |
| SECOidTag prfAlg, /* HMAC algorithm for PRF*/ |
| SECItem *pwitem, /* password for PBE encryption */ |
| CERTCertificate *cert, /* wrap priv key for this user cert */ |
| int iteration, /* interations for PBE alg */ |
| void *pwArg) /* context for password callback */ |
| { |
| SECKEYEncryptedPrivateKeyInfo *epki = NULL; |
| SECKEYPrivateKey *pk = PK11_FindKeyByAnyCert(cert, pwArg); |
| if (pk != NULL) { |
| epki = PK11_ExportEncryptedPrivKeyInfoV2(slot, pbeAlg, encAlg, prfAlg, |
| pwitem, pk, iteration, |
| pwArg); |
| SECKEY_DestroyPrivateKey(pk); |
| } |
| return epki; |
| } |
| |
| SECKEYEncryptedPrivateKeyInfo * |
| PK11_ExportEncryptedPrivateKeyInfo( |
| PK11SlotInfo *slot, /* optional, encrypt key in this slot */ |
| SECOidTag algTag, /* encrypt key with this algorithm */ |
| SECItem *pwitem, /* password for PBE encryption */ |
| CERTCertificate *cert, /* wrap priv key for this user cert */ |
| int iteration, /* interations for PBE alg */ |
| void *pwArg) /* context for password callback */ |
| { |
| return PK11_ExportEncryptedPrivateKeyInfoV2(slot, algTag, SEC_OID_UNKNOWN, |
| SEC_OID_UNKNOWN, pwitem, cert, |
| iteration, pwArg); |
| } |
| |
| SECItem * |
| PK11_DEREncodePublicKey(const SECKEYPublicKey *pubk) |
| { |
| return SECKEY_EncodeDERSubjectPublicKeyInfo(pubk); |
| } |
| |
| char * |
| PK11_GetPrivateKeyNickname(SECKEYPrivateKey *privKey) |
| { |
| return PK11_GetObjectNickname(privKey->pkcs11Slot, privKey->pkcs11ID); |
| } |
| |
| char * |
| PK11_GetPublicKeyNickname(SECKEYPublicKey *pubKey) |
| { |
| return PK11_GetObjectNickname(pubKey->pkcs11Slot, pubKey->pkcs11ID); |
| } |
| |
| SECStatus |
| PK11_SetPrivateKeyNickname(SECKEYPrivateKey *privKey, const char *nickname) |
| { |
| return PK11_SetObjectNickname(privKey->pkcs11Slot, |
| privKey->pkcs11ID, nickname); |
| } |
| |
| SECStatus |
| PK11_SetPublicKeyNickname(SECKEYPublicKey *pubKey, const char *nickname) |
| { |
| return PK11_SetObjectNickname(pubKey->pkcs11Slot, |
| pubKey->pkcs11ID, nickname); |
| } |
| |
| SECKEYPQGParams * |
| PK11_GetPQGParamsFromPrivateKey(SECKEYPrivateKey *privKey) |
| { |
| CK_ATTRIBUTE pTemplate[] = { |
| { CKA_PRIME, NULL, 0 }, |
| { CKA_SUBPRIME, NULL, 0 }, |
| { CKA_BASE, NULL, 0 }, |
| }; |
| int pTemplateLen = sizeof(pTemplate) / sizeof(pTemplate[0]); |
| PLArenaPool *arena = NULL; |
| SECKEYPQGParams *params; |
| CK_RV crv; |
| |
| arena = PORT_NewArena(2048); |
| if (arena == NULL) { |
| goto loser; |
| } |
| params = (SECKEYPQGParams *)PORT_ArenaZAlloc(arena, sizeof(SECKEYPQGParams)); |
| if (params == NULL) { |
| goto loser; |
| } |
| |
| crv = PK11_GetAttributes(arena, privKey->pkcs11Slot, privKey->pkcs11ID, |
| pTemplate, pTemplateLen); |
| if (crv != CKR_OK) { |
| PORT_SetError(PK11_MapError(crv)); |
| goto loser; |
| } |
| |
| params->arena = arena; |
| params->prime.data = pTemplate[0].pValue; |
| params->prime.len = pTemplate[0].ulValueLen; |
| params->subPrime.data = pTemplate[1].pValue; |
| params->subPrime.len = pTemplate[1].ulValueLen; |
| params->base.data = pTemplate[2].pValue; |
| params->base.len = pTemplate[2].ulValueLen; |
| |
| return params; |
| |
| loser: |
| if (arena != NULL) { |
| PORT_FreeArena(arena, PR_FALSE); |
| } |
| return NULL; |
| } |
| |
| SECKEYPrivateKey * |
| PK11_CopyTokenPrivKeyToSessionPrivKey(PK11SlotInfo *destSlot, |
| SECKEYPrivateKey *privKey) |
| { |
| CK_RV crv; |
| CK_OBJECT_HANDLE newKeyID; |
| |
| static const CK_BBOOL ckfalse = CK_FALSE; |
| static const CK_ATTRIBUTE template[1] = { |
| { CKA_TOKEN, (CK_BBOOL *)&ckfalse, sizeof ckfalse } |
| }; |
| |
| if (destSlot && destSlot != privKey->pkcs11Slot) { |
| SECKEYPrivateKey *newKey = |
| pk11_loadPrivKey(destSlot, |
| privKey, |
| NULL, /* pubKey */ |
| PR_FALSE, /* token */ |
| PR_FALSE); /* sensitive */ |
| if (newKey) |
| return newKey; |
| } |
| destSlot = privKey->pkcs11Slot; |
| PK11_Authenticate(destSlot, PR_TRUE, privKey->wincx); |
| PK11_EnterSlotMonitor(destSlot); |
| crv = PK11_GETTAB(destSlot)->C_CopyObject(destSlot->session, |
| privKey->pkcs11ID, |
| (CK_ATTRIBUTE *)template, |
| 1, &newKeyID); |
| PK11_ExitSlotMonitor(destSlot); |
| |
| if (crv != CKR_OK) { |
| PORT_SetError(PK11_MapError(crv)); |
| return NULL; |
| } |
| |
| return PK11_MakePrivKey(destSlot, privKey->keyType, PR_TRUE /*isTemp*/, |
| newKeyID, privKey->wincx); |
| } |
| |
| SECKEYPrivateKey * |
| PK11_ConvertSessionPrivKeyToTokenPrivKey(SECKEYPrivateKey *privk, void *wincx) |
| { |
| PK11SlotInfo *slot = privk->pkcs11Slot; |
| CK_ATTRIBUTE template[1]; |
| CK_ATTRIBUTE *attrs = template; |
| CK_BBOOL cktrue = CK_TRUE; |
| CK_RV crv; |
| CK_OBJECT_HANDLE newKeyID; |
| CK_SESSION_HANDLE rwsession; |
| |
| PK11_SETATTRS(attrs, CKA_TOKEN, &cktrue, sizeof(cktrue)); |
| attrs++; |
| |
| PK11_Authenticate(slot, PR_TRUE, wincx); |
| rwsession = PK11_GetRWSession(slot); |
| if (rwsession == CK_INVALID_HANDLE) { |
| PORT_SetError(SEC_ERROR_BAD_DATA); |
| return NULL; |
| } |
| crv = PK11_GETTAB(slot)->C_CopyObject(rwsession, privk->pkcs11ID, |
| template, 1, &newKeyID); |
| PK11_RestoreROSession(slot, rwsession); |
| |
| if (crv != CKR_OK) { |
| PORT_SetError(PK11_MapError(crv)); |
| return NULL; |
| } |
| |
| return PK11_MakePrivKey(slot, nullKey /*KeyType*/, PR_FALSE /*isTemp*/, |
| newKeyID, NULL /*wincx*/); |
| } |
| |
| /* |
| * destroy a private key if there are no matching certs. |
| * this function also frees the privKey structure. |
| */ |
| SECStatus |
| PK11_DeleteTokenPrivateKey(SECKEYPrivateKey *privKey, PRBool force) |
| { |
| CERTCertificate *cert = PK11_GetCertFromPrivateKey(privKey); |
| SECStatus rv = SECWouldBlock; |
| |
| if (!cert || force) { |
| /* now, then it's safe for the key to go away */ |
| rv = PK11_DestroyTokenObject(privKey->pkcs11Slot, privKey->pkcs11ID); |
| } |
| if (cert) { |
| CERT_DestroyCertificate(cert); |
| } |
| SECKEY_DestroyPrivateKey(privKey); |
| return rv; |
| } |
| |
| /* |
| * destroy a private key if there are no matching certs. |
| * this function also frees the privKey structure. |
| */ |
| SECStatus |
| PK11_DeleteTokenPublicKey(SECKEYPublicKey *pubKey) |
| { |
| /* now, then it's safe for the key to go away */ |
| if (pubKey->pkcs11Slot == NULL) { |
| return SECFailure; |
| } |
| PK11_DestroyTokenObject(pubKey->pkcs11Slot, pubKey->pkcs11ID); |
| SECKEY_DestroyPublicKey(pubKey); |
| return SECSuccess; |
| } |
| |
| /* |
| * key call back structure. |
| */ |
| typedef struct pk11KeyCallbackStr { |
| SECStatus (*callback)(SECKEYPrivateKey *, void *); |
| void *callbackArg; |
| void *wincx; |
| } pk11KeyCallback; |
| |
| /* |
| * callback to map Object Handles to Private Keys; |
| */ |
| SECStatus |
| pk11_DoKeys(PK11SlotInfo *slot, CK_OBJECT_HANDLE keyHandle, void *arg) |
| { |
| SECStatus rv = SECSuccess; |
| SECKEYPrivateKey *privKey; |
| pk11KeyCallback *keycb = (pk11KeyCallback *)arg; |
| if (!arg) { |
| return SECFailure; |
| } |
| |
| privKey = PK11_MakePrivKey(slot, nullKey, PR_TRUE, keyHandle, keycb->wincx); |
| |
| if (privKey == NULL) { |
| return SECFailure; |
| } |
| |
| if (keycb->callback) { |
| rv = (*keycb->callback)(privKey, keycb->callbackArg); |
| } |
| |
| SECKEY_DestroyPrivateKey(privKey); |
| return rv; |
| } |
| |
| /*********************************************************************** |
| * PK11_TraversePrivateKeysInSlot |
| * |
| * Traverses all the private keys on a slot. |
| * |
| * INPUTS |
| * slot |
| * The PKCS #11 slot whose private keys you want to traverse. |
| * callback |
| * A callback function that will be called for each key. |
| * arg |
| * An argument that will be passed to the callback function. |
| */ |
| SECStatus |
| PK11_TraversePrivateKeysInSlot(PK11SlotInfo *slot, |
| SECStatus (*callback)(SECKEYPrivateKey *, void *), void *arg) |
| { |
| pk11KeyCallback perKeyCB; |
| pk11TraverseSlot perObjectCB; |
| CK_OBJECT_CLASS privkClass = CKO_PRIVATE_KEY; |
| CK_BBOOL ckTrue = CK_TRUE; |
| CK_ATTRIBUTE theTemplate[2]; |
| int templateSize = 2; |
| |
| theTemplate[0].type = CKA_CLASS; |
| theTemplate[0].pValue = &privkClass; |
| theTemplate[0].ulValueLen = sizeof(privkClass); |
| theTemplate[1].type = CKA_TOKEN; |
| theTemplate[1].pValue = &ckTrue; |
| theTemplate[1].ulValueLen = sizeof(ckTrue); |
| |
| if (slot == NULL) { |
| return SECSuccess; |
| } |
| |
| perObjectCB.callback = pk11_DoKeys; |
| perObjectCB.callbackArg = &perKeyCB; |
| perObjectCB.findTemplate = theTemplate; |
| perObjectCB.templateCount = templateSize; |
| perKeyCB.callback = callback; |
| perKeyCB.callbackArg = arg; |
| perKeyCB.wincx = NULL; |
| |
| return PK11_TraverseSlot(slot, &perObjectCB); |
| } |
| |
| /* |
| * return the private key with the given ID |
| */ |
| CK_OBJECT_HANDLE |
| pk11_FindPrivateKeyFromCertID(PK11SlotInfo *slot, SECItem *keyID) |
| { |
| CK_OBJECT_CLASS privKey = CKO_PRIVATE_KEY; |
| CK_ATTRIBUTE theTemplate[] = { |
| { CKA_ID, NULL, 0 }, |
| { CKA_CLASS, NULL, 0 }, |
| }; |
| /* if you change the array, change the variable below as well */ |
| int tsize = sizeof(theTemplate) / sizeof(theTemplate[0]); |
| CK_ATTRIBUTE *attrs = theTemplate; |
| |
| PK11_SETATTRS(attrs, CKA_ID, keyID->data, keyID->len); |
| attrs++; |
| PK11_SETATTRS(attrs, CKA_CLASS, &privKey, sizeof(privKey)); |
| |
| return pk11_FindObjectByTemplate(slot, theTemplate, tsize); |
| } |
| |
| SECKEYPrivateKey * |
| PK11_FindKeyByKeyID(PK11SlotInfo *slot, SECItem *keyID, void *wincx) |
| { |
| CK_OBJECT_HANDLE keyHandle; |
| SECKEYPrivateKey *privKey; |
| |
| keyHandle = pk11_FindPrivateKeyFromCertID(slot, keyID); |
| if (keyHandle == CK_INVALID_HANDLE) { |
| return NULL; |
| } |
| privKey = PK11_MakePrivKey(slot, nullKey, PR_TRUE, keyHandle, wincx); |
| return privKey; |
| } |
| |
| /* |
| * Generate a CKA_ID from the relevant public key data. The CKA_ID is generated |
| * from the pubKeyData by SHA1_Hashing it to produce a smaller CKA_ID (to make |
| * smart cards happy. |
| */ |
| SECItem * |
| PK11_MakeIDFromPubKey(SECItem *pubKeyData) |
| { |
| PK11Context *context; |
| SECItem *certCKA_ID; |
| SECStatus rv; |
| |
| if (pubKeyData->len <= SHA1_LENGTH) { |
| /* probably an already hashed value. The strongest known public |
| * key values <= 160 bits would be less than 40 bit symetric in |
| * strength. Don't hash them, just return the value. There are |
| * none at the time of this writing supported by previous versions |
| * of NSS, so change is binary compatible safe */ |
| return SECITEM_DupItem(pubKeyData); |
| } |
| |
| context = PK11_CreateDigestContext(SEC_OID_SHA1); |
| if (context == NULL) { |
| return NULL; |
| } |
| |
| rv = PK11_DigestBegin(context); |
| if (rv == SECSuccess) { |
| rv = PK11_DigestOp(context, pubKeyData->data, pubKeyData->len); |
| } |
| if (rv != SECSuccess) { |
| PK11_DestroyContext(context, PR_TRUE); |
| return NULL; |
| } |
| |
| certCKA_ID = (SECItem *)PORT_Alloc(sizeof(SECItem)); |
| if (certCKA_ID == NULL) { |
| PK11_DestroyContext(context, PR_TRUE); |
| return NULL; |
| } |
| |
| certCKA_ID->len = SHA1_LENGTH; |
| certCKA_ID->data = (unsigned char *)PORT_Alloc(certCKA_ID->len); |
| if (certCKA_ID->data == NULL) { |
| PORT_Free(certCKA_ID); |
| PK11_DestroyContext(context, PR_TRUE); |
| return NULL; |
| } |
| |
| rv = PK11_DigestFinal(context, certCKA_ID->data, &certCKA_ID->len, |
| SHA1_LENGTH); |
| PK11_DestroyContext(context, PR_TRUE); |
| if (rv != SECSuccess) { |
| SECITEM_FreeItem(certCKA_ID, PR_TRUE); |
| return NULL; |
| } |
| |
| return certCKA_ID; |
| } |
| |
| /* Looking for PK11_GetKeyIDFromPrivateKey? |
| * Call PK11_GetLowLevelKeyIDForPrivateKey instead. |
| */ |
| |
| SECItem * |
| PK11_GetLowLevelKeyIDForPrivateKey(SECKEYPrivateKey *privKey) |
| { |
| return pk11_GetLowLevelKeyFromHandle(privKey->pkcs11Slot, privKey->pkcs11ID); |
| } |
| |
| static SECStatus |
| privateKeyListCallback(SECKEYPrivateKey *key, void *arg) |
| { |
| SECKEYPrivateKeyList *list = (SECKEYPrivateKeyList *)arg; |
| return SECKEY_AddPrivateKeyToListTail(list, SECKEY_CopyPrivateKey(key)); |
| } |
| |
| SECKEYPrivateKeyList * |
| PK11_ListPrivateKeysInSlot(PK11SlotInfo *slot) |
| { |
| SECStatus status; |
| SECKEYPrivateKeyList *keys; |
| |
| keys = SECKEY_NewPrivateKeyList(); |
| if (keys == NULL) |
| return NULL; |
| |
| status = PK11_TraversePrivateKeysInSlot(slot, privateKeyListCallback, |
| (void *)keys); |
| |
| if (status != SECSuccess) { |
| SECKEY_DestroyPrivateKeyList(keys); |
| keys = NULL; |
| } |
| |
| return keys; |
| } |
| |
| SECKEYPublicKeyList * |
| PK11_ListPublicKeysInSlot(PK11SlotInfo *slot, char *nickname) |
| { |
| CK_ATTRIBUTE findTemp[4]; |
| CK_ATTRIBUTE *attrs; |
| CK_BBOOL ckTrue = CK_TRUE; |
| CK_OBJECT_CLASS keyclass = CKO_PUBLIC_KEY; |
| size_t tsize = 0; |
| int objCount = 0; |
| CK_OBJECT_HANDLE *key_ids; |
| SECKEYPublicKeyList *keys; |
| int i, len; |
| |
| attrs = findTemp; |
| PK11_SETATTRS(attrs, CKA_CLASS, &keyclass, sizeof(keyclass)); |
| attrs++; |
| PK11_SETATTRS(attrs, CKA_TOKEN, &ckTrue, sizeof(ckTrue)); |
| attrs++; |
| if (nickname) { |
| len = PORT_Strlen(nickname); |
| PK11_SETATTRS(attrs, CKA_LABEL, nickname, len); |
| attrs++; |
| } |
| tsize = attrs - findTemp; |
| PORT_Assert(tsize <= sizeof(findTemp) / sizeof(CK_ATTRIBUTE)); |
| |
| key_ids = pk11_FindObjectsByTemplate(slot, findTemp, tsize, &objCount); |
| if (key_ids == NULL) { |
| return NULL; |
| } |
| keys = SECKEY_NewPublicKeyList(); |
| if (keys == NULL) { |
| PORT_Free(key_ids); |
| return NULL; |
| } |
| |
| for (i = 0; i < objCount; i++) { |
| SECKEYPublicKey *pubKey = |
| PK11_ExtractPublicKey(slot, nullKey, key_ids[i]); |
| if (pubKey) { |
| SECKEY_AddPublicKeyToListTail(keys, pubKey); |
| } |
| } |
| |
| PORT_Free(key_ids); |
| return keys; |
| } |
| |
| SECKEYPrivateKeyList * |
| PK11_ListPrivKeysInSlot(PK11SlotInfo *slot, char *nickname, void *wincx) |
| { |
| CK_ATTRIBUTE findTemp[4]; |
| CK_ATTRIBUTE *attrs; |
| CK_BBOOL ckTrue = CK_TRUE; |
| CK_OBJECT_CLASS keyclass = CKO_PRIVATE_KEY; |
| size_t tsize = 0; |
| int objCount = 0; |
| CK_OBJECT_HANDLE *key_ids; |
| SECKEYPrivateKeyList *keys; |
| int i, len; |
| |
| attrs = findTemp; |
| PK11_SETATTRS(attrs, CKA_CLASS, &keyclass, sizeof(keyclass)); |
| attrs++; |
| PK11_SETATTRS(attrs, CKA_TOKEN, &ckTrue, sizeof(ckTrue)); |
| attrs++; |
| if (nickname) { |
| len = PORT_Strlen(nickname); |
| PK11_SETATTRS(attrs, CKA_LABEL, nickname, len); |
| attrs++; |
| } |
| tsize = attrs - findTemp; |
| PORT_Assert(tsize <= sizeof(findTemp) / sizeof(CK_ATTRIBUTE)); |
| |
| key_ids = pk11_FindObjectsByTemplate(slot, findTemp, tsize, &objCount); |
| if (key_ids == NULL) { |
| return NULL; |
| } |
| keys = SECKEY_NewPrivateKeyList(); |
| if (keys == NULL) { |
| PORT_Free(key_ids); |
| return NULL; |
| } |
| |
| for (i = 0; i < objCount; i++) { |
| SECKEYPrivateKey *privKey = |
| PK11_MakePrivKey(slot, nullKey, PR_TRUE, key_ids[i], wincx); |
| SECKEY_AddPrivateKeyToListTail(keys, privKey); |
| } |
| |
| PORT_Free(key_ids); |
| return keys; |
| } |