diff options
author | thayes%netscape.com <devnull@localhost> | 2000-05-31 23:06:02 +0000 |
---|---|---|
committer | thayes%netscape.com <devnull@localhost> | 2000-05-31 23:06:02 +0000 |
commit | 5d77fbf64418dea1041f1729292ebf89fbdbf626 (patch) | |
tree | 183a275586018ce6e72daf3d91b6d31a0c1ed274 | |
parent | be12fac6c10d69773857c1826df00ae0d1eedb62 (diff) | |
download | nss-hg-5d77fbf64418dea1041f1729292ebf89fbdbf626.tar.gz |
Use PK11 fixed key lookup to locate the key value. Fix ENCRYPT/DECRYPT bug in
SDR_Decrypt.
-rw-r--r-- | security/nss/lib/pk11wrap/pk11sdr.c | 41 |
1 files changed, 14 insertions, 27 deletions
diff --git a/security/nss/lib/pk11wrap/pk11sdr.c b/security/nss/lib/pk11wrap/pk11sdr.c index d2262dbb1..460591835 100644 --- a/security/nss/lib/pk11wrap/pk11sdr.c +++ b/security/nss/lib/pk11wrap/pk11sdr.c @@ -62,21 +62,6 @@ static SEC_ASN1Template template[] = { { 0 } }; -/* - * Temporary fixed DES3 key for testing - */ -static unsigned char keyValue[] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17 -}; - -static SECItem keyItem = { - 0, - keyValue, - sizeof keyValue -}; - static unsigned char keyID[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 @@ -159,6 +144,7 @@ PK11SDR_Encrypt(SECItem *keyid, SECItem *data, SECItem *result, void *cx) CK_MECHANISM_TYPE type; SDRResult sdrResult; SECItem paddedData; + SECItem *pKeyID; PLArenaPool *arena = 0; /* Initialize */ @@ -180,8 +166,11 @@ PK11SDR_Encrypt(SECItem *keyid, SECItem *data, SECItem *result, void *cx) /* Use triple-DES */ type = CKM_DES3_CBC; - /* Keyid value 16*0 (16 bytes of 0) is special, it uses a fixed DES3 key */ - key = PK11_ImportSymKey(slot, type, 0, CKA_ENCRYPT, &keyItem, cx); + /* Find the key to use */ + pKeyID = keyid; + if (pKeyID->len == 0) pKeyID = &keyIDItem; /* Use default value */ + + key = PK11_FindFixedKey(slot, type, pKeyID, cx); if (!key) { rv = SECFailure; goto loser; } params = PK11_GenerateNewParam(type, key); @@ -202,7 +191,7 @@ PK11SDR_Encrypt(SECItem *keyid, SECItem *data, SECItem *result, void *cx) PK11_Finalize(ctx); - sdrResult.keyid = keyIDItem; + sdrResult.keyid = *pKeyID; rv = PK11_ParamToAlgid(SEC_OID_DES_EDE3_CBC, params, arena, &sdrResult.alg); if (rv != SECSuccess) goto loser; @@ -211,11 +200,11 @@ PK11SDR_Encrypt(SECItem *keyid, SECItem *data, SECItem *result, void *cx) loser: SECITEM_ZfreeItem(&paddedData, PR_FALSE); - PORT_FreeArena(arena, PR_TRUE); - PK11_DestroyContext(ctx, PR_TRUE); - SECITEM_ZfreeItem(params, PR_TRUE); - PK11_FreeSymKey(key); - PK11_FreeSlot(slot); + if (arena) PORT_FreeArena(arena, PR_TRUE); + if (ctx) PK11_DestroyContext(ctx, PR_TRUE); + if (params) SECITEM_ZfreeItem(params, PR_TRUE); + if (key) PK11_FreeSymKey(key); + if (slot) PK11_FreeSlot(slot); return rv; } @@ -255,16 +244,14 @@ PK11SDR_Decrypt(SECItem *data, SECItem *result, void *cx) /* Use triple-DES (Should look up the algorithm) */ type = CKM_DES3_CBC; - - /* Keyid value 16*0 (16 bytes of 0) is special, it uses a fixed DES3 key */ - key = PK11_ImportSymKey(slot, type, 0, CKA_DECRYPT, &keyItem, cx); + key = PK11_FindFixedKey(slot, type, &sdrResult.keyid, cx); if (!key) { rv = SECFailure; goto loser; } /* Get the parameter values from the data */ params = PK11_ParamFromAlgid(&sdrResult.alg); if (!params) { rv = SECFailure; goto loser; } - ctx = PK11_CreateContextBySymKey(type, CKA_ENCRYPT, key, params); + ctx = PK11_CreateContextBySymKey(type, CKA_DECRYPT, key, params); if (!ctx) { rv = SECFailure; goto loser; } paddedResult.len = sdrResult.data.len; |