summaryrefslogtreecommitdiff
path: root/nss/lib/pk11wrap/pk11pk12.c
diff options
context:
space:
mode:
Diffstat (limited to 'nss/lib/pk11wrap/pk11pk12.c')
-rw-r--r--nss/lib/pk11wrap/pk11pk12.c515
1 files changed, 278 insertions, 237 deletions
diff --git a/nss/lib/pk11wrap/pk11pk12.c b/nss/lib/pk11wrap/pk11pk12.c
index e5a0a21..1683cc5 100644
--- a/nss/lib/pk11wrap/pk11pk12.c
+++ b/nss/lib/pk11wrap/pk11pk12.c
@@ -20,8 +20,6 @@
#include "secerr.h"
#include "prerror.h"
-
-
/* These data structures should move to a common .h file shared between the
* wrappers and the pkcs 12 code. */
@@ -31,7 +29,7 @@
/* member names from PKCS#1, section 7.2 */
struct SECKEYRSAPrivateKeyStr {
- PLArenaPool * arena;
+ PLArenaPool *arena;
SECItem version;
SECItem modulus;
SECItem publicExponent;
@@ -44,7 +42,6 @@ struct SECKEYRSAPrivateKeyStr {
};
typedef struct SECKEYRSAPrivateKeyStr SECKEYRSAPrivateKey;
-
/*
** DSA Raw Private Key structures
*/
@@ -60,7 +57,7 @@ typedef struct SECKEYDSAPrivateKeyStr SECKEYDSAPrivateKey;
** Structure member names suggested by PKCS#3.
*/
struct SECKEYDHPrivateKeyStr {
- PLArenaPool * arena;
+ PLArenaPool *arena;
SECItem prime;
SECItem base;
SECItem privateValue;
@@ -76,7 +73,7 @@ struct SECKEYRawPrivateKeyStr {
union {
SECKEYRSAPrivateKey rsa;
SECKEYDSAPrivateKey dsa;
- SECKEYDHPrivateKey dh;
+ SECKEYDHPrivateKey dh;
} u;
};
typedef struct SECKEYRawPrivateKeyStr SECKEYRawPrivateKey;
@@ -90,10 +87,10 @@ SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
*/
const SEC_ASN1Template SECKEY_AttributeTemplate[] = {
{ SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(SECKEYAttribute) },
+ 0, NULL, sizeof(SECKEYAttribute) },
{ SEC_ASN1_OBJECT_ID, offsetof(SECKEYAttribute, attrType) },
{ SEC_ASN1_SET_OF | SEC_ASN1_XTRN, offsetof(SECKEYAttribute, attrValue),
- SEC_ASN1_SUB(SEC_AnyTemplate) },
+ SEC_ASN1_SUB(SEC_AnyTemplate) },
{ 0 }
};
@@ -103,14 +100,14 @@ const SEC_ASN1Template SECKEY_SetOfAttributeTemplate[] = {
const SEC_ASN1Template SECKEY_PrivateKeyInfoTemplate[] = {
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECKEYPrivateKeyInfo) },
- { SEC_ASN1_INTEGER, offsetof(SECKEYPrivateKeyInfo,version) },
+ { SEC_ASN1_INTEGER, offsetof(SECKEYPrivateKeyInfo, version) },
{ SEC_ASN1_INLINE | SEC_ASN1_XTRN,
- offsetof(SECKEYPrivateKeyInfo,algorithm),
- SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
- { SEC_ASN1_OCTET_STRING, offsetof(SECKEYPrivateKeyInfo,privateKey) },
+ offsetof(SECKEYPrivateKeyInfo, algorithm),
+ SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+ { SEC_ASN1_OCTET_STRING, offsetof(SECKEYPrivateKeyInfo, privateKey) },
{ SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
- offsetof(SECKEYPrivateKeyInfo,attributes),
- SECKEY_SetOfAttributeTemplate },
+ offsetof(SECKEYPrivateKeyInfo, attributes),
+ SECKEY_SetOfAttributeTemplate },
{ 0 }
};
@@ -120,41 +117,41 @@ const SEC_ASN1Template SECKEY_PointerToPrivateKeyInfoTemplate[] = {
const SEC_ASN1Template SECKEY_RSAPrivateKeyExportTemplate[] = {
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECKEYRawPrivateKey) },
- { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey,u.rsa.version) },
- { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey,u.rsa.modulus) },
- { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey,u.rsa.publicExponent) },
- { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey,u.rsa.privateExponent) },
- { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey,u.rsa.prime1) },
- { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey,u.rsa.prime2) },
- { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey,u.rsa.exponent1) },
- { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey,u.rsa.exponent2) },
- { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey,u.rsa.coefficient) },
+ { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey, u.rsa.version) },
+ { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey, u.rsa.modulus) },
+ { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey, u.rsa.publicExponent) },
+ { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey, u.rsa.privateExponent) },
+ { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey, u.rsa.prime1) },
+ { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey, u.rsa.prime2) },
+ { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey, u.rsa.exponent1) },
+ { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey, u.rsa.exponent2) },
+ { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey, u.rsa.coefficient) },
{ 0 }
};
const SEC_ASN1Template SECKEY_DSAPrivateKeyExportTemplate[] = {
- { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey,u.dsa.privateValue) },
+ { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey, u.dsa.privateValue) },
};
const SEC_ASN1Template SECKEY_DHPrivateKeyExportTemplate[] = {
- { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey,u.dh.privateValue) },
- { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey,u.dh.base) },
- { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey,u.dh.prime) },
+ { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey, u.dh.privateValue) },
+ { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey, u.dh.base) },
+ { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey, u.dh.prime) },
};
const SEC_ASN1Template SECKEY_EncryptedPrivateKeyInfoTemplate[] = {
{ SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(SECKEYEncryptedPrivateKeyInfo) },
+ 0, NULL, sizeof(SECKEYEncryptedPrivateKeyInfo) },
{ SEC_ASN1_INLINE | SEC_ASN1_XTRN,
- offsetof(SECKEYEncryptedPrivateKeyInfo,algorithm),
- SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+ offsetof(SECKEYEncryptedPrivateKeyInfo, algorithm),
+ SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
{ SEC_ASN1_OCTET_STRING,
- offsetof(SECKEYEncryptedPrivateKeyInfo,encryptedData) },
+ offsetof(SECKEYEncryptedPrivateKeyInfo, encryptedData) },
{ 0 }
};
const SEC_ASN1Template SECKEY_PointerToEncryptedPrivateKeyInfoTemplate[] = {
- { SEC_ASN1_POINTER, 0, SECKEY_EncryptedPrivateKeyInfoTemplate }
+ { SEC_ASN1_POINTER, 0, SECKEY_EncryptedPrivateKeyInfoTemplate }
};
SEC_ASN1_CHOOSER_IMPLEMENT(SECKEY_EncryptedPrivateKeyInfoTemplate)
@@ -201,21 +198,22 @@ prepare_dh_priv_key_export_for_asn1(SECKEYRawPrivateKey *key)
key->u.dh.base.type = siUnsignedInteger;
}
-
SECStatus
-PK11_ImportDERPrivateKeyInfo(PK11SlotInfo *slot, SECItem *derPKI,
- SECItem *nickname, SECItem *publicValue, PRBool isPerm,
- PRBool isPrivate, unsigned int keyUsage, void *wincx)
+PK11_ImportDERPrivateKeyInfo(PK11SlotInfo *slot, SECItem *derPKI,
+ SECItem *nickname, SECItem *publicValue, PRBool isPerm,
+ PRBool isPrivate, unsigned int keyUsage, void *wincx)
{
return PK11_ImportDERPrivateKeyInfoAndReturnKey(slot, derPKI,
- nickname, publicValue, isPerm, isPrivate, keyUsage, NULL, wincx);
+ nickname, publicValue,
+ isPerm, isPrivate, keyUsage,
+ NULL, wincx);
}
SECStatus
-PK11_ImportDERPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot, SECItem *derPKI,
- SECItem *nickname, SECItem *publicValue, PRBool isPerm,
- PRBool isPrivate, unsigned int keyUsage, SECKEYPrivateKey** privk,
- void *wincx)
+PK11_ImportDERPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot, SECItem *derPKI,
+ SECItem *nickname, SECItem *publicValue,
+ PRBool isPerm, PRBool isPrivate, unsigned int keyUsage,
+ SECKEYPrivateKey **privk, void *wincx)
{
SECKEYPrivateKeyInfo *pki = NULL;
PLArenaPool *temparena = NULL;
@@ -232,29 +230,38 @@ PK11_ImportDERPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot, SECItem *derPKI,
pki->arena = temparena;
rv = SEC_ASN1DecodeItem(pki->arena, pki, SECKEY_PrivateKeyInfoTemplate,
- derPKI);
- if( rv != SECSuccess ) {
+ derPKI);
+ if (rv != SECSuccess) {
/* If SEC_ASN1DecodeItem fails, we cannot assume anything about the
* validity of the data in pki. The best we can do is free the arena
- * and return.
- */
+ * and return. */
PORT_FreeArena(temparena, PR_TRUE);
return rv;
}
+ if (pki->privateKey.data == NULL) {
+ /* If SEC_ASN1DecodeItems succeeds but SECKEYPrivateKeyInfo.privateKey
+ * is a zero-length octet string, free the arena and return a failure
+ * to avoid trying to zero the corresponding SECItem in
+ * SECKEY_DestroyPrivateKeyInfo(). */
+ PORT_FreeArena(temparena, PR_TRUE);
+ PORT_SetError(SEC_ERROR_BAD_KEY);
+ return SECFailure;
+ }
rv = PK11_ImportPrivateKeyInfoAndReturnKey(slot, pki, nickname,
- publicValue, isPerm, isPrivate, keyUsage, privk, wincx);
+ publicValue, isPerm, isPrivate,
+ keyUsage, privk, wincx);
/* this zeroes the key and frees the arena */
SECKEY_DestroyPrivateKeyInfo(pki, PR_TRUE /*freeit*/);
return rv;
}
-
+
SECStatus
-PK11_ImportAndReturnPrivateKey(PK11SlotInfo *slot, SECKEYRawPrivateKey *lpk,
- SECItem *nickname, SECItem *publicValue, PRBool isPerm,
- PRBool isPrivate, unsigned int keyUsage, SECKEYPrivateKey **privk,
- void *wincx)
+PK11_ImportAndReturnPrivateKey(PK11SlotInfo *slot, SECKEYRawPrivateKey *lpk,
+ SECItem *nickname, SECItem *publicValue, PRBool isPerm,
+ PRBool isPrivate, unsigned int keyUsage, SECKEYPrivateKey **privk,
+ void *wincx)
{
CK_BBOOL cktrue = CK_TRUE;
CK_BBOOL ckfalse = CK_FALSE;
@@ -272,159 +279,195 @@ PK11_ImportAndReturnPrivateKey(PK11SlotInfo *slot, SECKEYRawPrivateKey *lpk,
attrs = theTemplate;
-
- PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, sizeof(keyClass) ); attrs++;
- PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof(keyType) ); attrs++;
- PK11_SETATTRS(attrs, CKA_TOKEN, isPerm ? &cktrue : &ckfalse,
- sizeof(CK_BBOOL) ); attrs++;
- PK11_SETATTRS(attrs, CKA_SENSITIVE, isPrivate ? &cktrue : &ckfalse,
- sizeof(CK_BBOOL) ); attrs++;
+ PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, sizeof(keyClass));
+ attrs++;
+ PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof(keyType));
+ attrs++;
+ PK11_SETATTRS(attrs, CKA_TOKEN, isPerm ? &cktrue : &ckfalse,
+ sizeof(CK_BBOOL));
+ attrs++;
+ PK11_SETATTRS(attrs, CKA_SENSITIVE, isPrivate ? &cktrue : &ckfalse,
+ sizeof(CK_BBOOL));
+ attrs++;
PK11_SETATTRS(attrs, CKA_PRIVATE, isPrivate ? &cktrue : &ckfalse,
- sizeof(CK_BBOOL) ); attrs++;
+ sizeof(CK_BBOOL));
+ attrs++;
switch (lpk->keyType) {
- case rsaKey:
- keyType = CKK_RSA;
- PK11_SETATTRS(attrs, CKA_UNWRAP, (keyUsage & KU_KEY_ENCIPHERMENT) ?
- &cktrue : &ckfalse, sizeof(CK_BBOOL) ); attrs++;
- PK11_SETATTRS(attrs, CKA_DECRYPT, (keyUsage & KU_DATA_ENCIPHERMENT) ?
- &cktrue : &ckfalse, sizeof(CK_BBOOL) ); attrs++;
- PK11_SETATTRS(attrs, CKA_SIGN, (keyUsage & KU_DIGITAL_SIGNATURE) ?
- &cktrue : &ckfalse, sizeof(CK_BBOOL) ); attrs++;
- PK11_SETATTRS(attrs, CKA_SIGN_RECOVER,
- (keyUsage & KU_DIGITAL_SIGNATURE) ?
- &cktrue : &ckfalse, sizeof(CK_BBOOL) ); attrs++;
- ck_id = PK11_MakeIDFromPubKey(&lpk->u.rsa.modulus);
- if (ck_id == NULL) {
- goto loser;
- }
- PK11_SETATTRS(attrs, CKA_ID, ck_id->data,ck_id->len); attrs++;
- if (nickname) {
- PK11_SETATTRS(attrs, CKA_LABEL, nickname->data, nickname->len); attrs++;
- }
- signedattr = attrs;
- PK11_SETATTRS(attrs, CKA_MODULUS, lpk->u.rsa.modulus.data,
- lpk->u.rsa.modulus.len); attrs++;
- PK11_SETATTRS(attrs, CKA_PUBLIC_EXPONENT,
- lpk->u.rsa.publicExponent.data,
- lpk->u.rsa.publicExponent.len); attrs++;
- PK11_SETATTRS(attrs, CKA_PRIVATE_EXPONENT,
- lpk->u.rsa.privateExponent.data,
- lpk->u.rsa.privateExponent.len); attrs++;
- PK11_SETATTRS(attrs, CKA_PRIME_1,
- lpk->u.rsa.prime1.data,
- lpk->u.rsa.prime1.len); attrs++;
- PK11_SETATTRS(attrs, CKA_PRIME_2,
- lpk->u.rsa.prime2.data,
- lpk->u.rsa.prime2.len); attrs++;
- PK11_SETATTRS(attrs, CKA_EXPONENT_1,
- lpk->u.rsa.exponent1.data,
- lpk->u.rsa.exponent1.len); attrs++;
- PK11_SETATTRS(attrs, CKA_EXPONENT_2,
- lpk->u.rsa.exponent2.data,
- lpk->u.rsa.exponent2.len); attrs++;
- PK11_SETATTRS(attrs, CKA_COEFFICIENT,
- lpk->u.rsa.coefficient.data,
- lpk->u.rsa.coefficient.len); attrs++;
- break;
- case dsaKey:
- keyType = CKK_DSA;
- /* To make our intenal PKCS #11 module work correctly with
- * our database, we need to pass in the public key value for
- * this dsa key. We have a netscape only CKA_ value to do this.
- * Only send it to internal slots */
- if( publicValue == NULL ) {
- goto loser;
- }
- if (PK11_IsInternal(slot)) {
- PK11_SETATTRS(attrs, CKA_NETSCAPE_DB,
- publicValue->data, publicValue->len); attrs++;
- }
- PK11_SETATTRS(attrs, CKA_SIGN, &cktrue, sizeof(CK_BBOOL)); attrs++;
- PK11_SETATTRS(attrs, CKA_SIGN_RECOVER, &cktrue, sizeof(CK_BBOOL)); attrs++;
- if(nickname) {
- PK11_SETATTRS(attrs, CKA_LABEL, nickname->data, nickname->len);
- attrs++;
- }
- ck_id = PK11_MakeIDFromPubKey(publicValue);
- if (ck_id == NULL) {
- goto loser;
- }
- PK11_SETATTRS(attrs, CKA_ID, ck_id->data,ck_id->len); attrs++;
- signedattr = attrs;
- PK11_SETATTRS(attrs, CKA_PRIME, lpk->u.dsa.params.prime.data,
- lpk->u.dsa.params.prime.len); attrs++;
- PK11_SETATTRS(attrs,CKA_SUBPRIME,lpk->u.dsa.params.subPrime.data,
- lpk->u.dsa.params.subPrime.len); attrs++;
- PK11_SETATTRS(attrs, CKA_BASE, lpk->u.dsa.params.base.data,
- lpk->u.dsa.params.base.len); attrs++;
- PK11_SETATTRS(attrs, CKA_VALUE, lpk->u.dsa.privateValue.data,
- lpk->u.dsa.privateValue.len); attrs++;
- break;
- case dhKey:
- keyType = CKK_DH;
- /* To make our intenal PKCS #11 module work correctly with
- * our database, we need to pass in the public key value for
- * this dh key. We have a netscape only CKA_ value to do this.
- * Only send it to internal slots */
- if (PK11_IsInternal(slot)) {
- PK11_SETATTRS(attrs, CKA_NETSCAPE_DB,
- publicValue->data, publicValue->len); attrs++;
- }
- PK11_SETATTRS(attrs, CKA_DERIVE, &cktrue, sizeof(CK_BBOOL)); attrs++;
- if(nickname) {
- PK11_SETATTRS(attrs, CKA_LABEL, nickname->data, nickname->len);
- attrs++;
- }
- ck_id = PK11_MakeIDFromPubKey(publicValue);
- if (ck_id == NULL) {
- goto loser;
- }
- PK11_SETATTRS(attrs, CKA_ID, ck_id->data,ck_id->len); attrs++;
- signedattr = attrs;
- PK11_SETATTRS(attrs, CKA_PRIME, lpk->u.dh.prime.data,
- lpk->u.dh.prime.len); attrs++;
- PK11_SETATTRS(attrs, CKA_BASE, lpk->u.dh.base.data,
- lpk->u.dh.base.len); attrs++;
- PK11_SETATTRS(attrs, CKA_VALUE, lpk->u.dh.privateValue.data,
- lpk->u.dh.privateValue.len); attrs++;
- break;
- /* what about fortezza??? */
- default:
- PORT_SetError(SEC_ERROR_BAD_KEY);
- goto loser;
+ case rsaKey:
+ keyType = CKK_RSA;
+ PK11_SETATTRS(attrs, CKA_UNWRAP, (keyUsage & KU_KEY_ENCIPHERMENT) ? &cktrue
+ : &ckfalse,
+ sizeof(CK_BBOOL));
+ attrs++;
+ PK11_SETATTRS(attrs, CKA_DECRYPT, (keyUsage & KU_DATA_ENCIPHERMENT) ? &cktrue
+ : &ckfalse,
+ sizeof(CK_BBOOL));
+ attrs++;
+ PK11_SETATTRS(attrs, CKA_SIGN, (keyUsage & KU_DIGITAL_SIGNATURE) ? &cktrue
+ : &ckfalse,
+ sizeof(CK_BBOOL));
+ attrs++;
+ PK11_SETATTRS(attrs, CKA_SIGN_RECOVER,
+ (keyUsage & KU_DIGITAL_SIGNATURE) ? &cktrue
+ : &ckfalse,
+ sizeof(CK_BBOOL));
+ attrs++;
+ ck_id = PK11_MakeIDFromPubKey(&lpk->u.rsa.modulus);
+ if (ck_id == NULL) {
+ goto loser;
+ }
+ PK11_SETATTRS(attrs, CKA_ID, ck_id->data, ck_id->len);
+ attrs++;
+ if (nickname) {
+ PK11_SETATTRS(attrs, CKA_LABEL, nickname->data, nickname->len);
+ attrs++;
+ }
+ signedattr = attrs;
+ PK11_SETATTRS(attrs, CKA_MODULUS, lpk->u.rsa.modulus.data,
+ lpk->u.rsa.modulus.len);
+ attrs++;
+ PK11_SETATTRS(attrs, CKA_PUBLIC_EXPONENT,
+ lpk->u.rsa.publicExponent.data,
+ lpk->u.rsa.publicExponent.len);
+ attrs++;
+ PK11_SETATTRS(attrs, CKA_PRIVATE_EXPONENT,
+ lpk->u.rsa.privateExponent.data,
+ lpk->u.rsa.privateExponent.len);
+ attrs++;
+ PK11_SETATTRS(attrs, CKA_PRIME_1,
+ lpk->u.rsa.prime1.data,
+ lpk->u.rsa.prime1.len);
+ attrs++;
+ PK11_SETATTRS(attrs, CKA_PRIME_2,
+ lpk->u.rsa.prime2.data,
+ lpk->u.rsa.prime2.len);
+ attrs++;
+ PK11_SETATTRS(attrs, CKA_EXPONENT_1,
+ lpk->u.rsa.exponent1.data,
+ lpk->u.rsa.exponent1.len);
+ attrs++;
+ PK11_SETATTRS(attrs, CKA_EXPONENT_2,
+ lpk->u.rsa.exponent2.data,
+ lpk->u.rsa.exponent2.len);
+ attrs++;
+ PK11_SETATTRS(attrs, CKA_COEFFICIENT,
+ lpk->u.rsa.coefficient.data,
+ lpk->u.rsa.coefficient.len);
+ attrs++;
+ break;
+ case dsaKey:
+ keyType = CKK_DSA;
+ /* To make our intenal PKCS #11 module work correctly with
+ * our database, we need to pass in the public key value for
+ * this dsa key. We have a netscape only CKA_ value to do this.
+ * Only send it to internal slots */
+ if (publicValue == NULL) {
+ goto loser;
+ }
+ if (PK11_IsInternal(slot)) {
+ PK11_SETATTRS(attrs, CKA_NETSCAPE_DB,
+ publicValue->data, publicValue->len);
+ attrs++;
+ }
+ PK11_SETATTRS(attrs, CKA_SIGN, &cktrue, sizeof(CK_BBOOL));
+ attrs++;
+ PK11_SETATTRS(attrs, CKA_SIGN_RECOVER, &cktrue, sizeof(CK_BBOOL));
+ attrs++;
+ if (nickname) {
+ PK11_SETATTRS(attrs, CKA_LABEL, nickname->data, nickname->len);
+ attrs++;
+ }
+ ck_id = PK11_MakeIDFromPubKey(publicValue);
+ if (ck_id == NULL) {
+ goto loser;
+ }
+ PK11_SETATTRS(attrs, CKA_ID, ck_id->data, ck_id->len);
+ attrs++;
+ signedattr = attrs;
+ PK11_SETATTRS(attrs, CKA_PRIME, lpk->u.dsa.params.prime.data,
+ lpk->u.dsa.params.prime.len);
+ attrs++;
+ PK11_SETATTRS(attrs, CKA_SUBPRIME, lpk->u.dsa.params.subPrime.data,
+ lpk->u.dsa.params.subPrime.len);
+ attrs++;
+ PK11_SETATTRS(attrs, CKA_BASE, lpk->u.dsa.params.base.data,
+ lpk->u.dsa.params.base.len);
+ attrs++;
+ PK11_SETATTRS(attrs, CKA_VALUE, lpk->u.dsa.privateValue.data,
+ lpk->u.dsa.privateValue.len);
+ attrs++;
+ break;
+ case dhKey:
+ keyType = CKK_DH;
+ /* To make our intenal PKCS #11 module work correctly with
+ * our database, we need to pass in the public key value for
+ * this dh key. We have a netscape only CKA_ value to do this.
+ * Only send it to internal slots */
+ if (PK11_IsInternal(slot)) {
+ PK11_SETATTRS(attrs, CKA_NETSCAPE_DB,
+ publicValue->data, publicValue->len);
+ attrs++;
+ }
+ PK11_SETATTRS(attrs, CKA_DERIVE, &cktrue, sizeof(CK_BBOOL));
+ attrs++;
+ if (nickname) {
+ PK11_SETATTRS(attrs, CKA_LABEL, nickname->data, nickname->len);
+ attrs++;
+ }
+ ck_id = PK11_MakeIDFromPubKey(publicValue);
+ if (ck_id == NULL) {
+ goto loser;
+ }
+ PK11_SETATTRS(attrs, CKA_ID, ck_id->data, ck_id->len);
+ attrs++;
+ signedattr = attrs;
+ PK11_SETATTRS(attrs, CKA_PRIME, lpk->u.dh.prime.data,
+ lpk->u.dh.prime.len);
+ attrs++;
+ PK11_SETATTRS(attrs, CKA_BASE, lpk->u.dh.base.data,
+ lpk->u.dh.base.len);
+ attrs++;
+ PK11_SETATTRS(attrs, CKA_VALUE, lpk->u.dh.privateValue.data,
+ lpk->u.dh.privateValue.len);
+ attrs++;
+ break;
+ /* what about fortezza??? */
+ default:
+ PORT_SetError(SEC_ERROR_BAD_KEY);
+ goto loser;
}
templateCount = attrs - theTemplate;
- PORT_Assert(templateCount <= sizeof(theTemplate)/sizeof(CK_ATTRIBUTE));
+ PORT_Assert(templateCount <= sizeof(theTemplate) / sizeof(CK_ATTRIBUTE));
PORT_Assert(signedattr != NULL);
signedcount = attrs - signedattr;
- for (ap=signedattr; signedcount; ap++, signedcount--) {
- pk11_SignedToUnsigned(ap);
+ for (ap = signedattr; signedcount; ap++, signedcount--) {
+ pk11_SignedToUnsigned(ap);
}
rv = PK11_CreateNewObject(slot, CK_INVALID_SESSION,
- theTemplate, templateCount, isPerm, &objectID);
+ theTemplate, templateCount, isPerm, &objectID);
/* create and return a SECKEYPrivateKey */
- if( rv == SECSuccess && privk != NULL) {
- *privk = PK11_MakePrivKey(slot, lpk->keyType, !isPerm, objectID, wincx);
- if( *privk == NULL ) {
- rv = SECFailure;
- }
+ if (rv == SECSuccess && privk != NULL) {
+ *privk = PK11_MakePrivKey(slot, lpk->keyType, !isPerm, objectID, wincx);
+ if (*privk == NULL) {
+ rv = SECFailure;
+ }
}
loser:
if (ck_id) {
- SECITEM_ZfreeItem(ck_id, PR_TRUE);
+ SECITEM_ZfreeItem(ck_id, PR_TRUE);
}
return rv;
}
SECStatus
PK11_ImportPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot,
- SECKEYPrivateKeyInfo *pki, SECItem *nickname, SECItem *publicValue,
- PRBool isPerm, PRBool isPrivate, unsigned int keyUsage,
- SECKEYPrivateKey **privk, void *wincx)
+ SECKEYPrivateKeyInfo *pki, SECItem *nickname, SECItem *publicValue,
+ PRBool isPerm, PRBool isPrivate, unsigned int keyUsage,
+ SECKEYPrivateKey **privk, void *wincx)
{
SECStatus rv = SECFailure;
SECKEYRawPrivateKey *lpk = NULL;
@@ -433,88 +476,86 @@ PK11_ImportPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot,
PLArenaPool *arena = NULL;
arena = PORT_NewArena(2048);
- if(!arena) {
- return SECFailure;
+ if (!arena) {
+ return SECFailure;
}
/* need to change this to use RSA/DSA keys */
lpk = (SECKEYRawPrivateKey *)PORT_ArenaZAlloc(arena,
- sizeof(SECKEYRawPrivateKey));
- if(lpk == NULL) {
- goto loser;
+ sizeof(SECKEYRawPrivateKey));
+ if (lpk == NULL) {
+ goto loser;
}
lpk->arena = arena;
- switch(SECOID_GetAlgorithmTag(&pki->algorithm)) {
- case SEC_OID_PKCS1_RSA_ENCRYPTION:
- prepare_rsa_priv_key_export_for_asn1(lpk);
- keyTemplate = SECKEY_RSAPrivateKeyExportTemplate;
- paramTemplate = NULL;
- paramDest = NULL;
- lpk->keyType = rsaKey;
- break;
- case SEC_OID_ANSIX9_DSA_SIGNATURE:
- prepare_dsa_priv_key_export_for_asn1(lpk);
- keyTemplate = SECKEY_DSAPrivateKeyExportTemplate;
- paramTemplate = SECKEY_PQGParamsTemplate;
- paramDest = &(lpk->u.dsa.params);
- lpk->keyType = dsaKey;
- break;
- case SEC_OID_X942_DIFFIE_HELMAN_KEY:
- if(!publicValue) {
- goto loser;
- }
- prepare_dh_priv_key_export_for_asn1(lpk);
- keyTemplate = SECKEY_DHPrivateKeyExportTemplate;
- paramTemplate = NULL;
- paramDest = NULL;
- lpk->keyType = dhKey;
- break;
-
- default:
- keyTemplate = NULL;
- paramTemplate = NULL;
- paramDest = NULL;
- break;
+ switch (SECOID_GetAlgorithmTag(&pki->algorithm)) {
+ case SEC_OID_PKCS1_RSA_ENCRYPTION:
+ prepare_rsa_priv_key_export_for_asn1(lpk);
+ keyTemplate = SECKEY_RSAPrivateKeyExportTemplate;
+ paramTemplate = NULL;
+ paramDest = NULL;
+ lpk->keyType = rsaKey;
+ break;
+ case SEC_OID_ANSIX9_DSA_SIGNATURE:
+ prepare_dsa_priv_key_export_for_asn1(lpk);
+ keyTemplate = SECKEY_DSAPrivateKeyExportTemplate;
+ paramTemplate = SECKEY_PQGParamsTemplate;
+ paramDest = &(lpk->u.dsa.params);
+ lpk->keyType = dsaKey;
+ break;
+ case SEC_OID_X942_DIFFIE_HELMAN_KEY:
+ if (!publicValue) {
+ goto loser;
+ }
+ prepare_dh_priv_key_export_for_asn1(lpk);
+ keyTemplate = SECKEY_DHPrivateKeyExportTemplate;
+ paramTemplate = NULL;
+ paramDest = NULL;
+ lpk->keyType = dhKey;
+ break;
+
+ default:
+ keyTemplate = NULL;
+ paramTemplate = NULL;
+ paramDest = NULL;
+ break;
}
- if(!keyTemplate) {
- goto loser;
+ if (!keyTemplate) {
+ goto loser;
}
/* decode the private key and any algorithm parameters */
rv = SEC_ASN1DecodeItem(arena, lpk, keyTemplate, &pki->privateKey);
- if(rv != SECSuccess) {
- goto loser;
+ if (rv != SECSuccess) {
+ goto loser;
}
- if(paramDest && paramTemplate) {
- rv = SEC_ASN1DecodeItem(arena, paramDest, paramTemplate,
- &(pki->algorithm.parameters));
- if(rv != SECSuccess) {
- goto loser;
- }
+ if (paramDest && paramTemplate) {
+ rv = SEC_ASN1DecodeItem(arena, paramDest, paramTemplate,
+ &(pki->algorithm.parameters));
+ if (rv != SECSuccess) {
+ goto loser;
+ }
}
- rv = PK11_ImportAndReturnPrivateKey(slot,lpk,nickname,publicValue, isPerm,
- isPrivate, keyUsage, privk, wincx);
-
+ rv = PK11_ImportAndReturnPrivateKey(slot, lpk, nickname, publicValue, isPerm,
+ isPrivate, keyUsage, privk, wincx);
loser:
if (arena != NULL) {
- PORT_FreeArena(arena, PR_TRUE);
+ PORT_FreeArena(arena, PR_TRUE);
}
return rv;
}
SECStatus
-PK11_ImportPrivateKeyInfo(PK11SlotInfo *slot, SECKEYPrivateKeyInfo *pki,
- SECItem *nickname, SECItem *publicValue, PRBool isPerm,
- PRBool isPrivate, unsigned int keyUsage, void *wincx)
+PK11_ImportPrivateKeyInfo(PK11SlotInfo *slot, SECKEYPrivateKeyInfo *pki,
+ SECItem *nickname, SECItem *publicValue, PRBool isPerm,
+ PRBool isPrivate, unsigned int keyUsage, void *wincx)
{
return PK11_ImportPrivateKeyInfoAndReturnKey(slot, pki, nickname,
- publicValue, isPerm, isPrivate, keyUsage, NULL, wincx);
-
+ publicValue, isPerm, isPrivate, keyUsage, NULL, wincx);
}
SECItem *
View Lorry Controller Status