diff options
Diffstat (limited to 'nss/lib/pk11wrap/pk11pk12.c')
-rw-r--r-- | nss/lib/pk11wrap/pk11pk12.c | 515 |
1 files changed, 278 insertions, 237 deletions
diff --git a/nss/lib/pk11wrap/pk11pk12.c b/nss/lib/pk11wrap/pk11pk12.c index e5a0a21..1683cc5 100644 --- a/nss/lib/pk11wrap/pk11pk12.c +++ b/nss/lib/pk11wrap/pk11pk12.c @@ -20,8 +20,6 @@ #include "secerr.h" #include "prerror.h" - - /* These data structures should move to a common .h file shared between the * wrappers and the pkcs 12 code. */ @@ -31,7 +29,7 @@ /* member names from PKCS#1, section 7.2 */ struct SECKEYRSAPrivateKeyStr { - PLArenaPool * arena; + PLArenaPool *arena; SECItem version; SECItem modulus; SECItem publicExponent; @@ -44,7 +42,6 @@ struct SECKEYRSAPrivateKeyStr { }; typedef struct SECKEYRSAPrivateKeyStr SECKEYRSAPrivateKey; - /* ** DSA Raw Private Key structures */ @@ -60,7 +57,7 @@ typedef struct SECKEYDSAPrivateKeyStr SECKEYDSAPrivateKey; ** Structure member names suggested by PKCS#3. */ struct SECKEYDHPrivateKeyStr { - PLArenaPool * arena; + PLArenaPool *arena; SECItem prime; SECItem base; SECItem privateValue; @@ -76,7 +73,7 @@ struct SECKEYRawPrivateKeyStr { union { SECKEYRSAPrivateKey rsa; SECKEYDSAPrivateKey dsa; - SECKEYDHPrivateKey dh; + SECKEYDHPrivateKey dh; } u; }; typedef struct SECKEYRawPrivateKeyStr SECKEYRawPrivateKey; @@ -90,10 +87,10 @@ SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate) */ const SEC_ASN1Template SECKEY_AttributeTemplate[] = { { SEC_ASN1_SEQUENCE, - 0, NULL, sizeof(SECKEYAttribute) }, + 0, NULL, sizeof(SECKEYAttribute) }, { SEC_ASN1_OBJECT_ID, offsetof(SECKEYAttribute, attrType) }, { SEC_ASN1_SET_OF | SEC_ASN1_XTRN, offsetof(SECKEYAttribute, attrValue), - SEC_ASN1_SUB(SEC_AnyTemplate) }, + SEC_ASN1_SUB(SEC_AnyTemplate) }, { 0 } }; @@ -103,14 +100,14 @@ const SEC_ASN1Template SECKEY_SetOfAttributeTemplate[] = { const SEC_ASN1Template SECKEY_PrivateKeyInfoTemplate[] = { { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECKEYPrivateKeyInfo) }, - { SEC_ASN1_INTEGER, offsetof(SECKEYPrivateKeyInfo,version) }, + { SEC_ASN1_INTEGER, offsetof(SECKEYPrivateKeyInfo, version) }, { SEC_ASN1_INLINE | SEC_ASN1_XTRN, - offsetof(SECKEYPrivateKeyInfo,algorithm), - SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, - { SEC_ASN1_OCTET_STRING, offsetof(SECKEYPrivateKeyInfo,privateKey) }, + offsetof(SECKEYPrivateKeyInfo, algorithm), + SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, + { SEC_ASN1_OCTET_STRING, offsetof(SECKEYPrivateKeyInfo, privateKey) }, { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0, - offsetof(SECKEYPrivateKeyInfo,attributes), - SECKEY_SetOfAttributeTemplate }, + offsetof(SECKEYPrivateKeyInfo, attributes), + SECKEY_SetOfAttributeTemplate }, { 0 } }; @@ -120,41 +117,41 @@ const SEC_ASN1Template SECKEY_PointerToPrivateKeyInfoTemplate[] = { const SEC_ASN1Template SECKEY_RSAPrivateKeyExportTemplate[] = { { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECKEYRawPrivateKey) }, - { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey,u.rsa.version) }, - { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey,u.rsa.modulus) }, - { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey,u.rsa.publicExponent) }, - { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey,u.rsa.privateExponent) }, - { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey,u.rsa.prime1) }, - { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey,u.rsa.prime2) }, - { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey,u.rsa.exponent1) }, - { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey,u.rsa.exponent2) }, - { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey,u.rsa.coefficient) }, + { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey, u.rsa.version) }, + { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey, u.rsa.modulus) }, + { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey, u.rsa.publicExponent) }, + { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey, u.rsa.privateExponent) }, + { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey, u.rsa.prime1) }, + { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey, u.rsa.prime2) }, + { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey, u.rsa.exponent1) }, + { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey, u.rsa.exponent2) }, + { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey, u.rsa.coefficient) }, { 0 } }; const SEC_ASN1Template SECKEY_DSAPrivateKeyExportTemplate[] = { - { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey,u.dsa.privateValue) }, + { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey, u.dsa.privateValue) }, }; const SEC_ASN1Template SECKEY_DHPrivateKeyExportTemplate[] = { - { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey,u.dh.privateValue) }, - { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey,u.dh.base) }, - { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey,u.dh.prime) }, + { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey, u.dh.privateValue) }, + { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey, u.dh.base) }, + { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey, u.dh.prime) }, }; const SEC_ASN1Template SECKEY_EncryptedPrivateKeyInfoTemplate[] = { { SEC_ASN1_SEQUENCE, - 0, NULL, sizeof(SECKEYEncryptedPrivateKeyInfo) }, + 0, NULL, sizeof(SECKEYEncryptedPrivateKeyInfo) }, { SEC_ASN1_INLINE | SEC_ASN1_XTRN, - offsetof(SECKEYEncryptedPrivateKeyInfo,algorithm), - SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, + offsetof(SECKEYEncryptedPrivateKeyInfo, algorithm), + SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, { SEC_ASN1_OCTET_STRING, - offsetof(SECKEYEncryptedPrivateKeyInfo,encryptedData) }, + offsetof(SECKEYEncryptedPrivateKeyInfo, encryptedData) }, { 0 } }; const SEC_ASN1Template SECKEY_PointerToEncryptedPrivateKeyInfoTemplate[] = { - { SEC_ASN1_POINTER, 0, SECKEY_EncryptedPrivateKeyInfoTemplate } + { SEC_ASN1_POINTER, 0, SECKEY_EncryptedPrivateKeyInfoTemplate } }; SEC_ASN1_CHOOSER_IMPLEMENT(SECKEY_EncryptedPrivateKeyInfoTemplate) @@ -201,21 +198,22 @@ prepare_dh_priv_key_export_for_asn1(SECKEYRawPrivateKey *key) key->u.dh.base.type = siUnsignedInteger; } - SECStatus -PK11_ImportDERPrivateKeyInfo(PK11SlotInfo *slot, SECItem *derPKI, - SECItem *nickname, SECItem *publicValue, PRBool isPerm, - PRBool isPrivate, unsigned int keyUsage, void *wincx) +PK11_ImportDERPrivateKeyInfo(PK11SlotInfo *slot, SECItem *derPKI, + SECItem *nickname, SECItem *publicValue, PRBool isPerm, + PRBool isPrivate, unsigned int keyUsage, void *wincx) { return PK11_ImportDERPrivateKeyInfoAndReturnKey(slot, derPKI, - nickname, publicValue, isPerm, isPrivate, keyUsage, NULL, wincx); + nickname, publicValue, + isPerm, isPrivate, keyUsage, + NULL, wincx); } SECStatus -PK11_ImportDERPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot, SECItem *derPKI, - SECItem *nickname, SECItem *publicValue, PRBool isPerm, - PRBool isPrivate, unsigned int keyUsage, SECKEYPrivateKey** privk, - void *wincx) +PK11_ImportDERPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot, SECItem *derPKI, + SECItem *nickname, SECItem *publicValue, + PRBool isPerm, PRBool isPrivate, unsigned int keyUsage, + SECKEYPrivateKey **privk, void *wincx) { SECKEYPrivateKeyInfo *pki = NULL; PLArenaPool *temparena = NULL; @@ -232,29 +230,38 @@ PK11_ImportDERPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot, SECItem *derPKI, pki->arena = temparena; rv = SEC_ASN1DecodeItem(pki->arena, pki, SECKEY_PrivateKeyInfoTemplate, - derPKI); - if( rv != SECSuccess ) { + derPKI); + if (rv != SECSuccess) { /* If SEC_ASN1DecodeItem fails, we cannot assume anything about the * validity of the data in pki. The best we can do is free the arena - * and return. - */ + * and return. */ PORT_FreeArena(temparena, PR_TRUE); return rv; } + if (pki->privateKey.data == NULL) { + /* If SEC_ASN1DecodeItems succeeds but SECKEYPrivateKeyInfo.privateKey + * is a zero-length octet string, free the arena and return a failure + * to avoid trying to zero the corresponding SECItem in + * SECKEY_DestroyPrivateKeyInfo(). */ + PORT_FreeArena(temparena, PR_TRUE); + PORT_SetError(SEC_ERROR_BAD_KEY); + return SECFailure; + } rv = PK11_ImportPrivateKeyInfoAndReturnKey(slot, pki, nickname, - publicValue, isPerm, isPrivate, keyUsage, privk, wincx); + publicValue, isPerm, isPrivate, + keyUsage, privk, wincx); /* this zeroes the key and frees the arena */ SECKEY_DestroyPrivateKeyInfo(pki, PR_TRUE /*freeit*/); return rv; } - + SECStatus -PK11_ImportAndReturnPrivateKey(PK11SlotInfo *slot, SECKEYRawPrivateKey *lpk, - SECItem *nickname, SECItem *publicValue, PRBool isPerm, - PRBool isPrivate, unsigned int keyUsage, SECKEYPrivateKey **privk, - void *wincx) +PK11_ImportAndReturnPrivateKey(PK11SlotInfo *slot, SECKEYRawPrivateKey *lpk, + SECItem *nickname, SECItem *publicValue, PRBool isPerm, + PRBool isPrivate, unsigned int keyUsage, SECKEYPrivateKey **privk, + void *wincx) { CK_BBOOL cktrue = CK_TRUE; CK_BBOOL ckfalse = CK_FALSE; @@ -272,159 +279,195 @@ PK11_ImportAndReturnPrivateKey(PK11SlotInfo *slot, SECKEYRawPrivateKey *lpk, attrs = theTemplate; - - PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, sizeof(keyClass) ); attrs++; - PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof(keyType) ); attrs++; - PK11_SETATTRS(attrs, CKA_TOKEN, isPerm ? &cktrue : &ckfalse, - sizeof(CK_BBOOL) ); attrs++; - PK11_SETATTRS(attrs, CKA_SENSITIVE, isPrivate ? &cktrue : &ckfalse, - sizeof(CK_BBOOL) ); attrs++; + PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, sizeof(keyClass)); + attrs++; + PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof(keyType)); + attrs++; + PK11_SETATTRS(attrs, CKA_TOKEN, isPerm ? &cktrue : &ckfalse, + sizeof(CK_BBOOL)); + attrs++; + PK11_SETATTRS(attrs, CKA_SENSITIVE, isPrivate ? &cktrue : &ckfalse, + sizeof(CK_BBOOL)); + attrs++; PK11_SETATTRS(attrs, CKA_PRIVATE, isPrivate ? &cktrue : &ckfalse, - sizeof(CK_BBOOL) ); attrs++; + sizeof(CK_BBOOL)); + attrs++; switch (lpk->keyType) { - case rsaKey: - keyType = CKK_RSA; - PK11_SETATTRS(attrs, CKA_UNWRAP, (keyUsage & KU_KEY_ENCIPHERMENT) ? - &cktrue : &ckfalse, sizeof(CK_BBOOL) ); attrs++; - PK11_SETATTRS(attrs, CKA_DECRYPT, (keyUsage & KU_DATA_ENCIPHERMENT) ? - &cktrue : &ckfalse, sizeof(CK_BBOOL) ); attrs++; - PK11_SETATTRS(attrs, CKA_SIGN, (keyUsage & KU_DIGITAL_SIGNATURE) ? - &cktrue : &ckfalse, sizeof(CK_BBOOL) ); attrs++; - PK11_SETATTRS(attrs, CKA_SIGN_RECOVER, - (keyUsage & KU_DIGITAL_SIGNATURE) ? - &cktrue : &ckfalse, sizeof(CK_BBOOL) ); attrs++; - ck_id = PK11_MakeIDFromPubKey(&lpk->u.rsa.modulus); - if (ck_id == NULL) { - goto loser; - } - PK11_SETATTRS(attrs, CKA_ID, ck_id->data,ck_id->len); attrs++; - if (nickname) { - PK11_SETATTRS(attrs, CKA_LABEL, nickname->data, nickname->len); attrs++; - } - signedattr = attrs; - PK11_SETATTRS(attrs, CKA_MODULUS, lpk->u.rsa.modulus.data, - lpk->u.rsa.modulus.len); attrs++; - PK11_SETATTRS(attrs, CKA_PUBLIC_EXPONENT, - lpk->u.rsa.publicExponent.data, - lpk->u.rsa.publicExponent.len); attrs++; - PK11_SETATTRS(attrs, CKA_PRIVATE_EXPONENT, - lpk->u.rsa.privateExponent.data, - lpk->u.rsa.privateExponent.len); attrs++; - PK11_SETATTRS(attrs, CKA_PRIME_1, - lpk->u.rsa.prime1.data, - lpk->u.rsa.prime1.len); attrs++; - PK11_SETATTRS(attrs, CKA_PRIME_2, - lpk->u.rsa.prime2.data, - lpk->u.rsa.prime2.len); attrs++; - PK11_SETATTRS(attrs, CKA_EXPONENT_1, - lpk->u.rsa.exponent1.data, - lpk->u.rsa.exponent1.len); attrs++; - PK11_SETATTRS(attrs, CKA_EXPONENT_2, - lpk->u.rsa.exponent2.data, - lpk->u.rsa.exponent2.len); attrs++; - PK11_SETATTRS(attrs, CKA_COEFFICIENT, - lpk->u.rsa.coefficient.data, - lpk->u.rsa.coefficient.len); attrs++; - break; - case dsaKey: - keyType = CKK_DSA; - /* To make our intenal PKCS #11 module work correctly with - * our database, we need to pass in the public key value for - * this dsa key. We have a netscape only CKA_ value to do this. - * Only send it to internal slots */ - if( publicValue == NULL ) { - goto loser; - } - if (PK11_IsInternal(slot)) { - PK11_SETATTRS(attrs, CKA_NETSCAPE_DB, - publicValue->data, publicValue->len); attrs++; - } - PK11_SETATTRS(attrs, CKA_SIGN, &cktrue, sizeof(CK_BBOOL)); attrs++; - PK11_SETATTRS(attrs, CKA_SIGN_RECOVER, &cktrue, sizeof(CK_BBOOL)); attrs++; - if(nickname) { - PK11_SETATTRS(attrs, CKA_LABEL, nickname->data, nickname->len); - attrs++; - } - ck_id = PK11_MakeIDFromPubKey(publicValue); - if (ck_id == NULL) { - goto loser; - } - PK11_SETATTRS(attrs, CKA_ID, ck_id->data,ck_id->len); attrs++; - signedattr = attrs; - PK11_SETATTRS(attrs, CKA_PRIME, lpk->u.dsa.params.prime.data, - lpk->u.dsa.params.prime.len); attrs++; - PK11_SETATTRS(attrs,CKA_SUBPRIME,lpk->u.dsa.params.subPrime.data, - lpk->u.dsa.params.subPrime.len); attrs++; - PK11_SETATTRS(attrs, CKA_BASE, lpk->u.dsa.params.base.data, - lpk->u.dsa.params.base.len); attrs++; - PK11_SETATTRS(attrs, CKA_VALUE, lpk->u.dsa.privateValue.data, - lpk->u.dsa.privateValue.len); attrs++; - break; - case dhKey: - keyType = CKK_DH; - /* To make our intenal PKCS #11 module work correctly with - * our database, we need to pass in the public key value for - * this dh key. We have a netscape only CKA_ value to do this. - * Only send it to internal slots */ - if (PK11_IsInternal(slot)) { - PK11_SETATTRS(attrs, CKA_NETSCAPE_DB, - publicValue->data, publicValue->len); attrs++; - } - PK11_SETATTRS(attrs, CKA_DERIVE, &cktrue, sizeof(CK_BBOOL)); attrs++; - if(nickname) { - PK11_SETATTRS(attrs, CKA_LABEL, nickname->data, nickname->len); - attrs++; - } - ck_id = PK11_MakeIDFromPubKey(publicValue); - if (ck_id == NULL) { - goto loser; - } - PK11_SETATTRS(attrs, CKA_ID, ck_id->data,ck_id->len); attrs++; - signedattr = attrs; - PK11_SETATTRS(attrs, CKA_PRIME, lpk->u.dh.prime.data, - lpk->u.dh.prime.len); attrs++; - PK11_SETATTRS(attrs, CKA_BASE, lpk->u.dh.base.data, - lpk->u.dh.base.len); attrs++; - PK11_SETATTRS(attrs, CKA_VALUE, lpk->u.dh.privateValue.data, - lpk->u.dh.privateValue.len); attrs++; - break; - /* what about fortezza??? */ - default: - PORT_SetError(SEC_ERROR_BAD_KEY); - goto loser; + case rsaKey: + keyType = CKK_RSA; + PK11_SETATTRS(attrs, CKA_UNWRAP, (keyUsage & KU_KEY_ENCIPHERMENT) ? &cktrue + : &ckfalse, + sizeof(CK_BBOOL)); + attrs++; + PK11_SETATTRS(attrs, CKA_DECRYPT, (keyUsage & KU_DATA_ENCIPHERMENT) ? &cktrue + : &ckfalse, + sizeof(CK_BBOOL)); + attrs++; + PK11_SETATTRS(attrs, CKA_SIGN, (keyUsage & KU_DIGITAL_SIGNATURE) ? &cktrue + : &ckfalse, + sizeof(CK_BBOOL)); + attrs++; + PK11_SETATTRS(attrs, CKA_SIGN_RECOVER, + (keyUsage & KU_DIGITAL_SIGNATURE) ? &cktrue + : &ckfalse, + sizeof(CK_BBOOL)); + attrs++; + ck_id = PK11_MakeIDFromPubKey(&lpk->u.rsa.modulus); + if (ck_id == NULL) { + goto loser; + } + PK11_SETATTRS(attrs, CKA_ID, ck_id->data, ck_id->len); + attrs++; + if (nickname) { + PK11_SETATTRS(attrs, CKA_LABEL, nickname->data, nickname->len); + attrs++; + } + signedattr = attrs; + PK11_SETATTRS(attrs, CKA_MODULUS, lpk->u.rsa.modulus.data, + lpk->u.rsa.modulus.len); + attrs++; + PK11_SETATTRS(attrs, CKA_PUBLIC_EXPONENT, + lpk->u.rsa.publicExponent.data, + lpk->u.rsa.publicExponent.len); + attrs++; + PK11_SETATTRS(attrs, CKA_PRIVATE_EXPONENT, + lpk->u.rsa.privateExponent.data, + lpk->u.rsa.privateExponent.len); + attrs++; + PK11_SETATTRS(attrs, CKA_PRIME_1, + lpk->u.rsa.prime1.data, + lpk->u.rsa.prime1.len); + attrs++; + PK11_SETATTRS(attrs, CKA_PRIME_2, + lpk->u.rsa.prime2.data, + lpk->u.rsa.prime2.len); + attrs++; + PK11_SETATTRS(attrs, CKA_EXPONENT_1, + lpk->u.rsa.exponent1.data, + lpk->u.rsa.exponent1.len); + attrs++; + PK11_SETATTRS(attrs, CKA_EXPONENT_2, + lpk->u.rsa.exponent2.data, + lpk->u.rsa.exponent2.len); + attrs++; + PK11_SETATTRS(attrs, CKA_COEFFICIENT, + lpk->u.rsa.coefficient.data, + lpk->u.rsa.coefficient.len); + attrs++; + break; + case dsaKey: + keyType = CKK_DSA; + /* To make our intenal PKCS #11 module work correctly with + * our database, we need to pass in the public key value for + * this dsa key. We have a netscape only CKA_ value to do this. + * Only send it to internal slots */ + if (publicValue == NULL) { + goto loser; + } + if (PK11_IsInternal(slot)) { + PK11_SETATTRS(attrs, CKA_NETSCAPE_DB, + publicValue->data, publicValue->len); + attrs++; + } + PK11_SETATTRS(attrs, CKA_SIGN, &cktrue, sizeof(CK_BBOOL)); + attrs++; + PK11_SETATTRS(attrs, CKA_SIGN_RECOVER, &cktrue, sizeof(CK_BBOOL)); + attrs++; + if (nickname) { + PK11_SETATTRS(attrs, CKA_LABEL, nickname->data, nickname->len); + attrs++; + } + ck_id = PK11_MakeIDFromPubKey(publicValue); + if (ck_id == NULL) { + goto loser; + } + PK11_SETATTRS(attrs, CKA_ID, ck_id->data, ck_id->len); + attrs++; + signedattr = attrs; + PK11_SETATTRS(attrs, CKA_PRIME, lpk->u.dsa.params.prime.data, + lpk->u.dsa.params.prime.len); + attrs++; + PK11_SETATTRS(attrs, CKA_SUBPRIME, lpk->u.dsa.params.subPrime.data, + lpk->u.dsa.params.subPrime.len); + attrs++; + PK11_SETATTRS(attrs, CKA_BASE, lpk->u.dsa.params.base.data, + lpk->u.dsa.params.base.len); + attrs++; + PK11_SETATTRS(attrs, CKA_VALUE, lpk->u.dsa.privateValue.data, + lpk->u.dsa.privateValue.len); + attrs++; + break; + case dhKey: + keyType = CKK_DH; + /* To make our intenal PKCS #11 module work correctly with + * our database, we need to pass in the public key value for + * this dh key. We have a netscape only CKA_ value to do this. + * Only send it to internal slots */ + if (PK11_IsInternal(slot)) { + PK11_SETATTRS(attrs, CKA_NETSCAPE_DB, + publicValue->data, publicValue->len); + attrs++; + } + PK11_SETATTRS(attrs, CKA_DERIVE, &cktrue, sizeof(CK_BBOOL)); + attrs++; + if (nickname) { + PK11_SETATTRS(attrs, CKA_LABEL, nickname->data, nickname->len); + attrs++; + } + ck_id = PK11_MakeIDFromPubKey(publicValue); + if (ck_id == NULL) { + goto loser; + } + PK11_SETATTRS(attrs, CKA_ID, ck_id->data, ck_id->len); + attrs++; + signedattr = attrs; + PK11_SETATTRS(attrs, CKA_PRIME, lpk->u.dh.prime.data, + lpk->u.dh.prime.len); + attrs++; + PK11_SETATTRS(attrs, CKA_BASE, lpk->u.dh.base.data, + lpk->u.dh.base.len); + attrs++; + PK11_SETATTRS(attrs, CKA_VALUE, lpk->u.dh.privateValue.data, + lpk->u.dh.privateValue.len); + attrs++; + break; + /* what about fortezza??? */ + default: + PORT_SetError(SEC_ERROR_BAD_KEY); + goto loser; } templateCount = attrs - theTemplate; - PORT_Assert(templateCount <= sizeof(theTemplate)/sizeof(CK_ATTRIBUTE)); + PORT_Assert(templateCount <= sizeof(theTemplate) / sizeof(CK_ATTRIBUTE)); PORT_Assert(signedattr != NULL); signedcount = attrs - signedattr; - for (ap=signedattr; signedcount; ap++, signedcount--) { - pk11_SignedToUnsigned(ap); + for (ap = signedattr; signedcount; ap++, signedcount--) { + pk11_SignedToUnsigned(ap); } rv = PK11_CreateNewObject(slot, CK_INVALID_SESSION, - theTemplate, templateCount, isPerm, &objectID); + theTemplate, templateCount, isPerm, &objectID); /* create and return a SECKEYPrivateKey */ - if( rv == SECSuccess && privk != NULL) { - *privk = PK11_MakePrivKey(slot, lpk->keyType, !isPerm, objectID, wincx); - if( *privk == NULL ) { - rv = SECFailure; - } + if (rv == SECSuccess && privk != NULL) { + *privk = PK11_MakePrivKey(slot, lpk->keyType, !isPerm, objectID, wincx); + if (*privk == NULL) { + rv = SECFailure; + } } loser: if (ck_id) { - SECITEM_ZfreeItem(ck_id, PR_TRUE); + SECITEM_ZfreeItem(ck_id, PR_TRUE); } return rv; } SECStatus PK11_ImportPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot, - SECKEYPrivateKeyInfo *pki, SECItem *nickname, SECItem *publicValue, - PRBool isPerm, PRBool isPrivate, unsigned int keyUsage, - SECKEYPrivateKey **privk, void *wincx) + SECKEYPrivateKeyInfo *pki, SECItem *nickname, SECItem *publicValue, + PRBool isPerm, PRBool isPrivate, unsigned int keyUsage, + SECKEYPrivateKey **privk, void *wincx) { SECStatus rv = SECFailure; SECKEYRawPrivateKey *lpk = NULL; @@ -433,88 +476,86 @@ PK11_ImportPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot, PLArenaPool *arena = NULL; arena = PORT_NewArena(2048); - if(!arena) { - return SECFailure; + if (!arena) { + return SECFailure; } /* need to change this to use RSA/DSA keys */ lpk = (SECKEYRawPrivateKey *)PORT_ArenaZAlloc(arena, - sizeof(SECKEYRawPrivateKey)); - if(lpk == NULL) { - goto loser; + sizeof(SECKEYRawPrivateKey)); + if (lpk == NULL) { + goto loser; } lpk->arena = arena; - switch(SECOID_GetAlgorithmTag(&pki->algorithm)) { - case SEC_OID_PKCS1_RSA_ENCRYPTION: - prepare_rsa_priv_key_export_for_asn1(lpk); - keyTemplate = SECKEY_RSAPrivateKeyExportTemplate; - paramTemplate = NULL; - paramDest = NULL; - lpk->keyType = rsaKey; - break; - case SEC_OID_ANSIX9_DSA_SIGNATURE: - prepare_dsa_priv_key_export_for_asn1(lpk); - keyTemplate = SECKEY_DSAPrivateKeyExportTemplate; - paramTemplate = SECKEY_PQGParamsTemplate; - paramDest = &(lpk->u.dsa.params); - lpk->keyType = dsaKey; - break; - case SEC_OID_X942_DIFFIE_HELMAN_KEY: - if(!publicValue) { - goto loser; - } - prepare_dh_priv_key_export_for_asn1(lpk); - keyTemplate = SECKEY_DHPrivateKeyExportTemplate; - paramTemplate = NULL; - paramDest = NULL; - lpk->keyType = dhKey; - break; - - default: - keyTemplate = NULL; - paramTemplate = NULL; - paramDest = NULL; - break; + switch (SECOID_GetAlgorithmTag(&pki->algorithm)) { + case SEC_OID_PKCS1_RSA_ENCRYPTION: + prepare_rsa_priv_key_export_for_asn1(lpk); + keyTemplate = SECKEY_RSAPrivateKeyExportTemplate; + paramTemplate = NULL; + paramDest = NULL; + lpk->keyType = rsaKey; + break; + case SEC_OID_ANSIX9_DSA_SIGNATURE: + prepare_dsa_priv_key_export_for_asn1(lpk); + keyTemplate = SECKEY_DSAPrivateKeyExportTemplate; + paramTemplate = SECKEY_PQGParamsTemplate; + paramDest = &(lpk->u.dsa.params); + lpk->keyType = dsaKey; + break; + case SEC_OID_X942_DIFFIE_HELMAN_KEY: + if (!publicValue) { + goto loser; + } + prepare_dh_priv_key_export_for_asn1(lpk); + keyTemplate = SECKEY_DHPrivateKeyExportTemplate; + paramTemplate = NULL; + paramDest = NULL; + lpk->keyType = dhKey; + break; + + default: + keyTemplate = NULL; + paramTemplate = NULL; + paramDest = NULL; + break; } - if(!keyTemplate) { - goto loser; + if (!keyTemplate) { + goto loser; } /* decode the private key and any algorithm parameters */ rv = SEC_ASN1DecodeItem(arena, lpk, keyTemplate, &pki->privateKey); - if(rv != SECSuccess) { - goto loser; + if (rv != SECSuccess) { + goto loser; } - if(paramDest && paramTemplate) { - rv = SEC_ASN1DecodeItem(arena, paramDest, paramTemplate, - &(pki->algorithm.parameters)); - if(rv != SECSuccess) { - goto loser; - } + if (paramDest && paramTemplate) { + rv = SEC_ASN1DecodeItem(arena, paramDest, paramTemplate, + &(pki->algorithm.parameters)); + if (rv != SECSuccess) { + goto loser; + } } - rv = PK11_ImportAndReturnPrivateKey(slot,lpk,nickname,publicValue, isPerm, - isPrivate, keyUsage, privk, wincx); - + rv = PK11_ImportAndReturnPrivateKey(slot, lpk, nickname, publicValue, isPerm, + isPrivate, keyUsage, privk, wincx); loser: if (arena != NULL) { - PORT_FreeArena(arena, PR_TRUE); + PORT_FreeArena(arena, PR_TRUE); } return rv; } SECStatus -PK11_ImportPrivateKeyInfo(PK11SlotInfo *slot, SECKEYPrivateKeyInfo *pki, - SECItem *nickname, SECItem *publicValue, PRBool isPerm, - PRBool isPrivate, unsigned int keyUsage, void *wincx) +PK11_ImportPrivateKeyInfo(PK11SlotInfo *slot, SECKEYPrivateKeyInfo *pki, + SECItem *nickname, SECItem *publicValue, PRBool isPerm, + PRBool isPrivate, unsigned int keyUsage, void *wincx) { return PK11_ImportPrivateKeyInfoAndReturnKey(slot, pki, nickname, - publicValue, isPerm, isPrivate, keyUsage, NULL, wincx); - + publicValue, isPerm, isPrivate, keyUsage, NULL, wincx); } SECItem * |