diff options
Diffstat (limited to 'nss/lib/softoken/pkcs11c.c')
-rw-r--r-- | nss/lib/softoken/pkcs11c.c | 38 |
1 files changed, 23 insertions, 15 deletions
diff --git a/nss/lib/softoken/pkcs11c.c b/nss/lib/softoken/pkcs11c.c index d7b4bb9..e290495 100644 --- a/nss/lib/softoken/pkcs11c.c +++ b/nss/lib/softoken/pkcs11c.c @@ -3971,6 +3971,22 @@ nsc_SetupHMACKeyGen(CK_MECHANISM_PTR pMechanism, NSSPKCS5PBEParameter **pbe) params->hashType = HASH_AlgMD2; params->keyLen = 16; break; + case CKM_NSS_PKCS12_PBE_SHA224_HMAC_KEY_GEN: + params->hashType = HASH_AlgSHA224; + params->keyLen = 28; + break; + case CKM_NSS_PKCS12_PBE_SHA256_HMAC_KEY_GEN: + params->hashType = HASH_AlgSHA256; + params->keyLen = 32; + break; + case CKM_NSS_PKCS12_PBE_SHA384_HMAC_KEY_GEN: + params->hashType = HASH_AlgSHA384; + params->keyLen = 48; + break; + case CKM_NSS_PKCS12_PBE_SHA512_HMAC_KEY_GEN: + params->hashType = HASH_AlgSHA512; + params->keyLen = 64; + break; default: PORT_FreeArena(arena, PR_TRUE); return CKR_MECHANISM_INVALID; @@ -4189,6 +4205,10 @@ NSC_GenerateKey(CK_SESSION_HANDLE hSession, case CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN: case CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN: case CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN: + case CKM_NSS_PKCS12_PBE_SHA224_HMAC_KEY_GEN: + case CKM_NSS_PKCS12_PBE_SHA256_HMAC_KEY_GEN: + case CKM_NSS_PKCS12_PBE_SHA384_HMAC_KEY_GEN: + case CKM_NSS_PKCS12_PBE_SHA512_HMAC_KEY_GEN: key_gen_type = nsc_pbe; key_type = CKK_GENERIC_SECRET; crv = nsc_SetupHMACKeyGen(pMechanism, &pbe_param); @@ -5571,6 +5591,7 @@ sftk_unwrapPrivateKey(SFTKObject *key, SECItem *bpki) switch (SECOID_GetAlgorithmTag(&pki->algorithm)) { case SEC_OID_PKCS1_RSA_ENCRYPTION: + case SEC_OID_PKCS1_RSA_PSS_SIGNATURE: keyTemplate = nsslowkey_RSAPrivateKeyTemplate; paramTemplate = NULL; paramDest = NULL; @@ -7220,14 +7241,9 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession, ecPoint.data = mechParams->pPublicData; ecPoint.len = mechParams->ulPublicDataLen; - pubKeyLen = privKey->u.ec.ecParams.pointSize; + pubKeyLen = EC_GetPointSize(&privKey->u.ec.ecParams); - /* if the len is too small, can't be a valid point */ - if (ecPoint.len < pubKeyLen) { - goto ec_loser; - } - /* if the len is too large, must be an encoded point (length is - * equal case just falls through */ + /* if the len is too large, might be an encoded point */ if (ecPoint.len > pubKeyLen) { SECItem newPoint; @@ -7247,14 +7263,6 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession, if (mechanism == CKM_ECDH1_COFACTOR_DERIVE) { withCofactor = PR_TRUE; - } else { - /* When not using cofactor derivation, one should - * validate the public key to avoid small subgroup - * attacks. - */ - if (EC_ValidatePublicKey(&privKey->u.ec.ecParams, &ecPoint) != SECSuccess) { - goto ec_loser; - } } rv = ECDH_Derive(&ecPoint, &privKey->u.ec.ecParams, &ecScalar, |