Mercurial > trustbridge > nss-cmake-static

comparison nss/lib/pk11wrap/pk11mech.c @ 0:1e5118fa0cb1

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
This is NSS with a Cmake Buildsyste To compile a static NSS library for Windows we've used the Chromium-NSS fork and added a Cmake buildsystem to compile it statically for Windows. See README.chromium for chromium changes and README.trustbridge for our modifications.
author Andre Heinecke <andre.heinecke@intevation.de>
date Mon, 28 Jul 2014 10:47:06 +0200
parents
children
comparison
equal deleted inserted replaced
-1:000000000000 0:1e5118fa0cb1
1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4 /*
5 * This file maps various PKCS #11 Mechanisms to related mechanisms, key
6 * types, and ASN.1 encodings.
7 */
8 #include "seccomon.h"
9 #include "secmod.h"
10 #include "secmodi.h"
11 #include "pkcs11t.h"
12 #include "pk11func.h"
13 #include "secitem.h"
14 #include "secder.h"
15 #include "secasn1.h"
16 #include "secoid.h"
17 #include "secerr.h"
18
19 /*************************************************************
20 * local static and global data
21 *************************************************************/
22
23 /*
24 * Tables used for Extended mechanism mapping (currently not used)
25 */
26 typedef struct {
27 CK_MECHANISM_TYPE keyGen;
28 CK_KEY_TYPE keyType;
29 CK_MECHANISM_TYPE type;
30 CK_MECHANISM_TYPE padType;
31 int blockSize;
32 int iv;
33 } pk11MechanismData;
34
35 static pk11MechanismData pk11_default =
36 { CKM_GENERIC_SECRET_KEY_GEN, CKK_GENERIC_SECRET,
37 CKM_FAKE_RANDOM, CKM_FAKE_RANDOM, 8, 8 };
38 static pk11MechanismData *pk11_MechanismTable = NULL;
39 static int pk11_MechTableSize = 0;
40 static int pk11_MechEntrySize = 0;
41
42 /*
43 * list of mechanisms we're willing to wrap secret keys with.
44 * This list is ordered by preference.
45 */
46 CK_MECHANISM_TYPE wrapMechanismList[] = {
47 CKM_DES3_ECB,
48 CKM_CAST5_ECB,
49 CKM_AES_ECB,
50 CKM_CAMELLIA_ECB,
51 CKM_SEED_ECB,
52 CKM_CAST5_ECB,
53 CKM_DES_ECB,
54 CKM_KEY_WRAP_LYNKS,
55 CKM_IDEA_ECB,
56 CKM_CAST3_ECB,
57 CKM_CAST_ECB,
58 CKM_RC5_ECB,
59 CKM_RC2_ECB,
60 CKM_CDMF_ECB,
61 CKM_SKIPJACK_WRAP,
62 };
63
64 int wrapMechanismCount = sizeof(wrapMechanismList)/sizeof(wrapMechanismList[0]);
65
66 /*********************************************************************
67 * Mechanism Mapping functions
68 *********************************************************************/
69
70 /*
71 * lookup an entry in the mechanism table. If none found, return the
72 * default structure.
73 */
74 static pk11MechanismData *
75 pk11_lookup(CK_MECHANISM_TYPE type)
76 {
77 int i;
78 for (i=0; i < pk11_MechEntrySize; i++) {
79 if (pk11_MechanismTable[i].type == type) {
80 return (&pk11_MechanismTable[i]);
81 }
82 }
83 return &pk11_default;
84 }
85
86 /*
87 * find the best key wrap mechanism for this slot.
88 */
89 CK_MECHANISM_TYPE
90 PK11_GetBestWrapMechanism(PK11SlotInfo *slot)
91 {
92 int i;
93 for (i=0; i < wrapMechanismCount; i++) {
94 if (PK11_DoesMechanism(slot,wrapMechanismList[i])) {
95 return wrapMechanismList[i];
96 }
97 }
98 return CKM_INVALID_MECHANISM;
99 }
100
101 /*
102 * NOTE: This is not thread safe. Called at init time, and when loading
103 * a new Entry. It is reasonably safe as long as it is not re-entered
104 * (readers will always see a consistant table)
105 *
106 * This routine is called to add entries to the mechanism table, once there,
107 * they can not be removed.
108 */
109 void
110 PK11_AddMechanismEntry(CK_MECHANISM_TYPE type, CK_KEY_TYPE key,
111 CK_MECHANISM_TYPE keyGen,
112 CK_MECHANISM_TYPE padType,
113 int ivLen, int blockSize)
114 {
115 int tableSize = pk11_MechTableSize;
116 int size = pk11_MechEntrySize;
117 int entry = size++;
118 pk11MechanismData *old = pk11_MechanismTable;
119 pk11MechanismData *newt = pk11_MechanismTable;
120
121
122 if (size > tableSize) {
123 int oldTableSize = tableSize;
124 tableSize += 10;
125 newt = PORT_NewArray(pk11MechanismData, tableSize);
126 if (newt == NULL) return;
127
128 if (old) PORT_Memcpy(newt, old, oldTableSize*sizeof(*newt));
129 } else old = NULL;
130
131 newt[entry].type = type;
132 newt[entry].keyType = key;
133 newt[entry].keyGen = keyGen;
134 newt[entry].padType = padType;
135 newt[entry].iv = ivLen;
136 newt[entry].blockSize = blockSize;
137
138 pk11_MechanismTable = newt;
139 pk11_MechTableSize = tableSize;
140 pk11_MechEntrySize = size;
141 if (old) PORT_Free(old);
142 }
143
144 /*
145 * Get the mechanism needed for the given key type
146 */
147 CK_MECHANISM_TYPE
148 PK11_GetKeyMechanism(CK_KEY_TYPE type)
149 {
150 switch (type) {
151 case CKK_SEED:
152 return CKM_SEED_CBC;
153 case CKK_CAMELLIA:
154 return CKM_CAMELLIA_CBC;
155 case CKK_NSS_CHACHA20:
156 return CKM_NSS_CHACHA20_POLY1305;
157 case CKK_AES:
158 return CKM_AES_CBC;
159 case CKK_DES:
160 return CKM_DES_CBC;
161 case CKK_DES3:
162 return CKM_DES3_KEY_GEN;
163 case CKK_DES2:
164 return CKM_DES2_KEY_GEN;
165 case CKK_CDMF:
166 return CKM_CDMF_CBC;
167 case CKK_RC2:
168 return CKM_RC2_CBC;
169 case CKK_RC4:
170 return CKM_RC4;
171 case CKK_RC5:
172 return CKM_RC5_CBC;
173 case CKK_SKIPJACK:
174 return CKM_SKIPJACK_CBC64;
175 case CKK_BATON:
176 return CKM_BATON_CBC128;
177 case CKK_JUNIPER:
178 return CKM_JUNIPER_CBC128;
179 case CKK_IDEA:
180 return CKM_IDEA_CBC;
181 case CKK_CAST:
182 return CKM_CAST_CBC;
183 case CKK_CAST3:
184 return CKM_CAST3_CBC;
185 case CKK_CAST5:
186 return CKM_CAST5_CBC;
187 case CKK_RSA:
188 return CKM_RSA_PKCS;
189 case CKK_DSA:
190 return CKM_DSA;
191 case CKK_DH:
192 return CKM_DH_PKCS_DERIVE;
193 case CKK_KEA:
194 return CKM_KEA_KEY_DERIVE;
195 case CKK_EC: /* CKK_ECDSA is deprecated */
196 return CKM_ECDSA;
197 case CKK_GENERIC_SECRET:
198 default:
199 return CKM_SHA_1_HMAC;
200 }
201 }
202
203 /*
204 * Get the key type needed for the given mechanism
205 */
206 CK_KEY_TYPE
207 PK11_GetKeyType(CK_MECHANISM_TYPE type,unsigned long len)
208 {
209 switch (type) {
210 case CKM_SEED_ECB:
211 case CKM_SEED_CBC:
212 case CKM_SEED_MAC:
213 case CKM_SEED_MAC_GENERAL:
214 case CKM_SEED_CBC_PAD:
215 case CKM_SEED_KEY_GEN:
216 return CKK_SEED;
217 case CKM_CAMELLIA_ECB:
218 case CKM_CAMELLIA_CBC:
219 case CKM_CAMELLIA_MAC:
220 case CKM_CAMELLIA_MAC_GENERAL:
221 case CKM_CAMELLIA_CBC_PAD:
222 case CKM_CAMELLIA_KEY_GEN:
223 return CKK_CAMELLIA;
224 case CKM_NSS_CHACHA20_POLY1305:
225 return CKK_NSS_CHACHA20;
226 case CKM_AES_ECB:
227 case CKM_AES_CBC:
228 case CKM_AES_CCM:
229 case CKM_AES_CTR:
230 case CKM_AES_CTS:
231 case CKM_AES_GCM:
232 case CKM_AES_MAC:
233 case CKM_AES_MAC_GENERAL:
234 case CKM_AES_CBC_PAD:
235 case CKM_AES_KEY_GEN:
236 case CKM_NETSCAPE_AES_KEY_WRAP:
237 case CKM_NETSCAPE_AES_KEY_WRAP_PAD:
238 return CKK_AES;
239 case CKM_DES_ECB:
240 case CKM_DES_CBC:
241 case CKM_DES_MAC:
242 case CKM_DES_MAC_GENERAL:
243 case CKM_DES_CBC_PAD:
244 case CKM_DES_KEY_GEN:
245 case CKM_KEY_WRAP_LYNKS:
246 case CKM_PBE_MD2_DES_CBC:
247 case CKM_PBE_MD5_DES_CBC:
248 return CKK_DES;
249 case CKM_DES3_ECB:
250 case CKM_DES3_CBC:
251 case CKM_DES3_MAC:
252 case CKM_DES3_MAC_GENERAL:
253 case CKM_DES3_CBC_PAD:
254 return (len == 16) ? CKK_DES2 : CKK_DES3;
255 case CKM_DES2_KEY_GEN:
256 case CKM_PBE_SHA1_DES2_EDE_CBC:
257 return CKK_DES2;
258 case CKM_PBE_SHA1_DES3_EDE_CBC:
259 case CKM_DES3_KEY_GEN:
260 return CKK_DES3;
261 case CKM_CDMF_ECB:
262 case CKM_CDMF_CBC:
263 case CKM_CDMF_MAC:
264 case CKM_CDMF_MAC_GENERAL:
265 case CKM_CDMF_CBC_PAD:
266 case CKM_CDMF_KEY_GEN:
267 return CKK_CDMF;
268 case CKM_RC2_ECB:
269 case CKM_RC2_CBC:
270 case CKM_RC2_MAC:
271 case CKM_RC2_MAC_GENERAL:
272 case CKM_RC2_CBC_PAD:
273 case CKM_RC2_KEY_GEN:
274 case CKM_PBE_SHA1_RC2_128_CBC:
275 case CKM_PBE_SHA1_RC2_40_CBC:
276 return CKK_RC2;
277 case CKM_RC4:
278 case CKM_RC4_KEY_GEN:
279 return CKK_RC4;
280 case CKM_RC5_ECB:
281 case CKM_RC5_CBC:
282 case CKM_RC5_MAC:
283 case CKM_RC5_MAC_GENERAL:
284 case CKM_RC5_CBC_PAD:
285 case CKM_RC5_KEY_GEN:
286 return CKK_RC5;
287 case CKM_SKIPJACK_CBC64:
288 case CKM_SKIPJACK_ECB64:
289 case CKM_SKIPJACK_OFB64:
290 case CKM_SKIPJACK_CFB64:
291 case CKM_SKIPJACK_CFB32:
292 case CKM_SKIPJACK_CFB16:
293 case CKM_SKIPJACK_CFB8:
294 case CKM_SKIPJACK_KEY_GEN:
295 case CKM_SKIPJACK_WRAP:
296 case CKM_SKIPJACK_PRIVATE_WRAP:
297 return CKK_SKIPJACK;
298 case CKM_BATON_ECB128:
299 case CKM_BATON_ECB96:
300 case CKM_BATON_CBC128:
301 case CKM_BATON_COUNTER:
302 case CKM_BATON_SHUFFLE:
303 case CKM_BATON_WRAP:
304 case CKM_BATON_KEY_GEN:
305 return CKK_BATON;
306 case CKM_JUNIPER_ECB128:
307 case CKM_JUNIPER_CBC128:
308 case CKM_JUNIPER_COUNTER:
309 case CKM_JUNIPER_SHUFFLE:
310 case CKM_JUNIPER_WRAP:
311 case CKM_JUNIPER_KEY_GEN:
312 return CKK_JUNIPER;
313 case CKM_IDEA_CBC:
314 case CKM_IDEA_ECB:
315 case CKM_IDEA_MAC:
316 case CKM_IDEA_MAC_GENERAL:
317 case CKM_IDEA_CBC_PAD:
318 case CKM_IDEA_KEY_GEN:
319 return CKK_IDEA;
320 case CKM_CAST_ECB:
321 case CKM_CAST_CBC:
322 case CKM_CAST_MAC:
323 case CKM_CAST_MAC_GENERAL:
324 case CKM_CAST_CBC_PAD:
325 case CKM_CAST_KEY_GEN:
326 case CKM_PBE_MD5_CAST_CBC:
327 return CKK_CAST;
328 case CKM_CAST3_ECB:
329 case CKM_CAST3_CBC:
330 case CKM_CAST3_MAC:
331 case CKM_CAST3_MAC_GENERAL:
332 case CKM_CAST3_CBC_PAD:
333 case CKM_CAST3_KEY_GEN:
334 case CKM_PBE_MD5_CAST3_CBC:
335 return CKK_CAST3;
336 case CKM_CAST5_ECB:
337 case CKM_CAST5_CBC:
338 case CKM_CAST5_MAC:
339 case CKM_CAST5_MAC_GENERAL:
340 case CKM_CAST5_CBC_PAD:
341 case CKM_CAST5_KEY_GEN:
342 case CKM_PBE_MD5_CAST5_CBC:
343 return CKK_CAST5;
344 case CKM_RSA_PKCS:
345 case CKM_RSA_9796:
346 case CKM_RSA_X_509:
347 case CKM_MD2_RSA_PKCS:
348 case CKM_MD5_RSA_PKCS:
349 case CKM_SHA1_RSA_PKCS:
350 case CKM_SHA224_RSA_PKCS:
351 case CKM_SHA256_RSA_PKCS:
352 case CKM_SHA384_RSA_PKCS:
353 case CKM_SHA512_RSA_PKCS:
354 case CKM_KEY_WRAP_SET_OAEP:
355 case CKM_RSA_PKCS_KEY_PAIR_GEN:
356 case CKM_RSA_X9_31_KEY_PAIR_GEN:
357 return CKK_RSA;
358 case CKM_DSA:
359 case CKM_DSA_SHA1:
360 case CKM_DSA_KEY_PAIR_GEN:
361 return CKK_DSA;
362 case CKM_DH_PKCS_DERIVE:
363 case CKM_DH_PKCS_KEY_PAIR_GEN:
364 return CKK_DH;
365 case CKM_KEA_KEY_DERIVE:
366 case CKM_KEA_KEY_PAIR_GEN:
367 return CKK_KEA;
368 case CKM_ECDSA:
369 case CKM_ECDSA_SHA1:
370 case CKM_EC_KEY_PAIR_GEN: /* aka CKM_ECDSA_KEY_PAIR_GEN */
371 case CKM_ECDH1_DERIVE:
372 return CKK_EC; /* CKK_ECDSA is deprecated */
373 case CKM_SSL3_PRE_MASTER_KEY_GEN:
374 case CKM_GENERIC_SECRET_KEY_GEN:
375 case CKM_SSL3_MASTER_KEY_DERIVE:
376 case CKM_SSL3_MASTER_KEY_DERIVE_DH:
377 case CKM_SSL3_KEY_AND_MAC_DERIVE:
378 case CKM_SSL3_SHA1_MAC:
379 case CKM_SSL3_MD5_MAC:
380 case CKM_TLS_MASTER_KEY_DERIVE:
381 case CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256:
382 case CKM_TLS_MASTER_KEY_DERIVE_DH:
383 case CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256:
384 case CKM_TLS_KEY_AND_MAC_DERIVE:
385 case CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256:
386 case CKM_SHA_1_HMAC:
387 case CKM_SHA_1_HMAC_GENERAL:
388 case CKM_SHA224_HMAC:
389 case CKM_SHA224_HMAC_GENERAL:
390 case CKM_SHA256_HMAC:
391 case CKM_SHA256_HMAC_GENERAL:
392 case CKM_SHA384_HMAC:
393 case CKM_SHA384_HMAC_GENERAL:
394 case CKM_SHA512_HMAC:
395 case CKM_SHA512_HMAC_GENERAL:
396 case CKM_MD2_HMAC:
397 case CKM_MD2_HMAC_GENERAL:
398 case CKM_MD5_HMAC:
399 case CKM_MD5_HMAC_GENERAL:
400 case CKM_TLS_PRF_GENERAL:
401 case CKM_NSS_TLS_PRF_GENERAL_SHA256:
402 return CKK_GENERIC_SECRET;
403 default:
404 return pk11_lookup(type)->keyType;
405 }
406 }
407
408 /*
409 * Get the Key Gen Mechanism needed for the given
410 * crypto mechanism
411 */
412 CK_MECHANISM_TYPE
413 PK11_GetKeyGen(CK_MECHANISM_TYPE type)
414 {
415 return PK11_GetKeyGenWithSize(type, 0);
416 }
417
418 CK_MECHANISM_TYPE
419 PK11_GetKeyGenWithSize(CK_MECHANISM_TYPE type, int size)
420 {
421 switch (type) {
422 case CKM_SEED_ECB:
423 case CKM_SEED_CBC:
424 case CKM_SEED_MAC:
425 case CKM_SEED_MAC_GENERAL:
426 case CKM_SEED_CBC_PAD:
427 case CKM_SEED_KEY_GEN:
428 return CKM_SEED_KEY_GEN;
429 case CKM_CAMELLIA_ECB:
430 case CKM_CAMELLIA_CBC:
431 case CKM_CAMELLIA_MAC:
432 case CKM_CAMELLIA_MAC_GENERAL:
433 case CKM_CAMELLIA_CBC_PAD:
434 case CKM_CAMELLIA_KEY_GEN:
435 return CKM_CAMELLIA_KEY_GEN;
436 case CKM_NSS_CHACHA20_POLY1305:
437 return CKM_NSS_CHACHA20_KEY_GEN;
438 case CKM_AES_ECB:
439 case CKM_AES_CBC:
440 case CKM_AES_CCM:
441 case CKM_AES_CTR:
442 case CKM_AES_CTS:
443 case CKM_AES_GCM:
444 case CKM_AES_MAC:
445 case CKM_AES_MAC_GENERAL:
446 case CKM_AES_CBC_PAD:
447 case CKM_AES_KEY_GEN:
448 return CKM_AES_KEY_GEN;
449 case CKM_DES_ECB:
450 case CKM_DES_CBC:
451 case CKM_DES_MAC:
452 case CKM_DES_MAC_GENERAL:
453 case CKM_KEY_WRAP_LYNKS:
454 case CKM_DES_CBC_PAD:
455 case CKM_DES_KEY_GEN:
456 return CKM_DES_KEY_GEN;
457 case CKM_DES3_ECB:
458 case CKM_DES3_CBC:
459 case CKM_DES3_MAC:
460 case CKM_DES3_MAC_GENERAL:
461 case CKM_DES3_CBC_PAD:
462 return (size == 16) ? CKM_DES2_KEY_GEN : CKM_DES3_KEY_GEN;
463 case CKM_DES3_KEY_GEN:
464 return CKM_DES3_KEY_GEN;
465 case CKM_DES2_KEY_GEN:
466 return CKM_DES2_KEY_GEN;
467 case CKM_CDMF_ECB:
468 case CKM_CDMF_CBC:
469 case CKM_CDMF_MAC:
470 case CKM_CDMF_MAC_GENERAL:
471 case CKM_CDMF_CBC_PAD:
472 case CKM_CDMF_KEY_GEN:
473 return CKM_CDMF_KEY_GEN;
474 case CKM_RC2_ECB:
475 case CKM_RC2_CBC:
476 case CKM_RC2_MAC:
477 case CKM_RC2_MAC_GENERAL:
478 case CKM_RC2_CBC_PAD:
479 case CKM_RC2_KEY_GEN:
480 return CKM_RC2_KEY_GEN;
481 case CKM_RC4:
482 case CKM_RC4_KEY_GEN:
483 return CKM_RC4_KEY_GEN;
484 case CKM_RC5_ECB:
485 case CKM_RC5_CBC:
486 case CKM_RC5_MAC:
487 case CKM_RC5_MAC_GENERAL:
488 case CKM_RC5_CBC_PAD:
489 case CKM_RC5_KEY_GEN:
490 return CKM_RC5_KEY_GEN;
491 case CKM_SKIPJACK_CBC64:
492 case CKM_SKIPJACK_ECB64:
493 case CKM_SKIPJACK_OFB64:
494 case CKM_SKIPJACK_CFB64:
495 case CKM_SKIPJACK_CFB32:
496 case CKM_SKIPJACK_CFB16:
497 case CKM_SKIPJACK_CFB8:
498 case CKM_SKIPJACK_WRAP:
499 case CKM_SKIPJACK_KEY_GEN:
500 return CKM_SKIPJACK_KEY_GEN;
501 case CKM_BATON_ECB128:
502 case CKM_BATON_ECB96:
503 case CKM_BATON_CBC128:
504 case CKM_BATON_COUNTER:
505 case CKM_BATON_SHUFFLE:
506 case CKM_BATON_WRAP:
507 case CKM_BATON_KEY_GEN:
508 return CKM_BATON_KEY_GEN;
509 case CKM_JUNIPER_ECB128:
510 case CKM_JUNIPER_CBC128:
511 case CKM_JUNIPER_COUNTER:
512 case CKM_JUNIPER_SHUFFLE:
513 case CKM_JUNIPER_WRAP:
514 case CKM_JUNIPER_KEY_GEN:
515 return CKM_JUNIPER_KEY_GEN;
516 case CKM_IDEA_CBC:
517 case CKM_IDEA_ECB:
518 case CKM_IDEA_MAC:
519 case CKM_IDEA_MAC_GENERAL:
520 case CKM_IDEA_CBC_PAD:
521 case CKM_IDEA_KEY_GEN:
522 return CKM_IDEA_KEY_GEN;
523 case CKM_CAST_ECB:
524 case CKM_CAST_CBC:
525 case CKM_CAST_MAC:
526 case CKM_CAST_MAC_GENERAL:
527 case CKM_CAST_CBC_PAD:
528 case CKM_CAST_KEY_GEN:
529 return CKM_CAST_KEY_GEN;
530 case CKM_CAST3_ECB:
531 case CKM_CAST3_CBC:
532 case CKM_CAST3_MAC:
533 case CKM_CAST3_MAC_GENERAL:
534 case CKM_CAST3_CBC_PAD:
535 case CKM_CAST3_KEY_GEN:
536 return CKM_CAST3_KEY_GEN;
537 case CKM_CAST5_ECB:
538 case CKM_CAST5_CBC:
539 case CKM_CAST5_MAC:
540 case CKM_CAST5_MAC_GENERAL:
541 case CKM_CAST5_CBC_PAD:
542 case CKM_CAST5_KEY_GEN:
543 return CKM_CAST5_KEY_GEN;
544 case CKM_RSA_PKCS:
545 case CKM_RSA_9796:
546 case CKM_RSA_X_509:
547 case CKM_MD2_RSA_PKCS:
548 case CKM_MD5_RSA_PKCS:
549 case CKM_SHA1_RSA_PKCS:
550 case CKM_SHA224_RSA_PKCS:
551 case CKM_SHA256_RSA_PKCS:
552 case CKM_SHA384_RSA_PKCS:
553 case CKM_SHA512_RSA_PKCS:
554 case CKM_KEY_WRAP_SET_OAEP:
555 case CKM_RSA_PKCS_KEY_PAIR_GEN:
556 return CKM_RSA_PKCS_KEY_PAIR_GEN;
557 case CKM_RSA_X9_31_KEY_PAIR_GEN:
558 return CKM_RSA_X9_31_KEY_PAIR_GEN;
559 case CKM_DSA:
560 case CKM_DSA_SHA1:
561 case CKM_DSA_KEY_PAIR_GEN:
562 return CKM_DSA_KEY_PAIR_GEN;
563 case CKM_DH_PKCS_DERIVE:
564 case CKM_DH_PKCS_KEY_PAIR_GEN:
565 return CKM_DH_PKCS_KEY_PAIR_GEN;
566 case CKM_KEA_KEY_DERIVE:
567 case CKM_KEA_KEY_PAIR_GEN:
568 return CKM_KEA_KEY_PAIR_GEN;
569 case CKM_ECDSA:
570 case CKM_ECDSA_SHA1:
571 case CKM_EC_KEY_PAIR_GEN: /* aka CKM_ECDSA_KEY_PAIR_GEN */
572 case CKM_ECDH1_DERIVE:
573 return CKM_EC_KEY_PAIR_GEN;
574 case CKM_SSL3_PRE_MASTER_KEY_GEN:
575 case CKM_SSL3_MASTER_KEY_DERIVE:
576 case CKM_SSL3_KEY_AND_MAC_DERIVE:
577 case CKM_SSL3_SHA1_MAC:
578 case CKM_SSL3_MD5_MAC:
579 case CKM_TLS_MASTER_KEY_DERIVE:
580 case CKM_TLS_KEY_AND_MAC_DERIVE:
581 case CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256:
582 return CKM_SSL3_PRE_MASTER_KEY_GEN;
583 case CKM_SHA_1_HMAC:
584 case CKM_SHA_1_HMAC_GENERAL:
585 case CKM_SHA224_HMAC:
586 case CKM_SHA224_HMAC_GENERAL:
587 case CKM_SHA256_HMAC:
588 case CKM_SHA256_HMAC_GENERAL:
589 case CKM_SHA384_HMAC:
590 case CKM_SHA384_HMAC_GENERAL:
591 case CKM_SHA512_HMAC:
592 case CKM_SHA512_HMAC_GENERAL:
593 case CKM_MD2_HMAC:
594 case CKM_MD2_HMAC_GENERAL:
595 case CKM_MD5_HMAC:
596 case CKM_MD5_HMAC_GENERAL:
597 case CKM_TLS_PRF_GENERAL:
598 case CKM_NSS_TLS_PRF_GENERAL_SHA256:
599 case CKM_GENERIC_SECRET_KEY_GEN:
600 return CKM_GENERIC_SECRET_KEY_GEN;
601 case CKM_PBE_MD2_DES_CBC:
602 case CKM_PBE_MD5_DES_CBC:
603 case CKM_PBA_SHA1_WITH_SHA1_HMAC:
604 case CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN:
605 case CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN:
606 case CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN:
607 case CKM_NETSCAPE_PBE_SHA1_DES_CBC:
608 case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC:
609 case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC:
610 case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4:
611 case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4:
612 case CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC:
613 case CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC:
614 case CKM_PBE_SHA1_RC2_40_CBC:
615 case CKM_PBE_SHA1_RC2_128_CBC:
616 case CKM_PBE_SHA1_RC4_40:
617 case CKM_PBE_SHA1_RC4_128:
618 case CKM_PBE_SHA1_DES3_EDE_CBC:
619 case CKM_PBE_SHA1_DES2_EDE_CBC:
620 case CKM_PKCS5_PBKD2:
621 return type;
622 default:
623 return pk11_lookup(type)->keyGen;
624 }
625 }
626
627 /*
628 * get the mechanism block size
629 */
630 int
631 PK11_GetBlockSize(CK_MECHANISM_TYPE type,SECItem *params)
632 {
633 CK_RC5_PARAMS *rc5_params;
634 CK_RC5_CBC_PARAMS *rc5_cbc_params;
635 switch (type) {
636 case CKM_RC5_ECB:
637 if ((params) && (params->data)) {
638 rc5_params = (CK_RC5_PARAMS *) params->data;
639 return (rc5_params->ulWordsize)*2;
640 }
641 return 8;
642 case CKM_RC5_CBC:
643 case CKM_RC5_CBC_PAD:
644 if ((params) && (params->data)) {
645 rc5_cbc_params = (CK_RC5_CBC_PARAMS *) params->data;
646 return (rc5_cbc_params->ulWordsize)*2;
647 }
648 return 8;
649 case CKM_DES_ECB:
650 case CKM_DES3_ECB:
651 case CKM_RC2_ECB:
652 case CKM_IDEA_ECB:
653 case CKM_CAST_ECB:
654 case CKM_CAST3_ECB:
655 case CKM_CAST5_ECB:
656 case CKM_RC2_CBC:
657 case CKM_SKIPJACK_CBC64:
658 case CKM_SKIPJACK_ECB64:
659 case CKM_SKIPJACK_OFB64:
660 case CKM_SKIPJACK_CFB64:
661 case CKM_DES_CBC:
662 case CKM_DES3_CBC:
663 case CKM_IDEA_CBC:
664 case CKM_CAST_CBC:
665 case CKM_CAST3_CBC:
666 case CKM_CAST5_CBC:
667 case CKM_DES_CBC_PAD:
668 case CKM_DES3_CBC_PAD:
669 case CKM_RC2_CBC_PAD:
670 case CKM_IDEA_CBC_PAD:
671 case CKM_CAST_CBC_PAD:
672 case CKM_CAST3_CBC_PAD:
673 case CKM_CAST5_CBC_PAD:
674 case CKM_PBE_MD2_DES_CBC:
675 case CKM_PBE_MD5_DES_CBC:
676 case CKM_NETSCAPE_PBE_SHA1_DES_CBC:
677 case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC:
678 case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC:
679 case CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC:
680 case CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC:
681 case CKM_PBE_SHA1_RC2_40_CBC:
682 case CKM_PBE_SHA1_RC2_128_CBC:
683 case CKM_PBE_SHA1_DES3_EDE_CBC:
684 case CKM_PBE_SHA1_DES2_EDE_CBC:
685 return 8;
686 case CKM_SKIPJACK_CFB32:
687 case CKM_SKIPJACK_CFB16:
688 case CKM_SKIPJACK_CFB8:
689 return 4;
690 case CKM_SEED_ECB:
691 case CKM_SEED_CBC:
692 case CKM_SEED_CBC_PAD:
693 case CKM_CAMELLIA_ECB:
694 case CKM_CAMELLIA_CBC:
695 case CKM_CAMELLIA_CBC_PAD:
696 case CKM_AES_ECB:
697 case CKM_AES_CBC:
698 case CKM_AES_CBC_PAD:
699 case CKM_BATON_ECB128:
700 case CKM_BATON_CBC128:
701 case CKM_BATON_COUNTER:
702 case CKM_BATON_SHUFFLE:
703 case CKM_JUNIPER_ECB128:
704 case CKM_JUNIPER_CBC128:
705 case CKM_JUNIPER_COUNTER:
706 case CKM_JUNIPER_SHUFFLE:
707 return 16;
708 case CKM_BATON_ECB96:
709 return 12;
710 case CKM_RC4:
711 case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4:
712 case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4:
713 case CKM_PBE_SHA1_RC4_40:
714 case CKM_PBE_SHA1_RC4_128:
715 return 0;
716 case CKM_RSA_PKCS:
717 case CKM_RSA_9796:
718 case CKM_RSA_X_509:
719 /*actually it's the modulus length of the key!*/
720 return -1; /* failure */
721 default:
722 return pk11_lookup(type)->blockSize;
723 }
724 }
725
726 /*
727 * get the iv length
728 */
729 int
730 PK11_GetIVLength(CK_MECHANISM_TYPE type)
731 {
732 switch (type) {
733 case CKM_SEED_ECB:
734 case CKM_CAMELLIA_ECB:
735 case CKM_AES_ECB:
736 case CKM_DES_ECB:
737 case CKM_DES3_ECB:
738 case CKM_RC2_ECB:
739 case CKM_IDEA_ECB:
740 case CKM_SKIPJACK_WRAP:
741 case CKM_BATON_WRAP:
742 case CKM_RC5_ECB:
743 case CKM_CAST_ECB:
744 case CKM_CAST3_ECB:
745 case CKM_CAST5_ECB:
746 return 0;
747 case CKM_RC2_CBC:
748 case CKM_DES_CBC:
749 case CKM_DES3_CBC:
750 case CKM_IDEA_CBC:
751 case CKM_PBE_MD2_DES_CBC:
752 case CKM_PBE_MD5_DES_CBC:
753 case CKM_NETSCAPE_PBE_SHA1_DES_CBC:
754 case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC:
755 case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC:
756 case CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC:
757 case CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC:
758 case CKM_PBE_SHA1_RC2_40_CBC:
759 case CKM_PBE_SHA1_RC2_128_CBC:
760 case CKM_PBE_SHA1_DES3_EDE_CBC:
761 case CKM_PBE_SHA1_DES2_EDE_CBC:
762 case CKM_RC5_CBC:
763 case CKM_CAST_CBC:
764 case CKM_CAST3_CBC:
765 case CKM_CAST5_CBC:
766 case CKM_RC2_CBC_PAD:
767 case CKM_DES_CBC_PAD:
768 case CKM_DES3_CBC_PAD:
769 case CKM_IDEA_CBC_PAD:
770 case CKM_RC5_CBC_PAD:
771 case CKM_CAST_CBC_PAD:
772 case CKM_CAST3_CBC_PAD:
773 case CKM_CAST5_CBC_PAD:
774 return 8;
775 case CKM_SEED_CBC:
776 case CKM_SEED_CBC_PAD:
777 case CKM_CAMELLIA_CBC:
778 case CKM_CAMELLIA_CBC_PAD:
779 case CKM_AES_CBC:
780 case CKM_AES_CBC_PAD:
781 return 16;
782 case CKM_SKIPJACK_CBC64:
783 case CKM_SKIPJACK_ECB64:
784 case CKM_SKIPJACK_OFB64:
785 case CKM_SKIPJACK_CFB64:
786 case CKM_SKIPJACK_CFB32:
787 case CKM_SKIPJACK_CFB16:
788 case CKM_SKIPJACK_CFB8:
789 case CKM_BATON_ECB128:
790 case CKM_BATON_ECB96:
791 case CKM_BATON_CBC128:
792 case CKM_BATON_COUNTER:
793 case CKM_BATON_SHUFFLE:
794 case CKM_JUNIPER_ECB128:
795 case CKM_JUNIPER_CBC128:
796 case CKM_JUNIPER_COUNTER:
797 case CKM_JUNIPER_SHUFFLE:
798 return 24;
799 case CKM_RC4:
800 case CKM_RSA_PKCS:
801 case CKM_RSA_9796:
802 case CKM_RSA_X_509:
803 case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4:
804 case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4:
805 case CKM_PBE_SHA1_RC4_40:
806 case CKM_PBE_SHA1_RC4_128:
807 return 0;
808 default:
809 return pk11_lookup(type)->iv;
810 }
811 }
812
813
814 /* These next two utilities are here to help facilitate future
815 * Dynamic Encrypt/Decrypt symetric key mechanisms, and to allow functions
816 * like SSL and S-MIME to automatically add them.
817 */
818 SECItem *
819 pk11_ParamFromIVWithLen(CK_MECHANISM_TYPE type, SECItem *iv, int keyLen)
820 {
821 CK_RC2_CBC_PARAMS *rc2_params = NULL;
822 CK_RC2_PARAMS *rc2_ecb_params = NULL;
823 CK_RC5_PARAMS *rc5_params = NULL;
824 CK_RC5_CBC_PARAMS *rc5_cbc_params = NULL;
825 SECItem *param;
826
827 param = (SECItem *)PORT_Alloc(sizeof(SECItem));
828 if (param == NULL) return NULL;
829 param->data = NULL;
830 param->len = 0;
831 param->type = 0;
832 switch (type) {
833 case CKM_SEED_ECB:
834 case CKM_CAMELLIA_ECB:
835 case CKM_AES_ECB:
836 case CKM_DES_ECB:
837 case CKM_DES3_ECB:
838 case CKM_RSA_PKCS:
839 case CKM_RSA_X_509:
840 case CKM_RSA_9796:
841 case CKM_IDEA_ECB:
842 case CKM_CDMF_ECB:
843 case CKM_CAST_ECB:
844 case CKM_CAST3_ECB:
845 case CKM_CAST5_ECB:
846 case CKM_RC4:
847 break;
848 case CKM_RC2_ECB:
849 rc2_ecb_params = (CK_RC2_PARAMS *)PORT_Alloc(sizeof(CK_RC2_PARAMS));
850 if (rc2_ecb_params == NULL) break;
851 /* Maybe we should pass the key size in too to get this value? */
852 *rc2_ecb_params = keyLen ? keyLen*8 : 128;
853 param->data = (unsigned char *) rc2_ecb_params;
854 param->len = sizeof(CK_RC2_PARAMS);
855 break;
856 case CKM_RC2_CBC:
857 case CKM_RC2_CBC_PAD:
858 rc2_params = (CK_RC2_CBC_PARAMS *)PORT_Alloc(sizeof(CK_RC2_CBC_PARAMS));
859 if (rc2_params == NULL) break;
860 /* Maybe we should pass the key size in too to get this value? */
861 rc2_params->ulEffectiveBits = keyLen ? keyLen*8 : 128;
862 if (iv && iv->data)
863 PORT_Memcpy(rc2_params->iv,iv->data,sizeof(rc2_params->iv));
864 param->data = (unsigned char *) rc2_params;
865 param->len = sizeof(CK_RC2_CBC_PARAMS);
866 break;
867 case CKM_RC5_CBC:
868 case CKM_RC5_CBC_PAD:
869 rc5_cbc_params = (CK_RC5_CBC_PARAMS *)
870 PORT_Alloc(sizeof(CK_RC5_CBC_PARAMS) + ((iv) ? iv->len : 0));
871 if (rc5_cbc_params == NULL) break;
872 if (iv && iv->data && iv->len) {
873 rc5_cbc_params->pIv = ((CK_BYTE_PTR) rc5_cbc_params)
874 + sizeof(CK_RC5_CBC_PARAMS);
875 PORT_Memcpy(rc5_cbc_params->pIv,iv->data,iv->len);
876 rc5_cbc_params->ulIvLen = iv->len;
877 rc5_cbc_params->ulWordsize = iv->len/2;
878 } else {
879 rc5_cbc_params->ulWordsize = 4;
880 rc5_cbc_params->pIv = NULL;
881 rc5_cbc_params->ulIvLen = 0;
882 }
883 rc5_cbc_params->ulRounds = 16;
884 param->data = (unsigned char *) rc5_cbc_params;
885 param->len = sizeof(CK_RC5_CBC_PARAMS);
886 break;
887 case CKM_RC5_ECB:
888 rc5_params = (CK_RC5_PARAMS *)PORT_Alloc(sizeof(CK_RC5_PARAMS));
889 if (rc5_params == NULL) break;
890 if (iv && iv->data && iv->len) {
891 rc5_params->ulWordsize = iv->len/2;
892 } else {
893 rc5_params->ulWordsize = 4;
894 }
895 rc5_params->ulRounds = 16;
896 param->data = (unsigned char *) rc5_params;
897 param->len = sizeof(CK_RC5_PARAMS);
898 break;
899
900 case CKM_SEED_CBC:
901 case CKM_CAMELLIA_CBC:
902 case CKM_AES_CBC:
903 case CKM_DES_CBC:
904 case CKM_DES3_CBC:
905 case CKM_IDEA_CBC:
906 case CKM_CDMF_CBC:
907 case CKM_CAST_CBC:
908 case CKM_CAST3_CBC:
909 case CKM_CAST5_CBC:
910 case CKM_CAMELLIA_CBC_PAD:
911 case CKM_AES_CBC_PAD:
912 case CKM_DES_CBC_PAD:
913 case CKM_DES3_CBC_PAD:
914 case CKM_IDEA_CBC_PAD:
915 case CKM_CDMF_CBC_PAD:
916 case CKM_CAST_CBC_PAD:
917 case CKM_CAST3_CBC_PAD:
918 case CKM_CAST5_CBC_PAD:
919 case CKM_SKIPJACK_CBC64:
920 case CKM_SKIPJACK_ECB64:
921 case CKM_SKIPJACK_OFB64:
922 case CKM_SKIPJACK_CFB64:
923 case CKM_SKIPJACK_CFB32:
924 case CKM_SKIPJACK_CFB16:
925 case CKM_SKIPJACK_CFB8:
926 case CKM_BATON_ECB128:
927 case CKM_BATON_ECB96:
928 case CKM_BATON_CBC128:
929 case CKM_BATON_COUNTER:
930 case CKM_BATON_SHUFFLE:
931 case CKM_JUNIPER_ECB128:
932 case CKM_JUNIPER_CBC128:
933 case CKM_JUNIPER_COUNTER:
934 case CKM_JUNIPER_SHUFFLE:
935 if ((iv == NULL) || (iv->data == NULL)) break;
936 param->data = (unsigned char*)PORT_Alloc(iv->len);
937 if (param->data != NULL) {
938 PORT_Memcpy(param->data,iv->data,iv->len);
939 param->len = iv->len;
940 }
941 break;
942 /* unknown mechanism, pass IV in if it's there */
943 default:
944 if (pk11_lookup(type)->iv == 0) {
945 break;
946 }
947 if ((iv == NULL) || (iv->data == NULL)) {
948 break;
949 }
950 param->data = (unsigned char*)PORT_Alloc(iv->len);
951 if (param->data != NULL) {
952 PORT_Memcpy(param->data,iv->data,iv->len);
953 param->len = iv->len;
954 }
955 break;
956 }
957 return param;
958 }
959
960 /* These next two utilities are here to help facilitate future
961 * Dynamic Encrypt/Decrypt symetric key mechanisms, and to allow functions
962 * like SSL and S-MIME to automatically add them.
963 */
964 SECItem *
965 PK11_ParamFromIV(CK_MECHANISM_TYPE type,SECItem *iv)
966 {
967 return pk11_ParamFromIVWithLen(type, iv, 0);
968 }
969
970 unsigned char *
971 PK11_IVFromParam(CK_MECHANISM_TYPE type,SECItem *param,int *len)
972 {
973 CK_RC2_CBC_PARAMS *rc2_params;
974 CK_RC5_CBC_PARAMS *rc5_cbc_params;
975
976 *len = 0;
977 switch (type) {
978 case CKM_SEED_ECB:
979 case CKM_CAMELLIA_ECB:
980 case CKM_AES_ECB:
981 case CKM_DES_ECB:
982 case CKM_DES3_ECB:
983 case CKM_RSA_PKCS:
984 case CKM_RSA_X_509:
985 case CKM_RSA_9796:
986 case CKM_IDEA_ECB:
987 case CKM_CDMF_ECB:
988 case CKM_CAST_ECB:
989 case CKM_CAST3_ECB:
990 case CKM_CAST5_ECB:
991 case CKM_RC4:
992 return NULL;
993 case CKM_RC2_ECB:
994 return NULL;
995 case CKM_RC2_CBC:
996 case CKM_RC2_CBC_PAD:
997 rc2_params = (CK_RC2_CBC_PARAMS *)param->data;
998 *len = sizeof(rc2_params->iv);
999 return &rc2_params->iv[0];
1000 case CKM_RC5_CBC:
1001 case CKM_RC5_CBC_PAD:
1002 rc5_cbc_params = (CK_RC5_CBC_PARAMS *) param->data;
1003 *len = rc5_cbc_params->ulIvLen;
1004 return rc5_cbc_params->pIv;
1005 case CKM_SEED_CBC:
1006 case CKM_CAMELLIA_CBC:
1007 case CKM_AES_CBC:
1008 case CKM_DES_CBC:
1009 case CKM_DES3_CBC:
1010 case CKM_IDEA_CBC:
1011 case CKM_CDMF_CBC:
1012 case CKM_CAST_CBC:
1013 case CKM_CAST3_CBC:
1014 case CKM_CAST5_CBC:
1015 case CKM_CAMELLIA_CBC_PAD:
1016 case CKM_AES_CBC_PAD:
1017 case CKM_DES_CBC_PAD:
1018 case CKM_DES3_CBC_PAD:
1019 case CKM_IDEA_CBC_PAD:
1020 case CKM_CDMF_CBC_PAD:
1021 case CKM_CAST_CBC_PAD:
1022 case CKM_CAST3_CBC_PAD:
1023 case CKM_CAST5_CBC_PAD:
1024 case CKM_SKIPJACK_CBC64:
1025 case CKM_SKIPJACK_ECB64:
1026 case CKM_SKIPJACK_OFB64:
1027 case CKM_SKIPJACK_CFB64:
1028 case CKM_SKIPJACK_CFB32:
1029 case CKM_SKIPJACK_CFB16:
1030 case CKM_SKIPJACK_CFB8:
1031 case CKM_BATON_ECB128:
1032 case CKM_BATON_ECB96:
1033 case CKM_BATON_CBC128:
1034 case CKM_BATON_COUNTER:
1035 case CKM_BATON_SHUFFLE:
1036 case CKM_JUNIPER_ECB128:
1037 case CKM_JUNIPER_CBC128:
1038 case CKM_JUNIPER_COUNTER:
1039 case CKM_JUNIPER_SHUFFLE:
1040 break;
1041 /* unknown mechanism, pass IV in if it's there */
1042 default:
1043 break;
1044 }
1045 if (param->data) {
1046 *len = param->len;
1047 }
1048 return param->data;
1049 }
1050
1051 typedef struct sec_rc5cbcParameterStr {
1052 SECItem version;
1053 SECItem rounds;
1054 SECItem blockSizeInBits;
1055 SECItem iv;
1056 } sec_rc5cbcParameter;
1057
1058 static const SEC_ASN1Template sec_rc5ecb_parameter_template[] = {
1059 { SEC_ASN1_SEQUENCE,
1060 0, NULL, sizeof(sec_rc5cbcParameter) },
1061 { SEC_ASN1_INTEGER,
1062 offsetof(sec_rc5cbcParameter,version) },
1063 { SEC_ASN1_INTEGER,
1064 offsetof(sec_rc5cbcParameter,rounds) },
1065 { SEC_ASN1_INTEGER,
1066 offsetof(sec_rc5cbcParameter,blockSizeInBits) },
1067 { 0 }
1068 };
1069
1070 static const SEC_ASN1Template sec_rc5cbc_parameter_template[] = {
1071 { SEC_ASN1_SEQUENCE,
1072 0, NULL, sizeof(sec_rc5cbcParameter) },
1073 { SEC_ASN1_INTEGER,
1074 offsetof(sec_rc5cbcParameter,version) },
1075 { SEC_ASN1_INTEGER,
1076 offsetof(sec_rc5cbcParameter,rounds) },
1077 { SEC_ASN1_INTEGER,
1078 offsetof(sec_rc5cbcParameter,blockSizeInBits) },
1079 { SEC_ASN1_OCTET_STRING,
1080 offsetof(sec_rc5cbcParameter,iv) },
1081 { 0 }
1082 };
1083
1084 typedef struct sec_rc2cbcParameterStr {
1085 SECItem rc2ParameterVersion;
1086 SECItem iv;
1087 } sec_rc2cbcParameter;
1088
1089 static const SEC_ASN1Template sec_rc2cbc_parameter_template[] = {
1090 { SEC_ASN1_SEQUENCE,
1091 0, NULL, sizeof(sec_rc2cbcParameter) },
1092 { SEC_ASN1_INTEGER,
1093 offsetof(sec_rc2cbcParameter,rc2ParameterVersion) },
1094 { SEC_ASN1_OCTET_STRING,
1095 offsetof(sec_rc2cbcParameter,iv) },
1096 { 0 }
1097 };
1098
1099 static const SEC_ASN1Template sec_rc2ecb_parameter_template[] = {
1100 { SEC_ASN1_SEQUENCE,
1101 0, NULL, sizeof(sec_rc2cbcParameter) },
1102 { SEC_ASN1_INTEGER,
1103 offsetof(sec_rc2cbcParameter,rc2ParameterVersion) },
1104 { 0 }
1105 };
1106
1107 /* S/MIME picked id values to represent differnt keysizes */
1108 /* I do have a formula, but it ain't pretty, and it only works because you
1109 * can always match three points to a parabola:) */
1110 static unsigned char rc2_map(SECItem *version)
1111 {
1112 long x;
1113
1114 x = DER_GetInteger(version);
1115
1116 switch (x) {
1117 case 58: return 128;
1118 case 120: return 64;
1119 case 160: return 40;
1120 }
1121 return 128;
1122 }
1123
1124 static unsigned long rc2_unmap(unsigned long x)
1125 {
1126 switch (x) {
1127 case 128: return 58;
1128 case 64: return 120;
1129 case 40: return 160;
1130 }
1131 return 58;
1132 }
1133
1134
1135
1136 /* Generate a mechaism param from a type, and iv. */
1137 SECItem *
1138 PK11_ParamFromAlgid(SECAlgorithmID *algid)
1139 {
1140 CK_RC2_CBC_PARAMS * rc2_cbc_params = NULL;
1141 CK_RC2_PARAMS * rc2_ecb_params = NULL;
1142 CK_RC5_CBC_PARAMS * rc5_cbc_params = NULL;
1143 CK_RC5_PARAMS * rc5_ecb_params = NULL;
1144 PLArenaPool * arena = NULL;
1145 SECItem * mech = NULL;
1146 SECOidTag algtag;
1147 SECStatus rv;
1148 CK_MECHANISM_TYPE type;
1149 /* initialize these to prevent UMRs in the ASN1 decoder. */
1150 SECItem iv = {siBuffer, NULL, 0};
1151 sec_rc2cbcParameter rc2 = { {siBuffer, NULL, 0}, {siBuffer, NULL, 0} };
1152 sec_rc5cbcParameter rc5 = { {siBuffer, NULL, 0}, {siBuffer, NULL, 0},
1153 {siBuffer, NULL, 0}, {siBuffer, NULL, 0} };
1154
1155 algtag = SECOID_GetAlgorithmTag(algid);
1156 type = PK11_AlgtagToMechanism(algtag);
1157
1158 mech = PORT_New(SECItem);
1159 if (mech == NULL) {
1160 return NULL;
1161 }
1162 mech->type = siBuffer;
1163 mech->data = NULL;
1164 mech->len = 0;
1165
1166 arena = PORT_NewArena(1024);
1167 if (!arena) {
1168 goto loser;
1169 }
1170
1171 /* handle the complicated cases */
1172 switch (type) {
1173 case CKM_RC2_ECB:
1174 rv = SEC_ASN1DecodeItem(arena, &rc2 ,sec_rc2ecb_parameter_template,
1175 &(algid->parameters));
1176 if (rv != SECSuccess) {
1177 goto loser;
1178 }
1179 rc2_ecb_params = PORT_New(CK_RC2_PARAMS);
1180 if (rc2_ecb_params == NULL) {
1181 goto loser;
1182 }
1183 *rc2_ecb_params = rc2_map(&rc2.rc2ParameterVersion);
1184 mech->data = (unsigned char *) rc2_ecb_params;
1185 mech->len = sizeof *rc2_ecb_params;
1186 break;
1187 case CKM_RC2_CBC:
1188 case CKM_RC2_CBC_PAD:
1189 rv = SEC_ASN1DecodeItem(arena, &rc2 ,sec_rc2cbc_parameter_template,
1190 &(algid->parameters));
1191 if (rv != SECSuccess) {
1192 goto loser;
1193 }
1194 rc2_cbc_params = PORT_New(CK_RC2_CBC_PARAMS);
1195 if (rc2_cbc_params == NULL) {
1196 goto loser;
1197 }
1198 mech->data = (unsigned char *) rc2_cbc_params;
1199 mech->len = sizeof *rc2_cbc_params;
1200 rc2_cbc_params->ulEffectiveBits = rc2_map(&rc2.rc2ParameterVersion);
1201 if (rc2.iv.len != sizeof rc2_cbc_params->iv) {
1202 PORT_SetError(SEC_ERROR_INPUT_LEN);
1203 goto loser;
1204 }
1205 PORT_Memcpy(rc2_cbc_params->iv, rc2.iv.data, rc2.iv.len);
1206 break;
1207 case CKM_RC5_ECB:
1208 rv = SEC_ASN1DecodeItem(arena, &rc5 ,sec_rc5ecb_parameter_template,
1209 &(algid->parameters));
1210 if (rv != SECSuccess) {
1211 goto loser;
1212 }
1213 rc5_ecb_params = PORT_New(CK_RC5_PARAMS);
1214 if (rc5_ecb_params == NULL) {
1215 goto loser;
1216 }
1217 rc5_ecb_params->ulRounds = DER_GetInteger(&rc5.rounds);
1218 rc5_ecb_params->ulWordsize = DER_GetInteger(&rc5.blockSizeInBits)/8;
1219 mech->data = (unsigned char *) rc5_ecb_params;
1220 mech->len = sizeof *rc5_ecb_params;
1221 break;
1222 case CKM_RC5_CBC:
1223 case CKM_RC5_CBC_PAD:
1224 rv = SEC_ASN1DecodeItem(arena, &rc5 ,sec_rc5cbc_parameter_template,
1225 &(algid->parameters));
1226 if (rv != SECSuccess) {
1227 goto loser;
1228 }
1229 rc5_cbc_params = (CK_RC5_CBC_PARAMS *)
1230 PORT_Alloc(sizeof(CK_RC5_CBC_PARAMS) + rc5.iv.len);
1231 if (rc5_cbc_params == NULL) {
1232 goto loser;
1233 }
1234 mech->data = (unsigned char *) rc5_cbc_params;
1235 mech->len = sizeof *rc5_cbc_params;
1236 rc5_cbc_params->ulRounds = DER_GetInteger(&rc5.rounds);
1237 rc5_cbc_params->ulWordsize = DER_GetInteger(&rc5.blockSizeInBits)/8;
1238 rc5_cbc_params->pIv = ((CK_BYTE_PTR)rc5_cbc_params)
1239 + sizeof(CK_RC5_CBC_PARAMS);
1240 rc5_cbc_params->ulIvLen = rc5.iv.len;
1241 PORT_Memcpy(rc5_cbc_params->pIv, rc5.iv.data, rc5.iv.len);
1242 break;
1243 case CKM_PBE_MD2_DES_CBC:
1244 case CKM_PBE_MD5_DES_CBC:
1245 case CKM_NETSCAPE_PBE_SHA1_DES_CBC:
1246 case CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC:
1247 case CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC:
1248 case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC:
1249 case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC:
1250 case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4:
1251 case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4:
1252 case CKM_PBE_SHA1_DES2_EDE_CBC:
1253 case CKM_PBE_SHA1_DES3_EDE_CBC:
1254 case CKM_PBE_SHA1_RC2_40_CBC:
1255 case CKM_PBE_SHA1_RC2_128_CBC:
1256 case CKM_PBE_SHA1_RC4_40:
1257 case CKM_PBE_SHA1_RC4_128:
1258 case CKM_PKCS5_PBKD2:
1259 rv = pbe_PK11AlgidToParam(algid,mech);
1260 if (rv != SECSuccess) {
1261 goto loser;
1262 }
1263 break;
1264 case CKM_RC4:
1265 case CKM_SEED_ECB:
1266 case CKM_CAMELLIA_ECB:
1267 case CKM_AES_ECB:
1268 case CKM_DES_ECB:
1269 case CKM_DES3_ECB:
1270 case CKM_IDEA_ECB:
1271 case CKM_CDMF_ECB:
1272 case CKM_CAST_ECB:
1273 case CKM_CAST3_ECB:
1274 case CKM_CAST5_ECB:
1275 break;
1276
1277 default:
1278 if (pk11_lookup(type)->iv == 0) {
1279 break;
1280 }
1281 /* FALL THROUGH */
1282 case CKM_SEED_CBC:
1283 case CKM_CAMELLIA_CBC:
1284 case CKM_AES_CBC:
1285 case CKM_DES_CBC:
1286 case CKM_DES3_CBC:
1287 case CKM_IDEA_CBC:
1288 case CKM_CDMF_CBC:
1289 case CKM_CAST_CBC:
1290 case CKM_CAST3_CBC:
1291 case CKM_CAST5_CBC:
1292 case CKM_SEED_CBC_PAD:
1293 case CKM_CAMELLIA_CBC_PAD:
1294 case CKM_AES_CBC_PAD:
1295 case CKM_DES_CBC_PAD:
1296 case CKM_DES3_CBC_PAD:
1297 case CKM_IDEA_CBC_PAD:
1298 case CKM_CDMF_CBC_PAD:
1299 case CKM_CAST_CBC_PAD:
1300 case CKM_CAST3_CBC_PAD:
1301 case CKM_CAST5_CBC_PAD:
1302 case CKM_SKIPJACK_CBC64:
1303 case CKM_SKIPJACK_ECB64:
1304 case CKM_SKIPJACK_OFB64:
1305 case CKM_SKIPJACK_CFB64:
1306 case CKM_SKIPJACK_CFB32:
1307 case CKM_SKIPJACK_CFB16:
1308 case CKM_SKIPJACK_CFB8:
1309 case CKM_BATON_ECB128:
1310 case CKM_BATON_ECB96:
1311 case CKM_BATON_CBC128:
1312 case CKM_BATON_COUNTER:
1313 case CKM_BATON_SHUFFLE:
1314 case CKM_JUNIPER_ECB128:
1315 case CKM_JUNIPER_CBC128:
1316 case CKM_JUNIPER_COUNTER:
1317 case CKM_JUNIPER_SHUFFLE:
1318 /* simple cases are simply octet string encoded IVs */
1319 rv = SEC_ASN1DecodeItem(arena, &iv,
1320 SEC_ASN1_GET(SEC_OctetStringTemplate),
1321 &(algid->parameters));
1322 if (rv != SECSuccess || iv.data == NULL) {
1323 goto loser;
1324 }
1325 /* XXX Should be some IV length sanity check here. */
1326 mech->data = (unsigned char*)PORT_Alloc(iv.len);
1327 if (mech->data == NULL) {
1328 goto loser;
1329 }
1330 PORT_Memcpy(mech->data, iv.data, iv.len);
1331 mech->len = iv.len;
1332 break;
1333 }
1334 PORT_FreeArena(arena, PR_FALSE);
1335 return mech;
1336
1337 loser:
1338 if (arena)
1339 PORT_FreeArena(arena, PR_FALSE);
1340 SECITEM_FreeItem(mech,PR_TRUE);
1341 return NULL;
1342 }
1343
1344 /*
1345 * Generate an IV for the given mechanism
1346 */
1347 static SECStatus
1348 pk11_GenIV(CK_MECHANISM_TYPE type, SECItem *iv) {
1349 int iv_size = PK11_GetIVLength(type);
1350 SECStatus rv;
1351
1352 iv->len = iv_size;
1353 if (iv_size == 0) {
1354 iv->data = NULL;
1355 return SECSuccess;
1356 }
1357
1358 iv->data = (unsigned char *) PORT_Alloc(iv_size);
1359 if (iv->data == NULL) {
1360 iv->len = 0;
1361 return SECFailure;
1362 }
1363
1364 rv = PK11_GenerateRandom(iv->data,iv->len);
1365 if (rv != SECSuccess) {
1366 PORT_Free(iv->data);
1367 iv->data = NULL; iv->len = 0;
1368 return SECFailure;
1369 }
1370 return SECSuccess;
1371 }
1372
1373
1374 /*
1375 * create a new parameter block from the passed in MECHANISM and the
1376 * key. Use Netscape's S/MIME Rules for the New param block.
1377 */
1378 SECItem *
1379 pk11_GenerateNewParamWithKeyLen(CK_MECHANISM_TYPE type, int keyLen)
1380 {
1381 CK_RC2_CBC_PARAMS *rc2_params;
1382 CK_RC2_PARAMS *rc2_ecb_params;
1383 SECItem *mech;
1384 SECItem iv;
1385 SECStatus rv;
1386
1387
1388 mech = (SECItem *) PORT_Alloc(sizeof(SECItem));
1389 if (mech == NULL) return NULL;
1390
1391 rv = SECSuccess;
1392 mech->type = siBuffer;
1393 switch (type) {
1394 case CKM_RC4:
1395 case CKM_SEED_ECB:
1396 case CKM_CAMELLIA_ECB:
1397 case CKM_AES_ECB:
1398 case CKM_DES_ECB:
1399 case CKM_DES3_ECB:
1400 case CKM_IDEA_ECB:
1401 case CKM_CDMF_ECB:
1402 case CKM_CAST_ECB:
1403 case CKM_CAST3_ECB:
1404 case CKM_CAST5_ECB:
1405 mech->data = NULL;
1406 mech->len = 0;
1407 break;
1408 case CKM_RC2_ECB:
1409 rc2_ecb_params = (CK_RC2_PARAMS *)PORT_Alloc(sizeof(CK_RC2_PARAMS));
1410 if (rc2_ecb_params == NULL) {
1411 rv = SECFailure;
1412 break;
1413 }
1414 /* NOTE PK11_GetKeyLength can return -1 if the key isn't and RC2, RC5,
1415 * or RC4 key. Of course that wouldn't happen here doing RC2:).*/
1416 *rc2_ecb_params = keyLen ? keyLen*8 : 128;
1417 mech->data = (unsigned char *) rc2_ecb_params;
1418 mech->len = sizeof(CK_RC2_PARAMS);
1419 break;
1420 case CKM_RC2_CBC:
1421 case CKM_RC2_CBC_PAD:
1422 rv = pk11_GenIV(type,&iv);
1423 if (rv != SECSuccess) {
1424 break;
1425 }
1426 rc2_params = (CK_RC2_CBC_PARAMS *)PORT_Alloc(sizeof(CK_RC2_CBC_PARAMS));
1427 if (rc2_params == NULL) {
1428 PORT_Free(iv.data);
1429 rv = SECFailure;
1430 break;
1431 }
1432 /* NOTE PK11_GetKeyLength can return -1 if the key isn't and RC2, RC5,
1433 * or RC4 key. Of course that wouldn't happen here doing RC2:).*/
1434 rc2_params->ulEffectiveBits = keyLen ? keyLen*8 : 128;
1435 if (iv.data)
1436 PORT_Memcpy(rc2_params->iv,iv.data,sizeof(rc2_params->iv));
1437 mech->data = (unsigned char *) rc2_params;
1438 mech->len = sizeof(CK_RC2_CBC_PARAMS);
1439 PORT_Free(iv.data);
1440 break;
1441 case CKM_RC5_ECB:
1442 PORT_Free(mech);
1443 return PK11_ParamFromIV(type,NULL);
1444 case CKM_RC5_CBC:
1445 case CKM_RC5_CBC_PAD:
1446 rv = pk11_GenIV(type,&iv);
1447 if (rv != SECSuccess) {
1448 break;
1449 }
1450 PORT_Free(mech);
1451 return PK11_ParamFromIV(type,&iv);
1452 default:
1453 if (pk11_lookup(type)->iv == 0) {
1454 mech->data = NULL;
1455 mech->len = 0;
1456 break;
1457 }
1458 case CKM_SEED_CBC:
1459 case CKM_CAMELLIA_CBC:
1460 case CKM_AES_CBC:
1461 case CKM_DES_CBC:
1462 case CKM_DES3_CBC:
1463 case CKM_IDEA_CBC:
1464 case CKM_CDMF_CBC:
1465 case CKM_CAST_CBC:
1466 case CKM_CAST3_CBC:
1467 case CKM_CAST5_CBC:
1468 case CKM_DES_CBC_PAD:
1469 case CKM_DES3_CBC_PAD:
1470 case CKM_IDEA_CBC_PAD:
1471 case CKM_CDMF_CBC_PAD:
1472 case CKM_CAST_CBC_PAD:
1473 case CKM_CAST3_CBC_PAD:
1474 case CKM_CAST5_CBC_PAD:
1475 case CKM_SKIPJACK_CBC64:
1476 case CKM_SKIPJACK_ECB64:
1477 case CKM_SKIPJACK_OFB64:
1478 case CKM_SKIPJACK_CFB64:
1479 case CKM_SKIPJACK_CFB32:
1480 case CKM_SKIPJACK_CFB16:
1481 case CKM_SKIPJACK_CFB8:
1482 case CKM_BATON_ECB128:
1483 case CKM_BATON_ECB96:
1484 case CKM_BATON_CBC128:
1485 case CKM_BATON_COUNTER:
1486 case CKM_BATON_SHUFFLE:
1487 case CKM_JUNIPER_ECB128:
1488 case CKM_JUNIPER_CBC128:
1489 case CKM_JUNIPER_COUNTER:
1490 case CKM_JUNIPER_SHUFFLE:
1491 rv = pk11_GenIV(type,&iv);
1492 if (rv != SECSuccess) {
1493 break;
1494 }
1495 mech->data = (unsigned char*)PORT_Alloc(iv.len);
1496 if (mech->data == NULL) {
1497 PORT_Free(iv.data);
1498 rv = SECFailure;
1499 break;
1500 }
1501 PORT_Memcpy(mech->data,iv.data,iv.len);
1502 mech->len = iv.len;
1503 PORT_Free(iv.data);
1504 break;
1505 }
1506 if (rv != SECSuccess) {
1507 SECITEM_FreeItem(mech,PR_TRUE);
1508 return NULL;
1509 }
1510 return mech;
1511
1512 }
1513
1514 SECItem *
1515 PK11_GenerateNewParam(CK_MECHANISM_TYPE type, PK11SymKey *key)
1516 {
1517 int keyLen = key ? PK11_GetKeyLength(key) : 0;
1518
1519 return pk11_GenerateNewParamWithKeyLen(type, keyLen);
1520 }
1521
1522 #define RC5_V10 0x10
1523
1524 /* turn a PKCS #11 parameter into a DER Encoded Algorithm ID */
1525 SECStatus
1526 PK11_ParamToAlgid(SECOidTag algTag, SECItem *param,
1527 PLArenaPool *arena, SECAlgorithmID *algid) {
1528 CK_RC2_CBC_PARAMS *rc2_params;
1529 sec_rc2cbcParameter rc2;
1530 CK_RC5_CBC_PARAMS *rc5_params;
1531 sec_rc5cbcParameter rc5;
1532 CK_MECHANISM_TYPE type = PK11_AlgtagToMechanism(algTag);
1533 SECItem *newParams = NULL;
1534 SECStatus rv = SECFailure;
1535 unsigned long rc2version;
1536
1537 switch (type) {
1538 case CKM_RC4:
1539 case CKM_SEED_ECB:
1540 case CKM_CAMELLIA_ECB:
1541 case CKM_AES_ECB:
1542 case CKM_DES_ECB:
1543 case CKM_DES3_ECB:
1544 case CKM_IDEA_ECB:
1545 case CKM_CDMF_ECB:
1546 case CKM_CAST_ECB:
1547 case CKM_CAST3_ECB:
1548 case CKM_CAST5_ECB:
1549 newParams = NULL;
1550 rv = SECSuccess;
1551 break;
1552 case CKM_RC2_ECB:
1553 break;
1554 case CKM_RC2_CBC:
1555 case CKM_RC2_CBC_PAD:
1556 rc2_params = (CK_RC2_CBC_PARAMS *)param->data;
1557 rc2version = rc2_unmap(rc2_params->ulEffectiveBits);
1558 if (SEC_ASN1EncodeUnsignedInteger (NULL, &(rc2.rc2ParameterVersion),
1559 rc2version) == NULL)
1560 break;
1561 rc2.iv.data = rc2_params->iv;
1562 rc2.iv.len = sizeof(rc2_params->iv);
1563 newParams = SEC_ASN1EncodeItem (NULL, NULL, &rc2,
1564 sec_rc2cbc_parameter_template);
1565 PORT_Free(rc2.rc2ParameterVersion.data);
1566 if (newParams == NULL)
1567 break;
1568 rv = SECSuccess;
1569 break;
1570
1571 case CKM_RC5_ECB: /* well not really... */
1572 break;
1573 case CKM_RC5_CBC:
1574 case CKM_RC5_CBC_PAD:
1575 rc5_params = (CK_RC5_CBC_PARAMS *)param->data;
1576 if (SEC_ASN1EncodeUnsignedInteger (NULL, &rc5.version, RC5_V10) == NULL)
1577 break;
1578 if (SEC_ASN1EncodeUnsignedInteger (NULL, &rc5.blockSizeInBits,
1579 rc5_params->ulWordsize*8) == NULL) {
1580 PORT_Free(rc5.version.data);
1581 break;
1582 }
1583 if (SEC_ASN1EncodeUnsignedInteger (NULL, &rc5.rounds,
1584 rc5_params->ulWordsize*8) == NULL) {
1585 PORT_Free(rc5.blockSizeInBits.data);
1586 PORT_Free(rc5.version.data);
1587 break;
1588 }
1589 rc5.iv.data = rc5_params->pIv;
1590 rc5.iv.len = rc5_params->ulIvLen;
1591 newParams = SEC_ASN1EncodeItem (NULL, NULL, &rc5,
1592 sec_rc5cbc_parameter_template);
1593 PORT_Free(rc5.version.data);
1594 PORT_Free(rc5.blockSizeInBits.data);
1595 PORT_Free(rc5.rounds.data);
1596 if (newParams == NULL)
1597 break;
1598 rv = SECSuccess;
1599 break;
1600 case CKM_PBE_MD2_DES_CBC:
1601 case CKM_PBE_MD5_DES_CBC:
1602 case CKM_NETSCAPE_PBE_SHA1_DES_CBC:
1603 case CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC:
1604 case CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC:
1605 case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC:
1606 case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC:
1607 case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4:
1608 case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4:
1609 case CKM_PBE_SHA1_DES3_EDE_CBC:
1610 case CKM_PBE_SHA1_DES2_EDE_CBC:
1611 case CKM_PBE_SHA1_RC2_40_CBC:
1612 case CKM_PBE_SHA1_RC2_128_CBC:
1613 case CKM_PBE_SHA1_RC4_40:
1614 case CKM_PBE_SHA1_RC4_128:
1615 return PBE_PK11ParamToAlgid(algTag, param, arena, algid);
1616 default:
1617 if (pk11_lookup(type)->iv == 0) {
1618 rv = SECSuccess;
1619 newParams = NULL;
1620 break;
1621 }
1622 case CKM_SEED_CBC:
1623 case CKM_CAMELLIA_CBC:
1624 case CKM_AES_CBC:
1625 case CKM_DES_CBC:
1626 case CKM_DES3_CBC:
1627 case CKM_IDEA_CBC:
1628 case CKM_CDMF_CBC:
1629 case CKM_CAST_CBC:
1630 case CKM_CAST3_CBC:
1631 case CKM_CAST5_CBC:
1632 case CKM_DES_CBC_PAD:
1633 case CKM_DES3_CBC_PAD:
1634 case CKM_IDEA_CBC_PAD:
1635 case CKM_CDMF_CBC_PAD:
1636 case CKM_CAST_CBC_PAD:
1637 case CKM_CAST3_CBC_PAD:
1638 case CKM_CAST5_CBC_PAD:
1639 case CKM_SKIPJACK_CBC64:
1640 case CKM_SKIPJACK_ECB64:
1641 case CKM_SKIPJACK_OFB64:
1642 case CKM_SKIPJACK_CFB64:
1643 case CKM_SKIPJACK_CFB32:
1644 case CKM_SKIPJACK_CFB16:
1645 case CKM_SKIPJACK_CFB8:
1646 case CKM_BATON_ECB128:
1647 case CKM_BATON_ECB96:
1648 case CKM_BATON_CBC128:
1649 case CKM_BATON_COUNTER:
1650 case CKM_BATON_SHUFFLE:
1651 case CKM_JUNIPER_ECB128:
1652 case CKM_JUNIPER_CBC128:
1653 case CKM_JUNIPER_COUNTER:
1654 case CKM_JUNIPER_SHUFFLE:
1655 newParams = SEC_ASN1EncodeItem(NULL,NULL,param,
1656 SEC_ASN1_GET(SEC_OctetStringTemplate) );
1657 if (newParams == NULL)
1658 break;
1659 rv = SECSuccess;
1660 break;
1661 }
1662
1663 if (rv != SECSuccess) {
1664 if (newParams) SECITEM_FreeItem(newParams,PR_TRUE);
1665 return rv;
1666 }
1667
1668 rv = SECOID_SetAlgorithmID(arena, algid, algTag, newParams);
1669 SECITEM_FreeItem(newParams,PR_TRUE);
1670 return rv;
1671 }
1672
1673 /* turn an OID algorithm tag into a PKCS #11 mechanism. This allows us to
1674 * map OID's directly into the PKCS #11 mechanism we want to call. We find
1675 * this mapping in our standard OID table */
1676 CK_MECHANISM_TYPE
1677 PK11_AlgtagToMechanism(SECOidTag algTag) {
1678 SECOidData *oid = SECOID_FindOIDByTag(algTag);
1679
1680 if (oid) return (CK_MECHANISM_TYPE) oid->mechanism;
1681 return CKM_INVALID_MECHANISM;
1682 }
1683
1684 /* turn a mechanism into an oid. */
1685 SECOidTag
1686 PK11_MechanismToAlgtag(CK_MECHANISM_TYPE type) {
1687 SECOidData *oid = SECOID_FindOIDByMechanism((unsigned long)type);
1688
1689 if (oid) return oid->offset;
1690 return SEC_OID_UNKNOWN;
1691 }
1692
1693 /* Determine appropriate blocking mechanism, used when wrapping private keys
1694 * which require PKCS padding. If the mechanism does not map to a padding
1695 * mechanism, we simply return the mechanism.
1696 */
1697 CK_MECHANISM_TYPE
1698 PK11_GetPadMechanism(CK_MECHANISM_TYPE type) {
1699 switch(type) {
1700 case CKM_SEED_CBC:
1701 return CKM_SEED_CBC_PAD;
1702 case CKM_CAMELLIA_CBC:
1703 return CKM_CAMELLIA_CBC_PAD;
1704 case CKM_AES_CBC:
1705 return CKM_AES_CBC_PAD;
1706 case CKM_DES_CBC:
1707 return CKM_DES_CBC_PAD;
1708 case CKM_DES3_CBC:
1709 return CKM_DES3_CBC_PAD;
1710 case CKM_RC2_CBC:
1711 return CKM_RC2_CBC_PAD;
1712 case CKM_CDMF_CBC:
1713 return CKM_CDMF_CBC_PAD;
1714 case CKM_CAST_CBC:
1715 return CKM_CAST_CBC_PAD;
1716 case CKM_CAST3_CBC:
1717 return CKM_CAST3_CBC_PAD;
1718 case CKM_CAST5_CBC:
1719 return CKM_CAST5_CBC_PAD;
1720 case CKM_RC5_CBC:
1721 return CKM_RC5_CBC_PAD;
1722 case CKM_IDEA_CBC:
1723 return CKM_IDEA_CBC_PAD;
1724 default:
1725 break;
1726 }
1727
1728 return type;
1729 }
1730
1731 static PRBool
1732 pk11_isAllZero(unsigned char *data,int len) {
1733 while (len--) {
1734 if (*data++) {
1735 return PR_FALSE;
1736 }
1737 }
1738 return PR_TRUE;
1739 }
1740
1741 CK_RV
1742 PK11_MapPBEMechanismToCryptoMechanism(CK_MECHANISM_PTR pPBEMechanism,
1743 CK_MECHANISM_PTR pCryptoMechanism,
1744 SECItem *pbe_pwd, PRBool faulty3DES)
1745 {
1746 int iv_len = 0;
1747 CK_PBE_PARAMS_PTR pPBEparams;
1748 CK_RC2_CBC_PARAMS_PTR rc2_params;
1749 CK_ULONG rc2_key_len;
1750
1751 if((pPBEMechanism == CK_NULL_PTR) || (pCryptoMechanism == CK_NULL_PTR)) {
1752 return CKR_HOST_MEMORY;
1753 }
1754
1755 /* pkcs5 v2 cannot be supported by this interface.
1756 * use PK11_GetPBECryptoMechanism instead.
1757 */
1758 if ((pPBEMechanism->mechanism == CKM_INVALID_MECHANISM) ||
1759 (pPBEMechanism->mechanism == CKM_PKCS5_PBKD2)) {
1760 return CKR_MECHANISM_INVALID;
1761 }
1762
1763 pPBEparams = (CK_PBE_PARAMS_PTR)pPBEMechanism->pParameter;
1764 iv_len = PK11_GetIVLength(pPBEMechanism->mechanism);
1765
1766 if (iv_len) {
1767 if (pk11_isAllZero(pPBEparams->pInitVector,iv_len)) {
1768 SECItem param;
1769 PK11SymKey *symKey;
1770 PK11SlotInfo *intSlot = PK11_GetInternalSlot();
1771
1772 if (intSlot == NULL) {
1773 return CKR_DEVICE_ERROR;
1774 }
1775
1776 param.data = pPBEMechanism->pParameter;
1777 param.len = pPBEMechanism->ulParameterLen;
1778
1779 symKey = PK11_RawPBEKeyGen(intSlot,
1780 pPBEMechanism->mechanism, &param, pbe_pwd, faulty3DES, NULL);
1781 PK11_FreeSlot(intSlot);
1782 if (symKey== NULL) {
1783 return CKR_DEVICE_ERROR; /* sigh */
1784 }
1785 PK11_FreeSymKey(symKey);
1786 }
1787 }
1788
1789 switch(pPBEMechanism->mechanism) {
1790 case CKM_PBE_MD2_DES_CBC:
1791 case CKM_PBE_MD5_DES_CBC:
1792 case CKM_NETSCAPE_PBE_SHA1_DES_CBC:
1793 pCryptoMechanism->mechanism = CKM_DES_CBC;
1794 goto have_crypto_mechanism;
1795 case CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC:
1796 case CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC:
1797 case CKM_PBE_SHA1_DES3_EDE_CBC:
1798 case CKM_PBE_SHA1_DES2_EDE_CBC:
1799 pCryptoMechanism->mechanism = CKM_DES3_CBC;
1800 have_crypto_mechanism:
1801 pCryptoMechanism->pParameter = PORT_Alloc(iv_len);
1802 pCryptoMechanism->ulParameterLen = (CK_ULONG)iv_len;
1803 if(pCryptoMechanism->pParameter == NULL) {
1804 return CKR_HOST_MEMORY;
1805 }
1806 PORT_Memcpy((unsigned char *)(pCryptoMechanism->pParameter),
1807 (unsigned char *)(pPBEparams->pInitVector),
1808 iv_len);
1809 break;
1810 case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4:
1811 case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4:
1812 case CKM_PBE_SHA1_RC4_40:
1813 case CKM_PBE_SHA1_RC4_128:
1814 pCryptoMechanism->mechanism = CKM_RC4;
1815 pCryptoMechanism->ulParameterLen = 0;
1816 pCryptoMechanism->pParameter = CK_NULL_PTR;
1817 break;
1818 case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC:
1819 case CKM_PBE_SHA1_RC2_40_CBC:
1820 rc2_key_len = 40;
1821 goto have_key_len;
1822 case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC:
1823 rc2_key_len = 128;
1824 have_key_len:
1825 pCryptoMechanism->mechanism = CKM_RC2_CBC;
1826 pCryptoMechanism->ulParameterLen = (CK_ULONG)
1827 sizeof(CK_RC2_CBC_PARAMS);
1828 pCryptoMechanism->pParameter = (CK_RC2_CBC_PARAMS_PTR)
1829 PORT_ZAlloc(sizeof(CK_RC2_CBC_PARAMS));
1830 if(pCryptoMechanism->pParameter == NULL) {
1831 return CKR_HOST_MEMORY;
1832 }
1833 rc2_params = (CK_RC2_CBC_PARAMS_PTR)pCryptoMechanism->pParameter;
1834 PORT_Memcpy((unsigned char *)rc2_params->iv,
1835 (unsigned char *)pPBEparams->pInitVector,
1836 iv_len);
1837 rc2_params->ulEffectiveBits = rc2_key_len;
1838 break;
1839 default:
1840 return CKR_MECHANISM_INVALID;
1841 }
1842
1843 return CKR_OK;
1844 }
1845
1846 /* Make a Key type to an appropriate signing/verification mechanism */
1847 CK_MECHANISM_TYPE
1848 PK11_MapSignKeyType(KeyType keyType)
1849 {
1850 switch (keyType) {
1851 case rsaKey:
1852 return CKM_RSA_PKCS;
1853 case fortezzaKey:
1854 case dsaKey:
1855 return CKM_DSA;
1856 case ecKey:
1857 return CKM_ECDSA;
1858 case dhKey:
1859 default:
1860 break;
1861 }
1862 return CKM_INVALID_MECHANISM;
1863 }
1864
1865 CK_MECHANISM_TYPE
1866 pk11_mapWrapKeyType(KeyType keyType)
1867 {
1868 switch (keyType) {
1869 case rsaKey:
1870 return CKM_RSA_PKCS;
1871 /* Add fortezza?? */
1872 default:
1873 break;
1874 }
1875 return CKM_INVALID_MECHANISM;
1876 }
1877
1878 SECOidTag
1879 PK11_FortezzaMapSig(SECOidTag algTag)
1880 {
1881 switch (algTag) {
1882 case SEC_OID_MISSI_KEA_DSS:
1883 case SEC_OID_MISSI_DSS:
1884 case SEC_OID_MISSI_DSS_OLD:
1885 case SEC_OID_MISSI_KEA_DSS_OLD:
1886 case SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST:
1887 return SEC_OID_ANSIX9_DSA_SIGNATURE;
1888 default:
1889 break;
1890 }
1891 return algTag;
1892 }
This site is hosted by Intevation GmbH (Datenschutzerklärung und Impressum | Privacy Policy and Imprint)