/src/nss/lib/pk11wrap/pk11akey.c
Line | Count | Source |
1 | | /* This Source Code Form is subject to the terms of the Mozilla Public |
2 | | * License, v. 2.0. If a copy of the MPL was not distributed with this |
3 | | * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
4 | | /* |
5 | | * This file contains functions to manage asymetric keys, (public and |
6 | | * private keys). |
7 | | */ |
8 | | #include <stddef.h> |
9 | | |
10 | | #include "seccomon.h" |
11 | | #include "secmod.h" |
12 | | #include "secmodi.h" |
13 | | #include "secmodti.h" |
14 | | #include "pkcs11.h" |
15 | | #include "pkcs11t.h" |
16 | | #include "pk11func.h" |
17 | | #include "cert.h" |
18 | | #include "keyhi.h" |
19 | | #include "keyi.h" |
20 | | #include "secitem.h" |
21 | | #include "secasn1.h" |
22 | | #include "secoid.h" |
23 | | #include "secerr.h" |
24 | | #include "sechash.h" |
25 | | |
26 | | #include "secpkcs5.h" |
27 | | #include "blapit.h" |
28 | | |
29 | | const SECItem * |
30 | | PK11_GetPublicValueFromPublicKey(const SECKEYPublicKey *pubKey) |
31 | 108k | { |
32 | | /* set the ID to the public key so we can find it again */ |
33 | 108k | const SECItem *pubKeyIndex = NULL; |
34 | 108k | switch (pubKey->keyType) { |
35 | 0 | case rsaKey: |
36 | 0 | case rsaPssKey: |
37 | 0 | case rsaOaepKey: |
38 | 0 | pubKeyIndex = &pubKey->u.rsa.modulus; |
39 | 0 | break; |
40 | 0 | case dsaKey: |
41 | 0 | pubKeyIndex = &pubKey->u.dsa.publicValue; |
42 | 0 | break; |
43 | 7.76k | case dhKey: |
44 | 7.76k | pubKeyIndex = &pubKey->u.dh.publicValue; |
45 | 7.76k | break; |
46 | 0 | case edKey: |
47 | 86.4k | case ecKey: |
48 | 86.4k | case ecMontKey: |
49 | 86.4k | pubKeyIndex = &pubKey->u.ec.publicValue; |
50 | 86.4k | break; |
51 | 14.6k | case kyberKey: |
52 | 14.6k | pubKeyIndex = &pubKey->u.kyber.publicValue; |
53 | 14.6k | break; |
54 | 0 | case mldsaKey: |
55 | 0 | pubKeyIndex = &pubKey->u.mldsa.publicValue; |
56 | 0 | break; |
57 | | /* explicitly put unsupported keys here. The |
58 | | * compiler will tell you when you need to |
59 | | * add switch statements */ |
60 | 0 | case fortezzaKey: |
61 | 0 | case keaKey: |
62 | 0 | case nullKey: |
63 | 0 | return NULL; |
64 | 108k | } |
65 | 108k | PORT_Assert(pubKeyIndex != NULL); |
66 | | |
67 | 108k | return pubKeyIndex; |
68 | 108k | } |
69 | | |
70 | | KeyType |
71 | | pk11_getKeyTypeFromPKCS11KeyType(CK_KEY_TYPE pk11KeyType) |
72 | 0 | { |
73 | 0 | KeyType keyType = nullKey; |
74 | 0 | switch (pk11KeyType) { |
75 | 0 | case CKK_RSA: |
76 | 0 | keyType = rsaKey; |
77 | 0 | break; |
78 | 0 | case CKK_DSA: |
79 | 0 | keyType = dsaKey; |
80 | 0 | break; |
81 | 0 | case CKK_DH: |
82 | 0 | keyType = dhKey; |
83 | 0 | break; |
84 | 0 | case CKK_EC: |
85 | 0 | keyType = ecKey; |
86 | 0 | break; |
87 | 0 | case CKK_EC_MONTGOMERY: |
88 | 0 | keyType = ecMontKey; |
89 | 0 | break; |
90 | 0 | case CKK_EC_EDWARDS: |
91 | 0 | keyType = edKey; |
92 | 0 | break; |
93 | 0 | case CKK_NSS_KYBER: |
94 | 0 | case CKK_NSS_ML_KEM: |
95 | 0 | case CKK_ML_KEM: |
96 | 0 | keyType = kyberKey; |
97 | 0 | break; |
98 | 0 | case CKK_ML_DSA: |
99 | 0 | keyType = mldsaKey; |
100 | 0 | break; |
101 | 0 | default: |
102 | 0 | PORT_SetError(SEC_ERROR_BAD_KEY); |
103 | 0 | break; |
104 | 0 | } |
105 | 0 | return keyType; |
106 | 0 | } |
107 | | |
108 | | CK_KEY_TYPE |
109 | | pk11_getPKCS11KeyTypeFromKeyType(KeyType keyType) |
110 | 0 | { |
111 | 0 | CK_KEY_TYPE pk11KeyType = CKK_INVALID_KEY_TYPE; |
112 | 0 | switch (keyType) { |
113 | 0 | case rsaKey: |
114 | 0 | case rsaPssKey: |
115 | 0 | case rsaOaepKey: |
116 | 0 | pk11KeyType = CKK_RSA; |
117 | 0 | break; |
118 | 0 | case dsaKey: |
119 | 0 | pk11KeyType = CKK_DSA; |
120 | 0 | break; |
121 | 0 | case dhKey: |
122 | 0 | pk11KeyType = CKK_DH; |
123 | 0 | break; |
124 | 0 | case ecKey: |
125 | 0 | pk11KeyType = CKK_EC; |
126 | 0 | break; |
127 | 0 | case ecMontKey: |
128 | 0 | pk11KeyType = CKK_EC_MONTGOMERY; |
129 | 0 | break; |
130 | 0 | case edKey: |
131 | 0 | pk11KeyType = CKK_EC_EDWARDS; |
132 | 0 | break; |
133 | 0 | case kyberKey: |
134 | 0 | pk11KeyType = CKK_ML_KEM; |
135 | 0 | break; |
136 | 0 | case mldsaKey: |
137 | 0 | pk11KeyType = CKK_ML_DSA; |
138 | 0 | break; |
139 | | /* explicitly put unsupported keys here. The |
140 | | * compiler will tell you when you need to |
141 | | * add switch statements */ |
142 | 0 | case fortezzaKey: |
143 | 0 | case keaKey: |
144 | 0 | case nullKey: |
145 | 0 | break; |
146 | 0 | } |
147 | 0 | if (pk11KeyType == CKK_INVALID_KEY_TYPE) { |
148 | 0 | PORT_SetError(SEC_ERROR_BAD_KEY); |
149 | 0 | } |
150 | 0 | return pk11KeyType; |
151 | 0 | } |
152 | | |
153 | | SECItem * |
154 | | pk11_MakeIDFromPublicKey(const SECKEYPublicKey *pubKey) |
155 | 108k | { |
156 | | /* set the ID to the public key so we can find it again */ |
157 | 108k | const SECItem *pubKeyIndex = PK11_GetPublicValueFromPublicKey(pubKey); |
158 | 108k | PORT_Assert(pubKeyIndex != NULL); |
159 | | |
160 | 108k | return PK11_MakeIDFromPubKey(pubKeyIndex); |
161 | 108k | } |
162 | | |
163 | | /* |
164 | | * import a public key into the desired slot |
165 | | * |
166 | | * This function takes a public key structure and creates a public key in a |
167 | | * given slot. If isToken is set, then a persistant public key is created. |
168 | | * |
169 | | * Note: it is possible for this function to return a handle for a key which |
170 | | * is persistant, even if isToken is not set. |
171 | | */ |
172 | | CK_OBJECT_HANDLE |
173 | | PK11_ImportPublicKey(PK11SlotInfo *slot, SECKEYPublicKey *pubKey, |
174 | | PRBool isToken) |
175 | 45.1k | { |
176 | 45.1k | CK_BBOOL cktrue = CK_TRUE; |
177 | 45.1k | CK_BBOOL ckfalse = CK_FALSE; |
178 | 45.1k | CK_OBJECT_CLASS keyClass = CKO_PUBLIC_KEY; |
179 | 45.1k | CK_KEY_TYPE keyType = CKK_GENERIC_SECRET; |
180 | 45.1k | CK_OBJECT_HANDLE objectID; |
181 | 45.1k | CK_ATTRIBUTE theTemplate[11]; |
182 | 45.1k | CK_ATTRIBUTE *signedattr = NULL; |
183 | 45.1k | CK_ATTRIBUTE *attrs = theTemplate; |
184 | 45.1k | CK_NSS_KEM_PARAMETER_SET_TYPE kemParams; |
185 | 45.1k | SECItem *ckaId = NULL; |
186 | 45.1k | SECItem *pubValue = NULL; |
187 | 45.1k | int signedcount = 0; |
188 | 45.1k | unsigned int templateCount = 0; |
189 | 45.1k | SECStatus rv; |
190 | 45.1k | CK_ML_DSA_PARAMETER_SET_TYPE paramSet; |
191 | | |
192 | | /* if we already have an object in the desired slot, use it */ |
193 | 45.1k | if (!isToken && pubKey->pkcs11Slot == slot) { |
194 | 4 | return pubKey->pkcs11ID; |
195 | 4 | } |
196 | | |
197 | | /* free the existing key */ |
198 | 45.1k | if (pubKey->pkcs11Slot != NULL) { |
199 | 0 | PK11SlotInfo *oSlot = pubKey->pkcs11Slot; |
200 | 0 | if (!PK11_IsPermObject(pubKey->pkcs11Slot, pubKey->pkcs11ID)) { |
201 | 0 | PK11_EnterSlotMonitor(oSlot); |
202 | 0 | (void)PK11_GETTAB(oSlot)->C_DestroyObject(oSlot->session, |
203 | 0 | pubKey->pkcs11ID); |
204 | 0 | PK11_ExitSlotMonitor(oSlot); |
205 | 0 | } |
206 | 0 | PK11_FreeSlot(oSlot); |
207 | 0 | pubKey->pkcs11Slot = NULL; |
208 | 0 | } |
209 | 45.1k | PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, sizeof(keyClass)); |
210 | 45.1k | attrs++; |
211 | 45.1k | PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof(keyType)); |
212 | 45.1k | attrs++; |
213 | 45.1k | PK11_SETATTRS(attrs, CKA_TOKEN, isToken ? &cktrue : &ckfalse, |
214 | 45.1k | sizeof(CK_BBOOL)); |
215 | 45.1k | attrs++; |
216 | 45.1k | if (isToken) { |
217 | 0 | ckaId = pk11_MakeIDFromPublicKey(pubKey); |
218 | 0 | if (ckaId == NULL) { |
219 | 0 | PORT_SetError(SEC_ERROR_BAD_KEY); |
220 | 0 | return CK_INVALID_HANDLE; |
221 | 0 | } |
222 | 0 | PK11_SETATTRS(attrs, CKA_ID, ckaId->data, ckaId->len); |
223 | 0 | attrs++; |
224 | 0 | } |
225 | | |
226 | | /* now import the key */ |
227 | 45.1k | { |
228 | 45.1k | switch (pubKey->keyType) { |
229 | 38.0k | case rsaKey: |
230 | 38.0k | keyType = CKK_RSA; |
231 | 38.0k | PK11_SETATTRS(attrs, CKA_WRAP, &cktrue, sizeof(CK_BBOOL)); |
232 | 38.0k | attrs++; |
233 | 38.0k | PK11_SETATTRS(attrs, CKA_ENCRYPT, &cktrue, |
234 | 38.0k | sizeof(CK_BBOOL)); |
235 | 38.0k | attrs++; |
236 | 38.0k | PK11_SETATTRS(attrs, CKA_VERIFY, &cktrue, sizeof(CK_BBOOL)); |
237 | 38.0k | attrs++; |
238 | 38.0k | signedattr = attrs; |
239 | 38.0k | PK11_SETATTRS(attrs, CKA_MODULUS, pubKey->u.rsa.modulus.data, |
240 | 38.0k | pubKey->u.rsa.modulus.len); |
241 | 38.0k | attrs++; |
242 | 38.0k | PK11_SETATTRS(attrs, CKA_PUBLIC_EXPONENT, |
243 | 38.0k | pubKey->u.rsa.publicExponent.data, |
244 | 38.0k | pubKey->u.rsa.publicExponent.len); |
245 | 38.0k | attrs++; |
246 | 38.0k | break; |
247 | 4.83k | case dsaKey: |
248 | 4.83k | keyType = CKK_DSA; |
249 | 4.83k | PK11_SETATTRS(attrs, CKA_VERIFY, &cktrue, sizeof(CK_BBOOL)); |
250 | 4.83k | attrs++; |
251 | 4.83k | signedattr = attrs; |
252 | 4.83k | PK11_SETATTRS(attrs, CKA_PRIME, pubKey->u.dsa.params.prime.data, |
253 | 4.83k | pubKey->u.dsa.params.prime.len); |
254 | 4.83k | attrs++; |
255 | 4.83k | PK11_SETATTRS(attrs, CKA_SUBPRIME, pubKey->u.dsa.params.subPrime.data, |
256 | 4.83k | pubKey->u.dsa.params.subPrime.len); |
257 | 4.83k | attrs++; |
258 | 4.83k | PK11_SETATTRS(attrs, CKA_BASE, pubKey->u.dsa.params.base.data, |
259 | 4.83k | pubKey->u.dsa.params.base.len); |
260 | 4.83k | attrs++; |
261 | 4.83k | PK11_SETATTRS(attrs, CKA_VALUE, pubKey->u.dsa.publicValue.data, |
262 | 4.83k | pubKey->u.dsa.publicValue.len); |
263 | 4.83k | attrs++; |
264 | 4.83k | break; |
265 | 0 | case fortezzaKey: |
266 | 0 | keyType = CKK_DSA; |
267 | 0 | PK11_SETATTRS(attrs, CKA_VERIFY, &cktrue, sizeof(CK_BBOOL)); |
268 | 0 | attrs++; |
269 | 0 | signedattr = attrs; |
270 | 0 | PK11_SETATTRS(attrs, CKA_PRIME, pubKey->u.fortezza.params.prime.data, |
271 | 0 | pubKey->u.fortezza.params.prime.len); |
272 | 0 | attrs++; |
273 | 0 | PK11_SETATTRS(attrs, CKA_SUBPRIME, |
274 | 0 | pubKey->u.fortezza.params.subPrime.data, |
275 | 0 | pubKey->u.fortezza.params.subPrime.len); |
276 | 0 | attrs++; |
277 | 0 | PK11_SETATTRS(attrs, CKA_BASE, pubKey->u.fortezza.params.base.data, |
278 | 0 | pubKey->u.fortezza.params.base.len); |
279 | 0 | attrs++; |
280 | 0 | PK11_SETATTRS(attrs, CKA_VALUE, pubKey->u.fortezza.DSSKey.data, |
281 | 0 | pubKey->u.fortezza.DSSKey.len); |
282 | 0 | attrs++; |
283 | 0 | break; |
284 | 13 | case dhKey: |
285 | 13 | keyType = CKK_DH; |
286 | 13 | PK11_SETATTRS(attrs, CKA_DERIVE, &cktrue, sizeof(CK_BBOOL)); |
287 | 13 | attrs++; |
288 | 13 | signedattr = attrs; |
289 | 13 | PK11_SETATTRS(attrs, CKA_PRIME, pubKey->u.dh.prime.data, |
290 | 13 | pubKey->u.dh.prime.len); |
291 | 13 | attrs++; |
292 | 13 | PK11_SETATTRS(attrs, CKA_BASE, pubKey->u.dh.base.data, |
293 | 13 | pubKey->u.dh.base.len); |
294 | 13 | attrs++; |
295 | 13 | PK11_SETATTRS(attrs, CKA_VALUE, pubKey->u.dh.publicValue.data, |
296 | 13 | pubKey->u.dh.publicValue.len); |
297 | 13 | attrs++; |
298 | 13 | break; |
299 | 0 | case edKey: |
300 | 0 | keyType = CKK_EC_EDWARDS; |
301 | 0 | PK11_SETATTRS(attrs, CKA_VERIFY, &cktrue, sizeof(CK_BBOOL)); |
302 | 0 | attrs++; |
303 | 0 | PK11_SETATTRS(attrs, CKA_EC_PARAMS, |
304 | 0 | pubKey->u.ec.DEREncodedParams.data, |
305 | 0 | pubKey->u.ec.DEREncodedParams.len); |
306 | 0 | attrs++; |
307 | 0 | PK11_SETATTRS(attrs, CKA_EC_POINT, |
308 | 0 | pubKey->u.ec.publicValue.data, |
309 | 0 | pubKey->u.ec.publicValue.len); |
310 | 0 | attrs++; |
311 | 0 | break; |
312 | 0 | case ecMontKey: |
313 | 0 | keyType = CKK_EC_MONTGOMERY; |
314 | 0 | PK11_SETATTRS(attrs, CKA_DERIVE, &cktrue, sizeof(CK_BBOOL)); |
315 | 0 | attrs++; |
316 | 0 | PK11_SETATTRS(attrs, CKA_EC_PARAMS, |
317 | 0 | pubKey->u.ec.DEREncodedParams.data, |
318 | 0 | pubKey->u.ec.DEREncodedParams.len); |
319 | 0 | attrs++; |
320 | 0 | PK11_SETATTRS(attrs, CKA_EC_POINT, |
321 | 0 | pubKey->u.ec.publicValue.data, |
322 | 0 | pubKey->u.ec.publicValue.len); |
323 | 0 | attrs++; |
324 | 0 | break; |
325 | 1.52k | case ecKey: |
326 | 1.52k | keyType = CKK_EC; |
327 | 1.52k | PK11_SETATTRS(attrs, CKA_VERIFY, &cktrue, sizeof(CK_BBOOL)); |
328 | 1.52k | attrs++; |
329 | 1.52k | PK11_SETATTRS(attrs, CKA_DERIVE, &cktrue, sizeof(CK_BBOOL)); |
330 | 1.52k | attrs++; |
331 | 1.52k | PK11_SETATTRS(attrs, CKA_EC_PARAMS, |
332 | 1.52k | pubKey->u.ec.DEREncodedParams.data, |
333 | 1.52k | pubKey->u.ec.DEREncodedParams.len); |
334 | 1.52k | attrs++; |
335 | 1.52k | if (PR_GetEnvSecure("NSS_USE_DECODED_CKA_EC_POINT")) { |
336 | 0 | PK11_SETATTRS(attrs, CKA_EC_POINT, |
337 | 0 | pubKey->u.ec.publicValue.data, |
338 | 0 | pubKey->u.ec.publicValue.len); |
339 | 0 | attrs++; |
340 | 1.52k | } else { |
341 | 1.52k | pubValue = SEC_ASN1EncodeItem(NULL, NULL, |
342 | 1.52k | &pubKey->u.ec.publicValue, |
343 | 1.52k | SEC_ASN1_GET(SEC_OctetStringTemplate)); |
344 | 1.52k | if (pubValue == NULL) { |
345 | 0 | if (ckaId) { |
346 | 0 | SECITEM_FreeItem(ckaId, PR_TRUE); |
347 | 0 | } |
348 | 0 | return CK_INVALID_HANDLE; |
349 | 0 | } |
350 | 1.52k | PK11_SETATTRS(attrs, CKA_EC_POINT, |
351 | 1.52k | pubValue->data, pubValue->len); |
352 | 1.52k | attrs++; |
353 | 1.52k | } |
354 | 1.52k | break; |
355 | 1.52k | case kyberKey: |
356 | 694 | switch (pubKey->u.kyber.params) { |
357 | 0 | #ifndef NSS_DISABLE_KYBER |
358 | 0 | case params_kyber768_round3: |
359 | 0 | case params_kyber768_round3_test_mode: |
360 | 0 | keyType = CKK_NSS_KYBER; |
361 | 0 | kemParams = CKP_NSS_KYBER_768_ROUND3; |
362 | 0 | break; |
363 | 0 | #endif |
364 | 304 | case params_ml_kem768: |
365 | 304 | case params_ml_kem768_test_mode: |
366 | 304 | keyType = CKK_ML_KEM; |
367 | 304 | kemParams = CKP_ML_KEM_768; |
368 | 304 | break; |
369 | 390 | case params_ml_kem1024: |
370 | 390 | case params_ml_kem1024_test_mode: |
371 | 390 | keyType = CKK_ML_KEM; |
372 | 390 | kemParams = CKP_ML_KEM_1024; |
373 | 390 | break; |
374 | 0 | default: |
375 | 0 | kemParams = CKP_INVALID_ID; |
376 | 0 | break; |
377 | 694 | } |
378 | 694 | PK11_SETATTRS(attrs, CKA_NSS_PARAMETER_SET, |
379 | 694 | &kemParams, |
380 | 694 | sizeof(CK_NSS_KEM_PARAMETER_SET_TYPE)); |
381 | 694 | attrs++; |
382 | 694 | PK11_SETATTRS(attrs, CKA_VALUE, pubKey->u.kyber.publicValue.data, |
383 | 694 | pubKey->u.kyber.publicValue.len); |
384 | 694 | attrs++; |
385 | 694 | break; |
386 | 0 | case mldsaKey: |
387 | 0 | keyType = CKK_ML_DSA; |
388 | 0 | PK11_SETATTRS(attrs, CKA_VERIFY, &cktrue, sizeof(CK_BBOOL)); |
389 | 0 | attrs++; |
390 | 0 | paramSet = SECKEY_GetMLDSAPkcs11ParamSetByOidTag(pubKey->u.mldsa.paramSet); |
391 | 0 | if (paramSet == CKP_INVALID_ID) { |
392 | 0 | PORT_SetError(SEC_ERROR_BAD_KEY); |
393 | 0 | return CK_INVALID_HANDLE; |
394 | 0 | } |
395 | 0 | PK11_SETATTRS(attrs, CKA_PARAMETER_SET, ¶mSet, |
396 | 0 | sizeof(CK_ML_DSA_PARAMETER_SET_TYPE)); |
397 | 0 | attrs++; |
398 | 0 | PK11_SETATTRS(attrs, CKA_VALUE, pubKey->u.mldsa.publicValue.data, |
399 | 0 | pubKey->u.mldsa.publicValue.len); |
400 | 0 | attrs++; |
401 | 0 | break; |
402 | 0 | default: |
403 | 0 | if (ckaId) { |
404 | 0 | SECITEM_FreeItem(ckaId, PR_TRUE); |
405 | 0 | } |
406 | 0 | PORT_SetError(SEC_ERROR_BAD_KEY); |
407 | 0 | return CK_INVALID_HANDLE; |
408 | 45.1k | } |
409 | 45.1k | templateCount = attrs - theTemplate; |
410 | 45.1k | PORT_Assert(templateCount <= (sizeof(theTemplate) / sizeof(CK_ATTRIBUTE))); |
411 | 45.1k | if (signedattr) { |
412 | 42.9k | signedcount = attrs - signedattr; |
413 | 138k | for (attrs = signedattr; signedcount; attrs++, signedcount--) { |
414 | 95.5k | pk11_SignedToUnsigned(attrs); |
415 | 95.5k | } |
416 | 42.9k | } |
417 | 45.1k | rv = PK11_CreateNewObject(slot, CK_INVALID_HANDLE, theTemplate, |
418 | 45.1k | templateCount, isToken, &objectID); |
419 | 45.1k | if (ckaId) { |
420 | 0 | SECITEM_FreeItem(ckaId, PR_TRUE); |
421 | 0 | } |
422 | 45.1k | if (pubValue) { |
423 | 1.52k | SECITEM_FreeItem(pubValue, PR_TRUE); |
424 | 1.52k | } |
425 | 45.1k | if (rv != SECSuccess) { |
426 | 771 | return CK_INVALID_HANDLE; |
427 | 771 | } |
428 | 45.1k | } |
429 | | |
430 | 44.3k | pubKey->pkcs11ID = objectID; |
431 | 44.3k | pubKey->pkcs11Slot = PK11_ReferenceSlot(slot); |
432 | | |
433 | 44.3k | return objectID; |
434 | 45.1k | } |
435 | | |
436 | | /* |
437 | | * take an attribute and copy it into a secitem |
438 | | */ |
439 | | static CK_RV |
440 | | pk11_Attr2SecItem(PLArenaPool *arena, const CK_ATTRIBUTE *attr, SECItem *item) |
441 | 144k | { |
442 | 144k | item->data = NULL; |
443 | | |
444 | 144k | (void)SECITEM_AllocItem(arena, item, attr->ulValueLen); |
445 | 144k | if (item->data == NULL) { |
446 | 0 | return CKR_HOST_MEMORY; |
447 | 0 | } |
448 | 144k | PORT_Memcpy(item->data, attr->pValue, item->len); |
449 | 144k | return CKR_OK; |
450 | 144k | } |
451 | | |
452 | | /* |
453 | | * get a curve length from a set of ecParams. |
454 | | * |
455 | | * We need this so we can reliably determine if the ecPoint passed to us |
456 | | * was encoded or not. With out this, for many curves, we would incorrectly |
457 | | * identify an unencoded curve as an encoded curve 1 in 65536 times, and for |
458 | | * a few we would make that same mistake 1 in 32768 times. These are bad |
459 | | * numbers since they are rare enough to pass tests, but common enough to |
460 | | * be tripped over in the field. |
461 | | * |
462 | | * This function will only work for curves we recognized as of March 2009. |
463 | | * The assumption is curves in use after March of 2009 would be supplied by |
464 | | * PKCS #11 modules that already pass the correct encoding to us. |
465 | | * |
466 | | * Point length = (Roundup(curveLenInBits/8)*2+1) |
467 | | */ |
468 | | static int |
469 | | pk11_get_EC_PointLenInBytes(PLArenaPool *arena, const SECItem *ecParams, |
470 | | PRBool *plain) |
471 | 86.4k | { |
472 | 86.4k | SECItem oid; |
473 | 86.4k | SECOidTag tag; |
474 | 86.4k | SECStatus rv; |
475 | | |
476 | | /* decode the OID tag */ |
477 | 86.4k | rv = SEC_QuickDERDecodeItem(arena, &oid, |
478 | 86.4k | SEC_ASN1_GET(SEC_ObjectIDTemplate), ecParams); |
479 | 86.4k | if (rv != SECSuccess) { |
480 | | /* could be explict curves, allow them to work if the |
481 | | * PKCS #11 module support them. If we try to parse the |
482 | | * explicit curve value in the future, we may return -1 here |
483 | | * to indicate an invalid parameter if the explicit curve |
484 | | * decode fails. */ |
485 | 0 | return 0; |
486 | 0 | } |
487 | | |
488 | 86.4k | *plain = PR_FALSE; |
489 | 86.4k | tag = SECOID_FindOIDTag(&oid); |
490 | 86.4k | switch (tag) { |
491 | 0 | case SEC_OID_SECG_EC_SECP112R1: |
492 | 0 | case SEC_OID_SECG_EC_SECP112R2: |
493 | 0 | return 29; /* curve len in bytes = 14 bytes */ |
494 | 0 | case SEC_OID_SECG_EC_SECT113R1: |
495 | 0 | case SEC_OID_SECG_EC_SECT113R2: |
496 | 0 | return 31; /* curve len in bytes = 15 bytes */ |
497 | 0 | case SEC_OID_SECG_EC_SECP128R1: |
498 | 0 | case SEC_OID_SECG_EC_SECP128R2: |
499 | 0 | return 33; /* curve len in bytes = 16 bytes */ |
500 | 0 | case SEC_OID_SECG_EC_SECT131R1: |
501 | 0 | case SEC_OID_SECG_EC_SECT131R2: |
502 | 0 | return 35; /* curve len in bytes = 17 bytes */ |
503 | 0 | case SEC_OID_SECG_EC_SECP160K1: |
504 | 0 | case SEC_OID_SECG_EC_SECP160R1: |
505 | 0 | case SEC_OID_SECG_EC_SECP160R2: |
506 | 0 | return 41; /* curve len in bytes = 20 bytes */ |
507 | 0 | case SEC_OID_SECG_EC_SECT163K1: |
508 | 0 | case SEC_OID_SECG_EC_SECT163R1: |
509 | 0 | case SEC_OID_SECG_EC_SECT163R2: |
510 | 0 | case SEC_OID_ANSIX962_EC_C2PNB163V1: |
511 | 0 | case SEC_OID_ANSIX962_EC_C2PNB163V2: |
512 | 0 | case SEC_OID_ANSIX962_EC_C2PNB163V3: |
513 | 0 | return 43; /* curve len in bytes = 21 bytes */ |
514 | 0 | case SEC_OID_ANSIX962_EC_C2PNB176V1: |
515 | 0 | return 45; /* curve len in bytes = 22 bytes */ |
516 | 0 | case SEC_OID_ANSIX962_EC_C2TNB191V1: |
517 | 0 | case SEC_OID_ANSIX962_EC_C2TNB191V2: |
518 | 0 | case SEC_OID_ANSIX962_EC_C2TNB191V3: |
519 | 0 | case SEC_OID_SECG_EC_SECP192K1: |
520 | 0 | case SEC_OID_ANSIX962_EC_PRIME192V1: |
521 | 0 | case SEC_OID_ANSIX962_EC_PRIME192V2: |
522 | 0 | case SEC_OID_ANSIX962_EC_PRIME192V3: |
523 | 0 | return 49; /*curve len in bytes = 24 bytes */ |
524 | 0 | case SEC_OID_SECG_EC_SECT193R1: |
525 | 0 | case SEC_OID_SECG_EC_SECT193R2: |
526 | 0 | return 51; /*curve len in bytes = 25 bytes */ |
527 | 0 | case SEC_OID_ANSIX962_EC_C2PNB208W1: |
528 | 0 | return 53; /*curve len in bytes = 26 bytes */ |
529 | 0 | case SEC_OID_SECG_EC_SECP224K1: |
530 | 0 | case SEC_OID_SECG_EC_SECP224R1: |
531 | 0 | return 57; /*curve len in bytes = 28 bytes */ |
532 | 0 | case SEC_OID_SECG_EC_SECT233K1: |
533 | 0 | case SEC_OID_SECG_EC_SECT233R1: |
534 | 0 | case SEC_OID_SECG_EC_SECT239K1: |
535 | 0 | case SEC_OID_ANSIX962_EC_PRIME239V1: |
536 | 0 | case SEC_OID_ANSIX962_EC_PRIME239V2: |
537 | 0 | case SEC_OID_ANSIX962_EC_PRIME239V3: |
538 | 0 | case SEC_OID_ANSIX962_EC_C2TNB239V1: |
539 | 0 | case SEC_OID_ANSIX962_EC_C2TNB239V2: |
540 | 0 | case SEC_OID_ANSIX962_EC_C2TNB239V3: |
541 | 0 | return 61; /*curve len in bytes = 30 bytes */ |
542 | 61.4k | case SEC_OID_ANSIX962_EC_PRIME256V1: |
543 | 61.4k | case SEC_OID_SECG_EC_SECP256K1: |
544 | 61.4k | return 65; /*curve len in bytes = 32 bytes */ |
545 | 0 | case SEC_OID_ANSIX962_EC_C2PNB272W1: |
546 | 0 | return 69; /*curve len in bytes = 34 bytes */ |
547 | 0 | case SEC_OID_SECG_EC_SECT283K1: |
548 | 0 | case SEC_OID_SECG_EC_SECT283R1: |
549 | 0 | return 73; /*curve len in bytes = 36 bytes */ |
550 | 0 | case SEC_OID_ANSIX962_EC_C2PNB304W1: |
551 | 0 | return 77; /*curve len in bytes = 38 bytes */ |
552 | 0 | case SEC_OID_ANSIX962_EC_C2TNB359V1: |
553 | 0 | return 91; /*curve len in bytes = 45 bytes */ |
554 | 0 | case SEC_OID_ANSIX962_EC_C2PNB368W1: |
555 | 0 | return 93; /*curve len in bytes = 46 bytes */ |
556 | 4.32k | case SEC_OID_SECG_EC_SECP384R1: |
557 | 4.32k | return 97; /*curve len in bytes = 48 bytes */ |
558 | 0 | case SEC_OID_SECG_EC_SECT409K1: |
559 | 0 | case SEC_OID_SECG_EC_SECT409R1: |
560 | 0 | return 105; /*curve len in bytes = 52 bytes */ |
561 | 0 | case SEC_OID_ANSIX962_EC_C2TNB431R1: |
562 | 0 | return 109; /*curve len in bytes = 54 bytes */ |
563 | 398 | case SEC_OID_SECG_EC_SECP521R1: |
564 | 398 | return 133; /*curve len in bytes = 66 bytes */ |
565 | 0 | case SEC_OID_SECG_EC_SECT571K1: |
566 | 0 | case SEC_OID_SECG_EC_SECT571R1: |
567 | 0 | return 145; /*curve len in bytes = 72 bytes */ |
568 | 0 | case SEC_OID_X25519: |
569 | 20.2k | case SEC_OID_CURVE25519: |
570 | 20.2k | case SEC_OID_ED25519_PUBLIC_KEY: |
571 | 20.2k | *plain = PR_TRUE; |
572 | 20.2k | return 32; /* curve len in bytes = 32 bytes (only X) */ |
573 | | /* unknown or unrecognized OIDs. return unknown length */ |
574 | 0 | default: |
575 | 0 | break; |
576 | 86.4k | } |
577 | 0 | return 0; |
578 | 86.4k | } |
579 | | |
580 | | /* |
581 | | * returns the decoded point. In some cases the point may already be decoded. |
582 | | * this function tries to detect those cases and return the point in |
583 | | * publicKeyValue. In other cases it's DER encoded. In those cases the point |
584 | | * is first decoded and returned. Space for the point is allocated out of |
585 | | * the passed in arena. |
586 | | */ |
587 | | static CK_RV |
588 | | pk11_get_Decoded_ECPoint(PLArenaPool *arena, const SECItem *ecParams, |
589 | | const CK_ATTRIBUTE *ecPoint, SECItem *publicKeyValue) |
590 | 86.4k | { |
591 | 86.4k | SECItem encodedPublicValue; |
592 | 86.4k | SECStatus rv; |
593 | 86.4k | int keyLen; |
594 | 86.4k | PRBool plain = PR_FALSE; |
595 | | |
596 | 86.4k | if (ecPoint->ulValueLen == 0) { |
597 | 0 | return CKR_ATTRIBUTE_VALUE_INVALID; |
598 | 0 | } |
599 | | |
600 | | /* |
601 | | * The PKCS #11 spec requires ecPoints to be encoded as a DER OCTET String. |
602 | | * NSS has mistakenly passed unencoded values, and some PKCS #11 vendors |
603 | | * followed that mistake. Now we need to detect which encoding we were |
604 | | * passed in. The task is made more complicated by the fact the the |
605 | | * DER encoding byte (SEC_ASN_OCTET_STRING) is the same as the |
606 | | * EC_POINT_FORM_UNCOMPRESSED byte (0x04), so we can't use that to |
607 | | * determine which curve we are using. |
608 | | */ |
609 | | |
610 | | /* get the expected key length for the passed in curve. |
611 | | * pk11_get_EC_PointLenInBytes only returns valid values for curves |
612 | | * NSS has traditionally recognized. If the curve is not recognized, |
613 | | * it will return '0', and we have to figure out if the key was |
614 | | * encoded or not heuristically. If the ecParams are invalid, it |
615 | | * will return -1 for the keyLen. |
616 | | */ |
617 | 86.4k | keyLen = pk11_get_EC_PointLenInBytes(arena, ecParams, &plain); |
618 | 86.4k | if (keyLen < 0) { |
619 | 0 | return CKR_ATTRIBUTE_VALUE_INVALID; |
620 | 0 | } |
621 | | |
622 | | /* |
623 | | * Some curves are not encoded but we don't have the name here. |
624 | | * Instead, pk11_get_EC_PointLenInBytes returns true plain if this is the |
625 | | * case. |
626 | | */ |
627 | 86.4k | if (plain && ecPoint->ulValueLen == (unsigned int)keyLen) { |
628 | 20.2k | return pk11_Attr2SecItem(arena, ecPoint, publicKeyValue); |
629 | 20.2k | } |
630 | | |
631 | | /* If the point is uncompressed and the lengths match, it |
632 | | * must be an unencoded point */ |
633 | 66.1k | if ((*((char *)ecPoint->pValue) == EC_POINT_FORM_UNCOMPRESSED) && |
634 | 66.1k | (ecPoint->ulValueLen == (unsigned int)keyLen)) { |
635 | 0 | return pk11_Attr2SecItem(arena, ecPoint, publicKeyValue); |
636 | 0 | } |
637 | | |
638 | | /* now assume the key passed to us was encoded and decode it */ |
639 | 66.1k | if (*((char *)ecPoint->pValue) == SEC_ASN1_OCTET_STRING) { |
640 | | /* OK, now let's try to decode it and see if it's valid */ |
641 | 66.1k | encodedPublicValue.data = ecPoint->pValue; |
642 | 66.1k | encodedPublicValue.len = ecPoint->ulValueLen; |
643 | 66.1k | rv = SEC_QuickDERDecodeItem(arena, publicKeyValue, |
644 | 66.1k | SEC_ASN1_GET(SEC_OctetStringTemplate), &encodedPublicValue); |
645 | | |
646 | | /* it coded correctly & we know the key length (and they match) |
647 | | * then we are done, return the results. */ |
648 | 66.1k | if (keyLen && rv == SECSuccess && publicKeyValue->len == (unsigned int)keyLen) { |
649 | 66.1k | return CKR_OK; |
650 | 66.1k | } |
651 | | |
652 | | /* if we know the key length, one of the above tests should have |
653 | | * succeded. If it doesn't the module gave us bad data */ |
654 | 0 | if (keyLen) { |
655 | 0 | return CKR_ATTRIBUTE_VALUE_INVALID; |
656 | 0 | } |
657 | | |
658 | | /* We don't know the key length, so we don't know deterministically |
659 | | * which encoding was used. We now will try to pick the most likely |
660 | | * form that's correct, with a preference for the encoded form if we |
661 | | * can't determine for sure. We do this by checking the key we got |
662 | | * back from SEC_QuickDERDecodeItem for defects. If no defects are |
663 | | * found, we assume the encoded parameter was was passed to us. |
664 | | * our defect tests include: |
665 | | * 1) it didn't decode. |
666 | | * 2) The decode key had an invalid length (must be odd). |
667 | | * 3) The decoded key wasn't an UNCOMPRESSED key. |
668 | | * 4) The decoded key didn't include the entire encoded block |
669 | | * except the DER encoding values. (fixing DER length to one |
670 | | * particular value). |
671 | | */ |
672 | 0 | if ((rv != SECSuccess) || ((publicKeyValue->len & 1) != 1) || |
673 | 0 | (publicKeyValue->data[0] != EC_POINT_FORM_UNCOMPRESSED) || |
674 | 0 | (PORT_Memcmp(&encodedPublicValue.data[encodedPublicValue.len - publicKeyValue->len], |
675 | 0 | publicKeyValue->data, |
676 | 0 | publicKeyValue->len) != 0)) { |
677 | | /* The decoded public key was flawed, the original key must have |
678 | | * already been in decoded form. Do a quick sanity check then |
679 | | * return the original key value. |
680 | | */ |
681 | 0 | if ((encodedPublicValue.len & 1) == 0) { |
682 | 0 | return CKR_ATTRIBUTE_VALUE_INVALID; |
683 | 0 | } |
684 | 0 | return pk11_Attr2SecItem(arena, ecPoint, publicKeyValue); |
685 | 0 | } |
686 | | |
687 | | /* as best we can figure, the passed in key was encoded, and we've |
688 | | * now decoded it. Note: there is a chance this could be wrong if the |
689 | | * following conditions hold: |
690 | | * 1) The first byte or bytes of the X point looks like a valid length |
691 | | * of precisely the right size (2*curveSize -1). this means for curves |
692 | | * less than 512 bits (64 bytes), this will happen 1 in 256 times*. |
693 | | * for curves between 512 and 1024, this will happen 1 in 65,536 times* |
694 | | * for curves between 1024 and 256K this will happen 1 in 16 million* |
695 | | * 2) The length of the 'DER length field' is odd |
696 | | * (making both the encoded and decode |
697 | | * values an odd length. this is true of all curves less than 512, |
698 | | * as well as curves between 1024 and 256K). |
699 | | * 3) The X[length of the 'DER length field'] == 0x04, 1 in 256. |
700 | | * |
701 | | * (* assuming all values are equally likely in the first byte, |
702 | | * This isn't true if the curve length is not a multiple of 8. In these |
703 | | * cases, if the DER length is possible, it's more likely, |
704 | | * if it's not possible, then we have no false decodes). |
705 | | * |
706 | | * For reference here are the odds for the various curves we currently |
707 | | * have support for (and the only curves SSL will negotiate at this |
708 | | * time). NOTE: None of the supported curves will show up here |
709 | | * because we return a valid length for all of these curves. |
710 | | * The only way to get here is to have some application (not SSL) |
711 | | * which supports some unknown curve and have some vendor supplied |
712 | | * PKCS #11 module support that curve. NOTE: in this case, one |
713 | | * presumes that that pkcs #11 module is likely to be using the |
714 | | * correct encodings. |
715 | | * |
716 | | * Prime Curves (GFp): |
717 | | * Bit False Odds of |
718 | | * Size DER Len False Decode Positive |
719 | | * 112 27 1 in 65536 |
720 | | * 128 31 1 in 65536 |
721 | | * 160 39 1 in 65536 |
722 | | * 192 47 1 in 65536 |
723 | | * 224 55 1 in 65536 |
724 | | * 239 59 1 in 32768 (top byte can only be 0-127) |
725 | | * 256 63 1 in 65536 |
726 | | * 521 129,131 0 (decoded value would be even) |
727 | | * |
728 | | * Binary curves (GF2m). |
729 | | * Bit False Odds of |
730 | | * Size DER Len False Decode Positive |
731 | | * 131 33 0 (top byte can only be 0-7) |
732 | | * 163 41 0 (top byte can only be 0-7) |
733 | | * 176 43 1 in 65536 |
734 | | * 191 47 1 in 32768 (top byte can only be 0-127) |
735 | | * 193 49 0 (top byte can only be 0-1) |
736 | | * 208 51 1 in 65536 |
737 | | * 233 59 0 (top byte can only be 0-1) |
738 | | * 239 59 1 in 32768 (top byte can only be 0-127) |
739 | | * 272 67 1 in 65536 |
740 | | * 283 71 0 (top byte can only be 0-7) |
741 | | * 304 75 1 in 65536 |
742 | | * 359 89 1 in 32768 (top byte can only be 0-127) |
743 | | * 368 91 1 in 65536 |
744 | | * 409 103 0 (top byte can only be 0-1) |
745 | | * 431 107 1 in 32768 (top byte can only be 0-127) |
746 | | * 571 129,143 0 (decoded value would be even) |
747 | | * |
748 | | */ |
749 | | |
750 | 0 | return CKR_OK; |
751 | 0 | } |
752 | | |
753 | | /* In theory, we should handle the case where the curve == 0 and |
754 | | * the first byte is EC_POINT_FORM_UNCOMPRESSED, (which would be |
755 | | * handled by doing a santity check on the key length and returning |
756 | | * pk11_Attr2SecItem() to copy the ecPoint to the publicKeyValue). |
757 | | * |
758 | | * This test is unnecessary, however, due to the fact that |
759 | | * EC_POINT_FORM_UNCOMPRESSED == SEC_ASIN1_OCTET_STRING, that case is |
760 | | * handled in the above if. That means if we get here, the initial |
761 | | * byte of our ecPoint value was invalid, so we can safely return. |
762 | | * invalid attribute. |
763 | | */ |
764 | | |
765 | 0 | return CKR_ATTRIBUTE_VALUE_INVALID; |
766 | 66.1k | } |
767 | | |
768 | | /* |
769 | | * extract a public key from a slot and id |
770 | | */ |
771 | | SECKEYPublicKey * |
772 | | PK11_ExtractPublicKey(PK11SlotInfo *slot, KeyType keyType, CK_OBJECT_HANDLE id) |
773 | 108k | { |
774 | 108k | CK_OBJECT_CLASS keyClass = CKO_PUBLIC_KEY; |
775 | 108k | PLArenaPool *arena; |
776 | 108k | PLArenaPool *tmp_arena; |
777 | 108k | SECKEYPublicKey *pubKey; |
778 | 108k | unsigned int templateCount = 0; |
779 | 108k | CK_KEY_TYPE pk11KeyType; |
780 | 108k | CK_RV crv; |
781 | 108k | CK_ATTRIBUTE template[8]; |
782 | 108k | CK_ATTRIBUTE *attrs = template; |
783 | 108k | CK_ATTRIBUTE *modulus, *exponent, *base, *prime, *subprime, *value; |
784 | 108k | CK_ATTRIBUTE *ecparams, *kemParams, *mldsaParams; |
785 | | |
786 | | /* if we didn't know the key type, get it */ |
787 | 108k | if (keyType == nullKey) { |
788 | 0 | pk11KeyType = PK11_ReadULongAttribute(slot, id, CKA_KEY_TYPE); |
789 | 0 | if (pk11KeyType == CK_UNAVAILABLE_INFORMATION) { |
790 | 0 | return NULL; |
791 | 0 | } |
792 | 0 | keyType = pk11_getKeyTypeFromPKCS11KeyType(pk11KeyType); |
793 | 0 | if (keyType == nullKey) { |
794 | 0 | return NULL; |
795 | 0 | } |
796 | 0 | } |
797 | | |
798 | | /* now we need to create space for the public key */ |
799 | 108k | arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); |
800 | 108k | if (arena == NULL) |
801 | 0 | return NULL; |
802 | 108k | tmp_arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); |
803 | 108k | if (tmp_arena == NULL) { |
804 | 0 | PORT_FreeArena(arena, PR_FALSE); |
805 | 0 | return NULL; |
806 | 0 | } |
807 | | |
808 | 108k | pubKey = (SECKEYPublicKey *) |
809 | 108k | PORT_ArenaZAlloc(arena, sizeof(SECKEYPublicKey)); |
810 | 108k | if (pubKey == NULL) { |
811 | 0 | PORT_FreeArena(arena, PR_FALSE); |
812 | 0 | PORT_FreeArena(tmp_arena, PR_FALSE); |
813 | 0 | return NULL; |
814 | 0 | } |
815 | | |
816 | 108k | pubKey->arena = arena; |
817 | 108k | pubKey->keyType = keyType; |
818 | 108k | pubKey->pkcs11Slot = PK11_ReferenceSlot(slot); |
819 | 108k | pubKey->pkcs11ID = id; |
820 | 108k | PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, |
821 | 108k | sizeof(keyClass)); |
822 | 108k | attrs++; |
823 | 108k | PK11_SETATTRS(attrs, CKA_KEY_TYPE, &pk11KeyType, |
824 | 108k | sizeof(pk11KeyType)); |
825 | 108k | attrs++; |
826 | 108k | switch (pubKey->keyType) { |
827 | 0 | case rsaKey: |
828 | 0 | modulus = attrs; |
829 | 0 | PK11_SETATTRS(attrs, CKA_MODULUS, NULL, 0); |
830 | 0 | attrs++; |
831 | 0 | exponent = attrs; |
832 | 0 | PK11_SETATTRS(attrs, CKA_PUBLIC_EXPONENT, NULL, 0); |
833 | 0 | attrs++; |
834 | |
|
835 | 0 | templateCount = attrs - template; |
836 | 0 | PR_ASSERT(templateCount <= sizeof(template) / sizeof(CK_ATTRIBUTE)); |
837 | 0 | crv = PK11_GetAttributes(tmp_arena, slot, id, template, templateCount); |
838 | 0 | if (crv != CKR_OK) |
839 | 0 | break; |
840 | | |
841 | 0 | if ((keyClass != CKO_PUBLIC_KEY) || (pk11KeyType != CKK_RSA)) { |
842 | 0 | crv = CKR_OBJECT_HANDLE_INVALID; |
843 | 0 | break; |
844 | 0 | } |
845 | 0 | crv = pk11_Attr2SecItem(arena, modulus, &pubKey->u.rsa.modulus); |
846 | 0 | if (crv != CKR_OK) |
847 | 0 | break; |
848 | 0 | crv = pk11_Attr2SecItem(arena, exponent, &pubKey->u.rsa.publicExponent); |
849 | 0 | if (crv != CKR_OK) |
850 | 0 | break; |
851 | 0 | break; |
852 | 0 | case dsaKey: |
853 | 0 | prime = attrs; |
854 | 0 | PK11_SETATTRS(attrs, CKA_PRIME, NULL, 0); |
855 | 0 | attrs++; |
856 | 0 | subprime = attrs; |
857 | 0 | PK11_SETATTRS(attrs, CKA_SUBPRIME, NULL, 0); |
858 | 0 | attrs++; |
859 | 0 | base = attrs; |
860 | 0 | PK11_SETATTRS(attrs, CKA_BASE, NULL, 0); |
861 | 0 | attrs++; |
862 | 0 | value = attrs; |
863 | 0 | PK11_SETATTRS(attrs, CKA_VALUE, NULL, 0); |
864 | 0 | attrs++; |
865 | 0 | templateCount = attrs - template; |
866 | 0 | PR_ASSERT(templateCount <= sizeof(template) / sizeof(CK_ATTRIBUTE)); |
867 | 0 | crv = PK11_GetAttributes(tmp_arena, slot, id, template, templateCount); |
868 | 0 | if (crv != CKR_OK) |
869 | 0 | break; |
870 | | |
871 | 0 | if ((keyClass != CKO_PUBLIC_KEY) || (pk11KeyType != CKK_DSA)) { |
872 | 0 | crv = CKR_OBJECT_HANDLE_INVALID; |
873 | 0 | break; |
874 | 0 | } |
875 | 0 | crv = pk11_Attr2SecItem(arena, prime, &pubKey->u.dsa.params.prime); |
876 | 0 | if (crv != CKR_OK) |
877 | 0 | break; |
878 | 0 | crv = pk11_Attr2SecItem(arena, subprime, &pubKey->u.dsa.params.subPrime); |
879 | 0 | if (crv != CKR_OK) |
880 | 0 | break; |
881 | 0 | crv = pk11_Attr2SecItem(arena, base, &pubKey->u.dsa.params.base); |
882 | 0 | if (crv != CKR_OK) |
883 | 0 | break; |
884 | 0 | crv = pk11_Attr2SecItem(arena, value, &pubKey->u.dsa.publicValue); |
885 | 0 | if (crv != CKR_OK) |
886 | 0 | break; |
887 | 0 | break; |
888 | 7.76k | case dhKey: |
889 | 7.76k | prime = attrs; |
890 | 7.76k | PK11_SETATTRS(attrs, CKA_PRIME, NULL, 0); |
891 | 7.76k | attrs++; |
892 | 7.76k | base = attrs; |
893 | 7.76k | PK11_SETATTRS(attrs, CKA_BASE, NULL, 0); |
894 | 7.76k | attrs++; |
895 | 7.76k | value = attrs; |
896 | 7.76k | PK11_SETATTRS(attrs, CKA_VALUE, NULL, 0); |
897 | 7.76k | attrs++; |
898 | 7.76k | templateCount = attrs - template; |
899 | 7.76k | PR_ASSERT(templateCount <= sizeof(template) / sizeof(CK_ATTRIBUTE)); |
900 | 7.76k | crv = PK11_GetAttributes(tmp_arena, slot, id, template, templateCount); |
901 | 7.76k | if (crv != CKR_OK) |
902 | 0 | break; |
903 | | |
904 | 7.76k | if ((keyClass != CKO_PUBLIC_KEY) || (pk11KeyType != CKK_DH)) { |
905 | 0 | crv = CKR_OBJECT_HANDLE_INVALID; |
906 | 0 | break; |
907 | 0 | } |
908 | 7.76k | crv = pk11_Attr2SecItem(arena, prime, &pubKey->u.dh.prime); |
909 | 7.76k | if (crv != CKR_OK) |
910 | 0 | break; |
911 | 7.76k | crv = pk11_Attr2SecItem(arena, base, &pubKey->u.dh.base); |
912 | 7.76k | if (crv != CKR_OK) |
913 | 0 | break; |
914 | 7.76k | crv = pk11_Attr2SecItem(arena, value, &pubKey->u.dh.publicValue); |
915 | 7.76k | if (crv != CKR_OK) |
916 | 0 | break; |
917 | 7.76k | break; |
918 | 7.76k | case edKey: |
919 | 86.4k | case ecKey: |
920 | 86.4k | case ecMontKey: |
921 | 86.4k | pubKey->u.ec.size = 0; |
922 | 86.4k | ecparams = attrs; |
923 | 86.4k | PK11_SETATTRS(attrs, CKA_EC_PARAMS, NULL, 0); |
924 | 86.4k | attrs++; |
925 | 86.4k | value = attrs; |
926 | 86.4k | PK11_SETATTRS(attrs, CKA_EC_POINT, NULL, 0); |
927 | 86.4k | attrs++; |
928 | 86.4k | templateCount = attrs - template; |
929 | 86.4k | PR_ASSERT(templateCount <= sizeof(template) / sizeof(CK_ATTRIBUTE)); |
930 | 86.4k | crv = PK11_GetAttributes(arena, slot, id, template, templateCount); |
931 | 86.4k | if (crv != CKR_OK) |
932 | 0 | break; |
933 | | |
934 | 86.4k | if ((keyClass != CKO_PUBLIC_KEY) || |
935 | 86.4k | (pubKey->keyType == ecKey && pk11KeyType != CKK_EC) || |
936 | 86.4k | (pubKey->keyType == edKey && pk11KeyType != CKK_EC_EDWARDS) || |
937 | 86.4k | (pubKey->keyType == ecMontKey && pk11KeyType != CKK_EC_MONTGOMERY)) { |
938 | 0 | crv = CKR_OBJECT_HANDLE_INVALID; |
939 | 0 | break; |
940 | 0 | } |
941 | | |
942 | 86.4k | crv = pk11_Attr2SecItem(arena, ecparams, |
943 | 86.4k | &pubKey->u.ec.DEREncodedParams); |
944 | 86.4k | if (crv != CKR_OK) |
945 | 0 | break; |
946 | 86.4k | pubKey->u.ec.encoding = ECPoint_Undefined; |
947 | 86.4k | crv = pk11_get_Decoded_ECPoint(arena, |
948 | 86.4k | &pubKey->u.ec.DEREncodedParams, value, |
949 | 86.4k | &pubKey->u.ec.publicValue); |
950 | 86.4k | break; |
951 | 0 | case mldsaKey: |
952 | 0 | value = attrs; |
953 | 0 | PK11_SETATTRS(attrs, CKA_VALUE, NULL, 0); |
954 | 0 | attrs++; |
955 | 0 | mldsaParams = attrs; |
956 | 0 | PK11_SETATTRS(attrs, CKA_PARAMETER_SET, NULL, 0); |
957 | 0 | attrs++; |
958 | 0 | templateCount = attrs - template; |
959 | 0 | PR_ASSERT(templateCount <= sizeof(template) / sizeof(CK_ATTRIBUTE)); |
960 | 0 | crv = PK11_GetAttributes(tmp_arena, slot, id, template, templateCount); |
961 | 0 | if (crv != CKR_OK) |
962 | 0 | break; |
963 | | |
964 | 0 | if ((keyClass != CKO_PUBLIC_KEY) || (pk11KeyType != CKK_ML_DSA)) { |
965 | 0 | crv = CKR_OBJECT_HANDLE_INVALID; |
966 | 0 | break; |
967 | 0 | } |
968 | | |
969 | 0 | if (mldsaParams->ulValueLen != sizeof(CK_ML_DSA_PARAMETER_SET_TYPE)) { |
970 | 0 | crv = CKR_OBJECT_HANDLE_INVALID; |
971 | 0 | break; |
972 | 0 | } |
973 | 0 | pubKey->u.mldsa.paramSet = SECKEY_GetMLDSAOidTagByPkcs11ParamSet( |
974 | 0 | *(CK_ML_DSA_PARAMETER_SET_TYPE *)mldsaParams->pValue); |
975 | |
|
976 | 0 | crv = pk11_Attr2SecItem(arena, value, &pubKey->u.mldsa.publicValue); |
977 | 0 | if (crv != CKR_OK) |
978 | 0 | break; |
979 | 0 | break; |
980 | 14.6k | case kyberKey: |
981 | 14.6k | value = attrs; |
982 | 14.6k | PK11_SETATTRS(attrs, CKA_VALUE, NULL, 0); |
983 | 14.6k | attrs++; |
984 | 14.6k | kemParams = attrs; |
985 | 14.6k | PK11_SETATTRS(attrs, CKA_PARAMETER_SET, NULL, 0); |
986 | 14.6k | attrs++; |
987 | 14.6k | templateCount = attrs - template; |
988 | 14.6k | PR_ASSERT(templateCount <= sizeof(template) / sizeof(CK_ATTRIBUTE)); |
989 | | |
990 | 14.6k | crv = PK11_GetAttributes(arena, slot, id, template, templateCount); |
991 | 14.6k | if (crv != CKR_OK) { |
992 | 0 | kemParams->type = CKA_NSS_PARAMETER_SET; |
993 | 0 | crv = PK11_GetAttributes(arena, slot, id, template, |
994 | 0 | templateCount); |
995 | 0 | if (crv != CKR_OK) { |
996 | 0 | break; |
997 | 0 | } |
998 | 0 | } |
999 | | |
1000 | 14.6k | if (keyClass != CKO_PUBLIC_KEY) { |
1001 | 0 | crv = CKR_OBJECT_HANDLE_INVALID; |
1002 | 0 | break; |
1003 | 0 | } |
1004 | | |
1005 | 14.6k | switch (pk11KeyType) { |
1006 | 0 | #ifndef NSS_DISABLE_KYBER |
1007 | 0 | case CKK_NSS_KYBER: |
1008 | 0 | #endif |
1009 | 14.6k | case CKK_NSS_ML_KEM: |
1010 | 14.6k | case CKK_ML_KEM: |
1011 | 14.6k | break; |
1012 | 0 | default: |
1013 | 0 | crv = CKR_OBJECT_HANDLE_INVALID; |
1014 | 0 | break; |
1015 | 14.6k | } |
1016 | 14.6k | if (crv != CKR_OK) { |
1017 | 0 | break; |
1018 | 0 | } |
1019 | | |
1020 | 14.6k | if (kemParams->ulValueLen != sizeof(CK_NSS_KEM_PARAMETER_SET_TYPE)) { |
1021 | 0 | crv = CKR_OBJECT_HANDLE_INVALID; |
1022 | 0 | break; |
1023 | 0 | } |
1024 | 14.6k | CK_NSS_KEM_PARAMETER_SET_TYPE *pPK11Params = kemParams->pValue; |
1025 | 14.6k | switch (*pPK11Params) { |
1026 | 0 | #ifndef NSS_DISABLE_KYBER |
1027 | 0 | case CKP_NSS_KYBER_768_ROUND3: |
1028 | 0 | pubKey->u.kyber.params = params_kyber768_round3; |
1029 | 0 | break; |
1030 | 0 | #endif |
1031 | 0 | case CKP_NSS_ML_KEM_768: |
1032 | 14.5k | case CKP_ML_KEM_768: |
1033 | 14.5k | pubKey->u.kyber.params = params_ml_kem768; |
1034 | 14.5k | break; |
1035 | 46 | case CKP_ML_KEM_1024: |
1036 | 46 | pubKey->u.kyber.params = params_ml_kem1024; |
1037 | 46 | break; |
1038 | 0 | default: |
1039 | 0 | pubKey->u.kyber.params = params_kyber_invalid; |
1040 | 0 | break; |
1041 | 14.6k | } |
1042 | 14.6k | crv = pk11_Attr2SecItem(arena, value, &pubKey->u.kyber.publicValue); |
1043 | 14.6k | break; |
1044 | 0 | case fortezzaKey: |
1045 | 0 | case nullKey: |
1046 | 0 | default: |
1047 | 0 | crv = CKR_OBJECT_HANDLE_INVALID; |
1048 | 0 | break; |
1049 | 108k | } |
1050 | | |
1051 | 108k | PORT_FreeArena(tmp_arena, PR_FALSE); |
1052 | | |
1053 | 108k | if (crv != CKR_OK) { |
1054 | 0 | PORT_FreeArena(arena, PR_FALSE); |
1055 | 0 | PK11_FreeSlot(slot); |
1056 | 0 | PORT_SetError(PK11_MapError(crv)); |
1057 | 0 | return NULL; |
1058 | 0 | } |
1059 | | |
1060 | 108k | return pubKey; |
1061 | 108k | } |
1062 | | |
1063 | | /* |
1064 | | * Build a Private Key structure from raw PKCS #11 information. |
1065 | | */ |
1066 | | SECKEYPrivateKey * |
1067 | | PK11_MakePrivKey(PK11SlotInfo *slot, KeyType keyType, |
1068 | | PRBool isTemp, CK_OBJECT_HANDLE privID, void *wincx) |
1069 | 108k | { |
1070 | 108k | PLArenaPool *arena; |
1071 | 108k | SECKEYPrivateKey *privKey; |
1072 | 108k | PRBool isPrivate; |
1073 | 108k | SECStatus rv; |
1074 | | |
1075 | | /* don't know? look it up */ |
1076 | 108k | if (keyType == nullKey) { |
1077 | 0 | CK_KEY_TYPE pk11Type = CKK_RSA; |
1078 | |
|
1079 | 0 | pk11Type = PK11_ReadULongAttribute(slot, privID, CKA_KEY_TYPE); |
1080 | 0 | isTemp = (PRBool)!PK11_HasAttributeSet(slot, privID, CKA_TOKEN, PR_FALSE); |
1081 | 0 | keyType = pk11_getKeyTypeFromPKCS11KeyType(pk11Type); |
1082 | 0 | if (keyType == nullKey) { |
1083 | 0 | return NULL; |
1084 | 0 | } |
1085 | 0 | } |
1086 | | |
1087 | | /* if the key is private, make sure we are authenticated to the |
1088 | | * token before we try to use it */ |
1089 | 108k | isPrivate = (PRBool)PK11_HasAttributeSet(slot, privID, CKA_PRIVATE, PR_FALSE); |
1090 | 108k | if (isPrivate) { |
1091 | 3.59k | rv = PK11_Authenticate(slot, PR_TRUE, wincx); |
1092 | 3.59k | if (rv != SECSuccess) { |
1093 | 0 | return NULL; |
1094 | 0 | } |
1095 | 3.59k | } |
1096 | | |
1097 | | /* now we need to create space for the private key */ |
1098 | 108k | arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); |
1099 | 108k | if (arena == NULL) |
1100 | 0 | return NULL; |
1101 | | |
1102 | 108k | privKey = (SECKEYPrivateKey *) |
1103 | 108k | PORT_ArenaZAlloc(arena, sizeof(SECKEYPrivateKey)); |
1104 | 108k | if (privKey == NULL) { |
1105 | 0 | PORT_FreeArena(arena, PR_FALSE); |
1106 | 0 | return NULL; |
1107 | 0 | } |
1108 | | |
1109 | 108k | privKey->arena = arena; |
1110 | 108k | privKey->keyType = keyType; |
1111 | 108k | privKey->pkcs11Slot = PK11_ReferenceSlot(slot); |
1112 | 108k | privKey->pkcs11ID = privID; |
1113 | 108k | privKey->pkcs11IsTemp = isTemp; |
1114 | 108k | privKey->wincx = wincx; |
1115 | | |
1116 | 108k | return privKey; |
1117 | 108k | } |
1118 | | |
1119 | | PK11SlotInfo * |
1120 | | PK11_GetSlotFromPrivateKey(SECKEYPrivateKey *key) |
1121 | 54.7k | { |
1122 | 54.7k | PK11SlotInfo *slot = key->pkcs11Slot; |
1123 | 54.7k | slot = PK11_ReferenceSlot(slot); |
1124 | 54.7k | return slot; |
1125 | 54.7k | } |
1126 | | |
1127 | | /* |
1128 | | * Get the modulus length for raw parsing |
1129 | | */ |
1130 | | int |
1131 | | PK11_GetPrivateModulusLen(SECKEYPrivateKey *key) |
1132 | 26.0k | { |
1133 | 26.0k | CK_ATTRIBUTE theTemplate = { CKA_MODULUS, NULL, 0 }; |
1134 | 26.0k | PK11SlotInfo *slot = key->pkcs11Slot; |
1135 | 26.0k | CK_RV crv; |
1136 | 26.0k | int length; |
1137 | | |
1138 | 26.0k | switch (key->keyType) { |
1139 | 25.9k | case rsaKey: |
1140 | 25.9k | crv = PK11_GetAttributes(NULL, slot, key->pkcs11ID, &theTemplate, 1); |
1141 | 25.9k | if (crv != CKR_OK) { |
1142 | 0 | PORT_SetError(PK11_MapError(crv)); |
1143 | 0 | return -1; |
1144 | 0 | } |
1145 | 25.9k | if (theTemplate.pValue == NULL) { |
1146 | 0 | PORT_SetError(PK11_MapError(CKR_ATTRIBUTE_VALUE_INVALID)); |
1147 | 0 | return -1; |
1148 | 0 | } |
1149 | 25.9k | length = theTemplate.ulValueLen; |
1150 | 25.9k | if (*(unsigned char *)theTemplate.pValue == 0) { |
1151 | 0 | length--; |
1152 | 0 | } |
1153 | 25.9k | PORT_Free(theTemplate.pValue); |
1154 | 25.9k | return (int)length; |
1155 | 81 | default: |
1156 | 81 | break; |
1157 | 26.0k | } |
1158 | 81 | if (theTemplate.pValue != NULL) |
1159 | 0 | PORT_Free(theTemplate.pValue); |
1160 | 81 | PORT_SetError(SEC_ERROR_INVALID_KEY); |
1161 | 81 | return -1; |
1162 | 26.0k | } |
1163 | | |
1164 | | /* |
1165 | | * take a private key in one pkcs11 module and load it into another: |
1166 | | * NOTE: the source private key is a rare animal... it can't be sensitive. |
1167 | | * This is used to do a key gen using one pkcs11 module and storing the |
1168 | | * result into another. |
1169 | | */ |
1170 | | static SECKEYPrivateKey * |
1171 | | pk11_loadPrivKeyWithFlags(PK11SlotInfo *slot, SECKEYPrivateKey *privKey, |
1172 | | SECKEYPublicKey *pubKey, PK11AttrFlags attrFlags) |
1173 | 0 | { |
1174 | 0 | CK_ATTRIBUTE privTemplate[] = { |
1175 | | /* class must be first */ |
1176 | 0 | { CKA_CLASS, NULL, 0 }, |
1177 | 0 | { CKA_KEY_TYPE, NULL, 0 }, |
1178 | 0 | { CKA_ID, NULL, 0 }, |
1179 | | /* RSA - the attributes below will be replaced for other |
1180 | | * key types. |
1181 | | */ |
1182 | 0 | { CKA_MODULUS, NULL, 0 }, |
1183 | 0 | { CKA_PRIVATE_EXPONENT, NULL, 0 }, |
1184 | 0 | { CKA_PUBLIC_EXPONENT, NULL, 0 }, |
1185 | 0 | { CKA_PRIME_1, NULL, 0 }, |
1186 | 0 | { CKA_PRIME_2, NULL, 0 }, |
1187 | 0 | { CKA_EXPONENT_1, NULL, 0 }, |
1188 | 0 | { CKA_EXPONENT_2, NULL, 0 }, |
1189 | 0 | { CKA_COEFFICIENT, NULL, 0 }, |
1190 | 0 | { CKA_DECRYPT, NULL, 0 }, |
1191 | 0 | { CKA_DERIVE, NULL, 0 }, |
1192 | 0 | { CKA_SIGN, NULL, 0 }, |
1193 | 0 | { CKA_SIGN_RECOVER, NULL, 0 }, |
1194 | 0 | { CKA_UNWRAP, NULL, 0 }, |
1195 | 0 | { CKA_DECAPSULATE, NULL, 0 }, |
1196 | | /* reserve space for the attributes that may be |
1197 | | * specified in attrFlags */ |
1198 | 0 | { CKA_TOKEN, NULL, 0 }, |
1199 | 0 | { CKA_PRIVATE, NULL, 0 }, |
1200 | 0 | { CKA_MODIFIABLE, NULL, 0 }, |
1201 | 0 | { CKA_SENSITIVE, NULL, 0 }, |
1202 | 0 | { CKA_EXTRACTABLE, NULL, 0 }, |
1203 | 0 | { CKA_PARAMETER_SET, NULL, 0 }, |
1204 | 0 | { CKA_SEED, NULL, 0 }, |
1205 | 0 | #define NUM_RESERVED_ATTRS 5 /* number of reserved attributes above */ |
1206 | 0 | }; |
1207 | 0 | CK_BBOOL cktrue = CK_TRUE; |
1208 | 0 | CK_BBOOL ckfalse = CK_FALSE; |
1209 | 0 | CK_ATTRIBUTE *attrs = NULL, *ap; |
1210 | 0 | const int templateSize = sizeof(privTemplate) / sizeof(privTemplate[0]); |
1211 | 0 | PLArenaPool *arena; |
1212 | 0 | CK_OBJECT_HANDLE objectID; |
1213 | 0 | int i, count = 0; |
1214 | 0 | int extra_count = 0; /* count of signed attributes */ |
1215 | 0 | CK_RV crv; |
1216 | 0 | SECStatus rv; |
1217 | 0 | PRBool token = ((attrFlags & PK11_ATTR_TOKEN) != 0); |
1218 | |
|
1219 | 0 | if (pk11_BadAttrFlags(attrFlags)) { |
1220 | 0 | PORT_SetError(SEC_ERROR_INVALID_ARGS); |
1221 | 0 | return NULL; |
1222 | 0 | } |
1223 | | |
1224 | 0 | for (i = 0; i < templateSize; i++) { |
1225 | 0 | if (privTemplate[i].type == CKA_MODULUS) { |
1226 | 0 | attrs = &privTemplate[i]; |
1227 | 0 | count = i; |
1228 | 0 | break; |
1229 | 0 | } |
1230 | 0 | } |
1231 | 0 | PORT_Assert(attrs != NULL); |
1232 | 0 | if (attrs == NULL) { |
1233 | 0 | PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); |
1234 | 0 | return NULL; |
1235 | 0 | } |
1236 | | |
1237 | 0 | ap = attrs; |
1238 | |
|
1239 | 0 | switch (privKey->keyType) { |
1240 | 0 | case rsaKey: |
1241 | 0 | count = templateSize - NUM_RESERVED_ATTRS; |
1242 | 0 | extra_count = count - (attrs - privTemplate); |
1243 | 0 | break; |
1244 | 0 | case dsaKey: |
1245 | 0 | ap->type = CKA_PRIME; |
1246 | 0 | ap++; |
1247 | 0 | count++; |
1248 | 0 | extra_count++; |
1249 | 0 | ap->type = CKA_SUBPRIME; |
1250 | 0 | ap++; |
1251 | 0 | count++; |
1252 | 0 | extra_count++; |
1253 | 0 | ap->type = CKA_BASE; |
1254 | 0 | ap++; |
1255 | 0 | count++; |
1256 | 0 | extra_count++; |
1257 | 0 | ap->type = CKA_VALUE; |
1258 | 0 | ap++; |
1259 | 0 | count++; |
1260 | 0 | extra_count++; |
1261 | 0 | ap->type = CKA_SIGN; |
1262 | 0 | ap++; |
1263 | 0 | count++; |
1264 | 0 | extra_count++; |
1265 | 0 | break; |
1266 | 0 | case dhKey: |
1267 | 0 | ap->type = CKA_PRIME; |
1268 | 0 | ap++; |
1269 | 0 | count++; |
1270 | 0 | extra_count++; |
1271 | 0 | ap->type = CKA_BASE; |
1272 | 0 | ap++; |
1273 | 0 | count++; |
1274 | 0 | extra_count++; |
1275 | 0 | ap->type = CKA_VALUE; |
1276 | 0 | ap++; |
1277 | 0 | count++; |
1278 | 0 | extra_count++; |
1279 | 0 | ap->type = CKA_DERIVE; |
1280 | 0 | ap++; |
1281 | 0 | count++; |
1282 | 0 | extra_count++; |
1283 | 0 | break; |
1284 | 0 | case mldsaKey: |
1285 | 0 | ap->type = CKA_PARAMETER_SET; |
1286 | 0 | ap++; |
1287 | 0 | count++; |
1288 | 0 | ap->type = CKA_SEED; |
1289 | 0 | ap++; |
1290 | 0 | count++; |
1291 | 0 | ap->type = CKA_VALUE; |
1292 | 0 | ap++; |
1293 | 0 | count++; |
1294 | 0 | ap->type = CKA_SIGN; |
1295 | 0 | ap++; |
1296 | 0 | count++; |
1297 | 0 | break; |
1298 | 0 | case ecKey: |
1299 | 0 | case edKey: |
1300 | 0 | case ecMontKey: |
1301 | 0 | ap->type = CKA_EC_PARAMS; |
1302 | 0 | ap++; |
1303 | 0 | count++; |
1304 | 0 | ap->type = CKA_VALUE; |
1305 | 0 | ap++; |
1306 | 0 | count++; |
1307 | 0 | if (privKey->keyType == ecKey) { |
1308 | 0 | ap->type = CKA_DERIVE; |
1309 | 0 | ap++; |
1310 | 0 | count++; |
1311 | 0 | } |
1312 | |
|
1313 | 0 | ap->type = CKA_SIGN; |
1314 | 0 | ap++; |
1315 | 0 | count++; |
1316 | 0 | break; |
1317 | 0 | default: |
1318 | 0 | count = 0; |
1319 | 0 | extra_count = 0; |
1320 | 0 | break; |
1321 | 0 | } |
1322 | | |
1323 | 0 | if (count == 0) { |
1324 | 0 | PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); |
1325 | 0 | return NULL; |
1326 | 0 | } |
1327 | | |
1328 | 0 | arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); |
1329 | 0 | if (arena == NULL) |
1330 | 0 | return NULL; |
1331 | | /* |
1332 | | * read out the old attributes. |
1333 | | */ |
1334 | 0 | crv = PK11_GetAttributes(arena, privKey->pkcs11Slot, privKey->pkcs11ID, |
1335 | 0 | privTemplate, count); |
1336 | 0 | if (crv != CKR_OK) { |
1337 | 0 | PORT_SetError(PK11_MapError(crv)); |
1338 | 0 | PORT_FreeArena(arena, PR_TRUE); |
1339 | 0 | return NULL; |
1340 | 0 | } |
1341 | | |
1342 | | /* Set token, private, modifiable, sensitive, and extractable */ |
1343 | 0 | count += pk11_AttrFlagsToAttributes(attrFlags, &privTemplate[count], |
1344 | 0 | &cktrue, &ckfalse); |
1345 | | |
1346 | | /* Not everyone can handle zero padded key values, give |
1347 | | * them the raw data as unsigned. Where the values are encoded or |
1348 | | * zero-preserving per-RFC5915. NOTE Most new algorithms are |
1349 | | * OCTET strings, not signed integers, so this conversion |
1350 | | * isn't necessary for them. */ |
1351 | 0 | if (extra_count) { |
1352 | 0 | for (ap = attrs; extra_count; ap++, extra_count--) { |
1353 | 0 | pk11_SignedToUnsigned(ap); |
1354 | 0 | } |
1355 | 0 | } |
1356 | | |
1357 | | /* now Store the puppies */ |
1358 | 0 | rv = PK11_CreateNewObject(slot, CK_INVALID_HANDLE, privTemplate, |
1359 | 0 | count, token, &objectID); |
1360 | 0 | PORT_FreeArena(arena, PR_TRUE); |
1361 | 0 | if (rv != SECSuccess) { |
1362 | 0 | return NULL; |
1363 | 0 | } |
1364 | | |
1365 | | /* try loading the public key */ |
1366 | 0 | if (pubKey) { |
1367 | 0 | PK11_ImportPublicKey(slot, pubKey, token); |
1368 | 0 | if (pubKey->pkcs11Slot) { |
1369 | 0 | PK11_FreeSlot(pubKey->pkcs11Slot); |
1370 | 0 | pubKey->pkcs11Slot = NULL; |
1371 | 0 | pubKey->pkcs11ID = CK_INVALID_HANDLE; |
1372 | 0 | } |
1373 | 0 | } |
1374 | | |
1375 | | /* build new key structure */ |
1376 | 0 | return PK11_MakePrivKey(slot, privKey->keyType, !token, |
1377 | 0 | objectID, privKey->wincx); |
1378 | 0 | } |
1379 | | |
1380 | | static SECKEYPrivateKey * |
1381 | | pk11_loadPrivKey(PK11SlotInfo *slot, SECKEYPrivateKey *privKey, |
1382 | | SECKEYPublicKey *pubKey, PRBool token, PRBool sensitive) |
1383 | 0 | { |
1384 | 0 | PK11AttrFlags attrFlags = 0; |
1385 | 0 | if (token) { |
1386 | 0 | attrFlags |= (PK11_ATTR_TOKEN | PK11_ATTR_PRIVATE); |
1387 | 0 | } else { |
1388 | 0 | attrFlags |= (PK11_ATTR_SESSION | PK11_ATTR_PUBLIC); |
1389 | 0 | } |
1390 | 0 | if (sensitive) { |
1391 | 0 | attrFlags |= PK11_ATTR_SENSITIVE; |
1392 | 0 | } else { |
1393 | 0 | attrFlags |= PK11_ATTR_INSENSITIVE; |
1394 | 0 | } |
1395 | 0 | return pk11_loadPrivKeyWithFlags(slot, privKey, pubKey, attrFlags); |
1396 | 0 | } |
1397 | | |
1398 | | /* |
1399 | | * export this for PSM |
1400 | | */ |
1401 | | SECKEYPrivateKey * |
1402 | | PK11_LoadPrivKey(PK11SlotInfo *slot, SECKEYPrivateKey *privKey, |
1403 | | SECKEYPublicKey *pubKey, PRBool token, PRBool sensitive) |
1404 | 0 | { |
1405 | 0 | return pk11_loadPrivKey(slot, privKey, pubKey, token, sensitive); |
1406 | 0 | } |
1407 | | |
1408 | | /* |
1409 | | * Use the token to generate a key pair. |
1410 | | */ |
1411 | | SECKEYPrivateKey * |
1412 | | PK11_GenerateKeyPairWithOpFlags(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, |
1413 | | void *param, SECKEYPublicKey **pubKey, PK11AttrFlags attrFlags, |
1414 | | CK_FLAGS opFlags, CK_FLAGS opFlagsMask, void *wincx) |
1415 | 110k | { |
1416 | | /* we have to use these native types because when we call PKCS 11 modules |
1417 | | * we have to make sure that we are using the correct sizes for all the |
1418 | | * parameters. */ |
1419 | 110k | CK_BBOOL ckfalse = CK_FALSE; |
1420 | 110k | CK_BBOOL cktrue = CK_TRUE; |
1421 | 110k | CK_ULONG modulusBits; |
1422 | 110k | CK_BYTE publicExponent[4]; |
1423 | 110k | CK_ATTRIBUTE privTemplate[] = { |
1424 | 110k | { CKA_SENSITIVE, NULL, 0 }, |
1425 | 110k | { CKA_TOKEN, NULL, 0 }, |
1426 | 110k | { CKA_PRIVATE, NULL, 0 }, |
1427 | 110k | { CKA_DERIVE, NULL, 0 }, |
1428 | 110k | { CKA_UNWRAP, NULL, 0 }, |
1429 | 110k | { CKA_SIGN, NULL, 0 }, |
1430 | 110k | { CKA_DECRYPT, NULL, 0 }, |
1431 | 110k | { CKA_EXTRACTABLE, NULL, 0 }, |
1432 | 110k | { CKA_MODIFIABLE, NULL, 0 }, |
1433 | 110k | { CKA_DECAPSULATE, NULL, 0 }, |
1434 | 110k | }; |
1435 | 110k | CK_ATTRIBUTE rsaPubTemplate[] = { |
1436 | 110k | { CKA_MODULUS_BITS, NULL, 0 }, |
1437 | 110k | { CKA_PUBLIC_EXPONENT, NULL, 0 }, |
1438 | 110k | { CKA_TOKEN, NULL, 0 }, |
1439 | 110k | { CKA_DERIVE, NULL, 0 }, |
1440 | 110k | { CKA_WRAP, NULL, 0 }, |
1441 | 110k | { CKA_VERIFY, NULL, 0 }, |
1442 | 110k | { CKA_VERIFY_RECOVER, NULL, 0 }, |
1443 | 110k | { CKA_ENCRYPT, NULL, 0 }, |
1444 | 110k | { CKA_MODIFIABLE, NULL, 0 }, |
1445 | 110k | { CKA_ENCAPSULATE, NULL, 0 }, |
1446 | 110k | }; |
1447 | 110k | CK_ATTRIBUTE dsaPubTemplate[] = { |
1448 | 110k | { CKA_PRIME, NULL, 0 }, |
1449 | 110k | { CKA_SUBPRIME, NULL, 0 }, |
1450 | 110k | { CKA_BASE, NULL, 0 }, |
1451 | 110k | { CKA_TOKEN, NULL, 0 }, |
1452 | 110k | { CKA_DERIVE, NULL, 0 }, |
1453 | 110k | { CKA_WRAP, NULL, 0 }, |
1454 | 110k | { CKA_VERIFY, NULL, 0 }, |
1455 | 110k | { CKA_VERIFY_RECOVER, NULL, 0 }, |
1456 | 110k | { CKA_ENCRYPT, NULL, 0 }, |
1457 | 110k | { CKA_MODIFIABLE, NULL, 0 }, |
1458 | 110k | { CKA_ENCAPSULATE, NULL, 0 }, |
1459 | 110k | }; |
1460 | 110k | CK_ATTRIBUTE dhPubTemplate[] = { |
1461 | 110k | { CKA_PRIME, NULL, 0 }, |
1462 | 110k | { CKA_BASE, NULL, 0 }, |
1463 | 110k | { CKA_TOKEN, NULL, 0 }, |
1464 | 110k | { CKA_DERIVE, NULL, 0 }, |
1465 | 110k | { CKA_WRAP, NULL, 0 }, |
1466 | 110k | { CKA_VERIFY, NULL, 0 }, |
1467 | 110k | { CKA_VERIFY_RECOVER, NULL, 0 }, |
1468 | 110k | { CKA_ENCRYPT, NULL, 0 }, |
1469 | 110k | { CKA_MODIFIABLE, NULL, 0 }, |
1470 | 110k | { CKA_ENCAPSULATE, NULL, 0 }, |
1471 | 110k | }; |
1472 | 110k | CK_ATTRIBUTE ecPubTemplate[] = { |
1473 | 110k | { CKA_EC_PARAMS, NULL, 0 }, |
1474 | 110k | { CKA_TOKEN, NULL, 0 }, |
1475 | 110k | { CKA_DERIVE, NULL, 0 }, |
1476 | 110k | { CKA_WRAP, NULL, 0 }, |
1477 | 110k | { CKA_VERIFY, NULL, 0 }, |
1478 | 110k | { CKA_VERIFY_RECOVER, NULL, 0 }, |
1479 | 110k | { CKA_ENCRYPT, NULL, 0 }, |
1480 | 110k | { CKA_MODIFIABLE, NULL, 0 }, |
1481 | 110k | { CKA_ENCAPSULATE, NULL, 0 }, |
1482 | 110k | }; |
1483 | 110k | SECKEYECParams *ecParams; |
1484 | | |
1485 | 110k | CK_ATTRIBUTE mlDsaPubTemplate[] = { |
1486 | 110k | { CKA_PARAMETER_SET, NULL, 0 }, |
1487 | 110k | { CKA_TOKEN, NULL, 0 }, |
1488 | 110k | { CKA_DERIVE, NULL, 0 }, |
1489 | 110k | { CKA_WRAP, NULL, 0 }, |
1490 | 110k | { CKA_VERIFY, NULL, 0 }, |
1491 | 110k | { CKA_VERIFY_RECOVER, NULL, 0 }, |
1492 | 110k | { CKA_ENCRYPT, NULL, 0 }, |
1493 | 110k | { CKA_MODIFIABLE, NULL, 0 }, |
1494 | 110k | }; |
1495 | | |
1496 | 110k | CK_ATTRIBUTE kyberPubTemplate[] = { |
1497 | 110k | { CKA_NSS_PARAMETER_SET, NULL, 0 }, |
1498 | 110k | { CKA_TOKEN, NULL, 0 }, |
1499 | 110k | { CKA_DERIVE, NULL, 0 }, |
1500 | 110k | { CKA_WRAP, NULL, 0 }, |
1501 | 110k | { CKA_VERIFY, NULL, 0 }, |
1502 | 110k | { CKA_VERIFY_RECOVER, NULL, 0 }, |
1503 | 110k | { CKA_ENCRYPT, NULL, 0 }, |
1504 | 110k | { CKA_MODIFIABLE, NULL, 0 }, |
1505 | 110k | { CKA_ENCAPSULATE, NULL, 0 }, |
1506 | 110k | }; |
1507 | | |
1508 | | /*CK_ULONG key_size = 0;*/ |
1509 | 110k | CK_ATTRIBUTE *pubTemplate; |
1510 | 110k | int privCount = 0; |
1511 | 110k | int pubCount = 0; |
1512 | 110k | PK11RSAGenParams *rsaParams; |
1513 | 110k | SECKEYPQGParams *dsaParams; |
1514 | 110k | SECKEYDHParams *dhParams; |
1515 | 110k | CK_NSS_KEM_PARAMETER_SET_TYPE *kemParams; |
1516 | 110k | CK_ML_DSA_PARAMETER_SET_TYPE *mldsaParams; |
1517 | 110k | CK_MECHANISM mechanism; |
1518 | 110k | CK_MECHANISM test_mech; |
1519 | 110k | CK_MECHANISM test_mech2; |
1520 | 110k | CK_SESSION_HANDLE session_handle; |
1521 | 110k | CK_RV crv; |
1522 | 110k | CK_OBJECT_HANDLE privID, pubID; |
1523 | 110k | SECKEYPrivateKey *privKey; |
1524 | 110k | KeyType keyType; |
1525 | 110k | PRBool restore; |
1526 | 110k | int peCount, i; |
1527 | 110k | CK_ATTRIBUTE *attrs; |
1528 | 110k | CK_ATTRIBUTE *privattrs; |
1529 | 110k | CK_ATTRIBUTE setTemplate; |
1530 | 110k | CK_MECHANISM_INFO mechanism_info; |
1531 | 110k | CK_OBJECT_CLASS keyClass; |
1532 | 110k | SECItem *cka_id; |
1533 | 110k | PRBool haslock = PR_FALSE; |
1534 | 110k | PRBool pubIsToken = PR_FALSE; |
1535 | 110k | PRBool token = ((attrFlags & PK11_ATTR_TOKEN) != 0); |
1536 | | /* subset of attrFlags applicable to the public key */ |
1537 | 110k | PK11AttrFlags pubKeyAttrFlags = attrFlags & |
1538 | 110k | (PK11_ATTR_TOKEN | PK11_ATTR_SESSION | PK11_ATTR_MODIFIABLE | PK11_ATTR_UNMODIFIABLE); |
1539 | | |
1540 | 110k | if (pk11_BadAttrFlags(attrFlags)) { |
1541 | 0 | PORT_SetError(SEC_ERROR_INVALID_ARGS); |
1542 | 0 | return NULL; |
1543 | 0 | } |
1544 | | |
1545 | 110k | if (!param) { |
1546 | 0 | PORT_SetError(SEC_ERROR_INVALID_ARGS); |
1547 | 0 | return NULL; |
1548 | 0 | } |
1549 | | |
1550 | | /* |
1551 | | * The opFlags and opFlagMask parameters allow us to control the |
1552 | | * settings of the key usage attributes (CKA_ENCRYPT and friends). |
1553 | | * opFlagMask is set to one if the flag is specified in opFlags and |
1554 | | * zero if it is to take on a default value calculated by |
1555 | | * PK11_GenerateKeyPairWithOpFlags. |
1556 | | * opFlags specifies the actual value of the flag 1 or 0. |
1557 | | * Bits not corresponding to one bits in opFlagMask should be zero. |
1558 | | */ |
1559 | | |
1560 | | /* if we are trying to turn on a flag, it better be in the mask */ |
1561 | 110k | PORT_Assert((opFlags & ~opFlagsMask) == 0); |
1562 | 110k | opFlags &= opFlagsMask; |
1563 | | |
1564 | 110k | PORT_Assert(slot != NULL); |
1565 | 110k | if (slot == NULL) { |
1566 | 0 | PORT_SetError(SEC_ERROR_NO_MODULE); |
1567 | 0 | return NULL; |
1568 | 0 | } |
1569 | | |
1570 | | /* if our slot really doesn't do this mechanism, Generate the key |
1571 | | * in our internal token and write it out */ |
1572 | 110k | if (!PK11_DoesMechanism(slot, type)) { |
1573 | 0 | PK11SlotInfo *int_slot = PK11_GetInternalSlot(); |
1574 | | |
1575 | | /* don't loop forever looking for a slot */ |
1576 | 0 | if (slot == int_slot) { |
1577 | 0 | PK11_FreeSlot(int_slot); |
1578 | | /* if we don't have support in softoken, then the mechanism |
1579 | | * just isnt' supported */ |
1580 | 0 | PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); |
1581 | 0 | return NULL; |
1582 | 0 | } |
1583 | | |
1584 | | /* if there isn't a suitable slot, then we can't do the keygen */ |
1585 | 0 | if (int_slot == NULL) { |
1586 | 0 | PORT_SetError(SEC_ERROR_NO_MODULE); |
1587 | 0 | return NULL; |
1588 | 0 | } |
1589 | | |
1590 | | /* generate the temporary key to load */ |
1591 | 0 | privKey = PK11_GenerateKeyPair(int_slot, type, param, pubKey, PR_FALSE, |
1592 | 0 | PR_FALSE, wincx); |
1593 | 0 | PK11_FreeSlot(int_slot); |
1594 | | |
1595 | | /* if successful, load the temp key into the new token */ |
1596 | 0 | if (privKey != NULL) { |
1597 | 0 | SECKEYPrivateKey *newPrivKey = pk11_loadPrivKeyWithFlags(slot, |
1598 | 0 | privKey, *pubKey, attrFlags); |
1599 | 0 | SECKEY_DestroyPrivateKey(privKey); |
1600 | 0 | if (newPrivKey == NULL) { |
1601 | 0 | SECKEY_DestroyPublicKey(*pubKey); |
1602 | 0 | *pubKey = NULL; |
1603 | 0 | } |
1604 | 0 | return newPrivKey; |
1605 | 0 | } |
1606 | 0 | return NULL; |
1607 | 0 | } |
1608 | | |
1609 | 110k | mechanism.mechanism = type; |
1610 | 110k | mechanism.pParameter = NULL; |
1611 | 110k | mechanism.ulParameterLen = 0; |
1612 | 110k | test_mech.pParameter = NULL; |
1613 | 110k | test_mech.ulParameterLen = 0; |
1614 | 110k | test_mech2.mechanism = CKM_INVALID_MECHANISM; |
1615 | 110k | test_mech2.pParameter = NULL; |
1616 | 110k | test_mech2.ulParameterLen = 0; |
1617 | | |
1618 | | /* set up the private key template */ |
1619 | 110k | privattrs = privTemplate; |
1620 | 110k | privattrs += pk11_AttrFlagsToAttributes(attrFlags, privattrs, |
1621 | 110k | &cktrue, &ckfalse); |
1622 | | |
1623 | | /* set up the mechanism specific info */ |
1624 | 110k | switch (type) { |
1625 | 0 | case CKM_RSA_PKCS_KEY_PAIR_GEN: |
1626 | 0 | case CKM_RSA_X9_31_KEY_PAIR_GEN: |
1627 | 0 | rsaParams = (PK11RSAGenParams *)param; |
1628 | 0 | if (rsaParams->pe == 0) { |
1629 | 0 | PORT_SetError(SEC_ERROR_INVALID_ARGS); |
1630 | 0 | return NULL; |
1631 | 0 | } |
1632 | 0 | modulusBits = rsaParams->keySizeInBits; |
1633 | 0 | peCount = 0; |
1634 | | |
1635 | | /* convert pe to a PKCS #11 string */ |
1636 | 0 | for (i = 0; i < 4; i++) { |
1637 | 0 | if (peCount || (rsaParams->pe & |
1638 | 0 | ((unsigned long)0xff000000L >> (i * 8)))) { |
1639 | 0 | publicExponent[peCount] = |
1640 | 0 | (CK_BYTE)((rsaParams->pe >> (3 - i) * 8) & 0xff); |
1641 | 0 | peCount++; |
1642 | 0 | } |
1643 | 0 | } |
1644 | 0 | PORT_Assert(peCount != 0); |
1645 | 0 | attrs = rsaPubTemplate; |
1646 | 0 | PK11_SETATTRS(attrs, CKA_MODULUS_BITS, |
1647 | 0 | &modulusBits, sizeof(modulusBits)); |
1648 | 0 | attrs++; |
1649 | 0 | PK11_SETATTRS(attrs, CKA_PUBLIC_EXPONENT, |
1650 | 0 | publicExponent, peCount); |
1651 | 0 | attrs++; |
1652 | 0 | pubTemplate = rsaPubTemplate; |
1653 | 0 | keyType = rsaKey; |
1654 | 0 | test_mech.mechanism = CKM_RSA_PKCS; |
1655 | 0 | break; |
1656 | 0 | case CKM_DSA_KEY_PAIR_GEN: |
1657 | 0 | dsaParams = (SECKEYPQGParams *)param; |
1658 | 0 | attrs = dsaPubTemplate; |
1659 | 0 | PK11_SETATTRS(attrs, CKA_PRIME, dsaParams->prime.data, |
1660 | 0 | dsaParams->prime.len); |
1661 | 0 | attrs++; |
1662 | 0 | PK11_SETATTRS(attrs, CKA_SUBPRIME, dsaParams->subPrime.data, |
1663 | 0 | dsaParams->subPrime.len); |
1664 | 0 | attrs++; |
1665 | 0 | PK11_SETATTRS(attrs, CKA_BASE, dsaParams->base.data, |
1666 | 0 | dsaParams->base.len); |
1667 | 0 | attrs++; |
1668 | 0 | pubTemplate = dsaPubTemplate; |
1669 | 0 | keyType = dsaKey; |
1670 | 0 | test_mech.mechanism = CKM_DSA; |
1671 | 0 | break; |
1672 | 8.25k | case CKM_DH_PKCS_KEY_PAIR_GEN: |
1673 | 8.25k | dhParams = (SECKEYDHParams *)param; |
1674 | 8.25k | attrs = dhPubTemplate; |
1675 | 8.25k | PK11_SETATTRS(attrs, CKA_PRIME, dhParams->prime.data, |
1676 | 8.25k | dhParams->prime.len); |
1677 | 8.25k | attrs++; |
1678 | 8.25k | PK11_SETATTRS(attrs, CKA_BASE, dhParams->base.data, |
1679 | 8.25k | dhParams->base.len); |
1680 | 8.25k | attrs++; |
1681 | 8.25k | pubTemplate = dhPubTemplate; |
1682 | 8.25k | keyType = dhKey; |
1683 | 8.25k | test_mech.mechanism = CKM_DH_PKCS_DERIVE; |
1684 | 8.25k | break; |
1685 | 10.3k | case CKM_EC_KEY_PAIR_GEN: |
1686 | 87.1k | case CKM_NSS_ECDHE_NO_PAIRWISE_CHECK_KEY_PAIR_GEN: |
1687 | 87.1k | ecParams = (SECKEYECParams *)param; |
1688 | 87.1k | attrs = ecPubTemplate; |
1689 | 87.1k | PK11_SETATTRS(attrs, CKA_EC_PARAMS, ecParams->data, |
1690 | 87.1k | ecParams->len); |
1691 | 87.1k | attrs++; |
1692 | 87.1k | pubTemplate = ecPubTemplate; |
1693 | 87.1k | keyType = ecKey; |
1694 | | /* |
1695 | | * ECC supports 2 different mechanism types (unlike RSA, which |
1696 | | * supports different usages with the same mechanism). |
1697 | | * We may need to query both mechanism types and or the results |
1698 | | * together -- but we only do that if either the user has |
1699 | | * requested both usages, or not specified any usages. |
1700 | | */ |
1701 | 87.1k | if ((opFlags & (CKF_SIGN | CKF_DERIVE)) == (CKF_SIGN | CKF_DERIVE)) { |
1702 | | /* We've explicitly turned on both flags, use both mechanism */ |
1703 | 0 | test_mech.mechanism = CKM_ECDH1_DERIVE; |
1704 | 0 | test_mech2.mechanism = CKM_ECDSA; |
1705 | 87.1k | } else if (opFlags & CKF_SIGN) { |
1706 | | /* just do signing */ |
1707 | 0 | test_mech.mechanism = CKM_ECDSA; |
1708 | 87.1k | } else if (opFlags & CKF_DERIVE) { |
1709 | | /* just do ECDH */ |
1710 | 83.5k | test_mech.mechanism = CKM_ECDH1_DERIVE; |
1711 | 83.5k | } else { |
1712 | | /* neither was specified default to both */ |
1713 | 3.62k | test_mech.mechanism = CKM_ECDH1_DERIVE; |
1714 | 3.62k | test_mech2.mechanism = CKM_ECDSA; |
1715 | 3.62k | } |
1716 | 87.1k | break; |
1717 | 0 | #ifndef NSS_DISABLE_KYBER |
1718 | 0 | case CKM_NSS_KYBER_KEY_PAIR_GEN: |
1719 | 0 | #endif |
1720 | 14.6k | case CKM_NSS_ML_KEM_KEY_PAIR_GEN: |
1721 | 14.6k | case CKM_ML_KEM_KEY_PAIR_GEN: |
1722 | 14.6k | kemParams = (CK_NSS_KEM_PARAMETER_SET_TYPE *)param; |
1723 | 14.6k | attrs = kyberPubTemplate; |
1724 | 14.6k | PK11_SETATTRS(attrs, CKA_PARAMETER_SET, |
1725 | 14.6k | kemParams, |
1726 | 14.6k | sizeof(CK_NSS_KEM_PARAMETER_SET_TYPE)); |
1727 | 14.6k | attrs++; |
1728 | 14.6k | pubTemplate = kyberPubTemplate; |
1729 | 14.6k | keyType = kyberKey; |
1730 | 14.6k | test_mech.mechanism = CKM_ML_KEM; |
1731 | 14.6k | break; |
1732 | 0 | case CKM_EC_MONTGOMERY_KEY_PAIR_GEN: |
1733 | 0 | ecParams = (SECKEYECParams *)param; |
1734 | 0 | attrs = ecPubTemplate; |
1735 | 0 | PK11_SETATTRS(attrs, CKA_EC_PARAMS, ecParams->data, |
1736 | 0 | ecParams->len); |
1737 | 0 | attrs++; |
1738 | 0 | pubTemplate = ecPubTemplate; |
1739 | 0 | keyType = ecMontKey; |
1740 | 0 | test_mech.mechanism = CKM_ECDH1_DERIVE; |
1741 | 0 | break; |
1742 | 0 | case CKM_EC_EDWARDS_KEY_PAIR_GEN: |
1743 | 0 | ecParams = (SECKEYECParams *)param; |
1744 | 0 | attrs = ecPubTemplate; |
1745 | 0 | PK11_SETATTRS(attrs, CKA_EC_PARAMS, ecParams->data, |
1746 | 0 | ecParams->len); |
1747 | 0 | attrs++; |
1748 | 0 | pubTemplate = ecPubTemplate; |
1749 | 0 | keyType = edKey; |
1750 | 0 | test_mech.mechanism = CKM_EDDSA; |
1751 | 0 | break; |
1752 | 0 | case CKM_ML_DSA_KEY_PAIR_GEN: |
1753 | 0 | mldsaParams = (CK_ML_DSA_PARAMETER_SET_TYPE *)param; |
1754 | 0 | attrs = mlDsaPubTemplate; |
1755 | 0 | PK11_SETATTRS(attrs, |
1756 | 0 | CKA_PARAMETER_SET, |
1757 | 0 | mldsaParams, |
1758 | 0 | sizeof(CK_ML_DSA_PARAMETER_SET_TYPE)); |
1759 | 0 | attrs++; |
1760 | 0 | pubTemplate = mlDsaPubTemplate; |
1761 | 0 | keyType = mldsaKey; |
1762 | 0 | test_mech.mechanism = CKM_ML_DSA; |
1763 | 0 | break; |
1764 | 0 | default: |
1765 | 0 | PORT_SetError(SEC_ERROR_BAD_KEY); |
1766 | 0 | return NULL; |
1767 | 110k | } |
1768 | | |
1769 | | /* now query the slot to find out how "good" a key we can generate */ |
1770 | 110k | if (!slot->isThreadSafe) |
1771 | 0 | PK11_EnterSlotMonitor(slot); |
1772 | 110k | crv = PK11_GETTAB(slot)->C_GetMechanismInfo(slot->slotID, |
1773 | 110k | test_mech.mechanism, &mechanism_info); |
1774 | | /* |
1775 | | * EC keys are used in multiple different types of mechanism, if we |
1776 | | * are using dual use keys, we need to query the second mechanism |
1777 | | * as well. |
1778 | | */ |
1779 | 110k | if (test_mech2.mechanism != CKM_INVALID_MECHANISM) { |
1780 | 3.62k | CK_MECHANISM_INFO mechanism_info2; |
1781 | 3.62k | CK_RV crv2; |
1782 | | |
1783 | 3.62k | if (crv != CKR_OK) { |
1784 | | /* the first failed, make sure there is no trash in the |
1785 | | * mechanism flags when we or it below */ |
1786 | 0 | mechanism_info.flags = 0; |
1787 | 0 | } |
1788 | 3.62k | crv2 = PK11_GETTAB(slot)->C_GetMechanismInfo(slot->slotID, |
1789 | 3.62k | test_mech2.mechanism, &mechanism_info2); |
1790 | 3.62k | if (crv2 == CKR_OK) { |
1791 | 3.62k | crv = CKR_OK; /* succeed if either mechnaism info succeeds */ |
1792 | | /* combine the 2 sets of mechnanism flags */ |
1793 | 3.62k | mechanism_info.flags |= mechanism_info2.flags; |
1794 | 3.62k | } |
1795 | 3.62k | } |
1796 | 110k | if (!slot->isThreadSafe) |
1797 | 0 | PK11_ExitSlotMonitor(slot); |
1798 | 110k | if ((crv != CKR_OK) || (mechanism_info.flags == 0)) { |
1799 | | /* must be old module... guess what it should be... */ |
1800 | 0 | switch (test_mech.mechanism) { |
1801 | 0 | case CKM_RSA_PKCS: |
1802 | 0 | mechanism_info.flags = (CKF_SIGN | CKF_DECRYPT | |
1803 | 0 | CKF_WRAP | CKF_VERIFY_RECOVER | CKF_ENCRYPT | CKF_WRAP); |
1804 | 0 | break; |
1805 | 0 | case CKM_DSA: |
1806 | 0 | case CKM_ECDSA: |
1807 | 0 | case CKM_EDDSA: |
1808 | 0 | case CKM_ML_DSA: |
1809 | 0 | mechanism_info.flags = CKF_SIGN | CKF_VERIFY; |
1810 | 0 | break; |
1811 | 0 | case CKM_DH_PKCS_DERIVE: |
1812 | 0 | mechanism_info.flags = CKF_DERIVE; |
1813 | 0 | break; |
1814 | 0 | case CKM_ECDH1_DERIVE: |
1815 | 0 | mechanism_info.flags = CKF_DERIVE; |
1816 | 0 | if (test_mech2.mechanism == CKM_ECDSA) { |
1817 | 0 | mechanism_info.flags |= CKF_SIGN | CKF_VERIFY; |
1818 | 0 | } |
1819 | 0 | break; |
1820 | 0 | case CKM_NSS_KYBER: |
1821 | 0 | case CKM_NSS_ML_KEM: |
1822 | 0 | case CKM_ML_KEM: |
1823 | 0 | mechanism_info.flags = CKF_ENCAPSULATE | CKF_DECAPSULATE; |
1824 | 0 | break; |
1825 | 0 | default: |
1826 | 0 | break; |
1827 | 0 | } |
1828 | 0 | } |
1829 | | /* now adjust our flags according to the user's key usage passed to us */ |
1830 | 110k | mechanism_info.flags = (mechanism_info.flags & (~opFlagsMask)) | opFlags; |
1831 | | /* set the public key attributes */ |
1832 | 110k | attrs += pk11_AttrFlagsToAttributes(pubKeyAttrFlags, attrs, |
1833 | 110k | &cktrue, &ckfalse); |
1834 | 110k | PK11_SETATTRS(attrs, CKA_DERIVE, |
1835 | 110k | mechanism_info.flags & CKF_DERIVE ? &cktrue : &ckfalse, |
1836 | 110k | sizeof(CK_BBOOL)); |
1837 | 110k | attrs++; |
1838 | 110k | PK11_SETATTRS(attrs, CKA_WRAP, |
1839 | 110k | mechanism_info.flags & CKF_WRAP ? &cktrue : &ckfalse, |
1840 | 110k | sizeof(CK_BBOOL)); |
1841 | 110k | attrs++; |
1842 | 110k | PK11_SETATTRS(attrs, CKA_VERIFY, |
1843 | 110k | mechanism_info.flags & CKF_VERIFY ? &cktrue : &ckfalse, |
1844 | 110k | sizeof(CK_BBOOL)); |
1845 | 110k | attrs++; |
1846 | 110k | PK11_SETATTRS(attrs, CKA_VERIFY_RECOVER, |
1847 | 110k | mechanism_info.flags & CKF_VERIFY_RECOVER ? &cktrue : &ckfalse, |
1848 | 110k | sizeof(CK_BBOOL)); |
1849 | 110k | attrs++; |
1850 | 110k | PK11_SETATTRS(attrs, CKA_ENCRYPT, |
1851 | 110k | mechanism_info.flags & CKF_ENCRYPT ? &cktrue : &ckfalse, |
1852 | 110k | sizeof(CK_BBOOL)); |
1853 | 110k | attrs++; |
1854 | | /* only set encapsulate if it's requested and shows up in the mechanism |
1855 | | * list, that way we don't confuse pre-3.2 PKCS #11 modules */ |
1856 | 110k | if (mechanism_info.flags & CKF_ENCAPSULATE) { |
1857 | 14.6k | PK11_SETATTRS(attrs, CKA_ENCAPSULATE, &cktrue, sizeof(CK_BBOOL)); |
1858 | 14.6k | attrs++; |
1859 | 14.6k | } |
1860 | | |
1861 | | /* set the private key attributes */ |
1862 | 110k | PK11_SETATTRS(privattrs, CKA_DERIVE, |
1863 | 110k | mechanism_info.flags & CKF_DERIVE ? &cktrue : &ckfalse, |
1864 | 110k | sizeof(CK_BBOOL)); |
1865 | 110k | privattrs++; |
1866 | 110k | PK11_SETATTRS(privattrs, CKA_UNWRAP, |
1867 | 110k | mechanism_info.flags & CKF_UNWRAP ? &cktrue : &ckfalse, |
1868 | 110k | sizeof(CK_BBOOL)); |
1869 | 110k | privattrs++; |
1870 | 110k | PK11_SETATTRS(privattrs, CKA_SIGN, |
1871 | 110k | mechanism_info.flags & CKF_SIGN ? &cktrue : &ckfalse, |
1872 | 110k | sizeof(CK_BBOOL)); |
1873 | 110k | privattrs++; |
1874 | 110k | PK11_SETATTRS(privattrs, CKA_DECRYPT, |
1875 | 110k | mechanism_info.flags & CKF_DECRYPT ? &cktrue : &ckfalse, |
1876 | 110k | sizeof(CK_BBOOL)); |
1877 | 110k | privattrs++; |
1878 | | /* only set it if the attribute exists so we don't confuse old modules */ |
1879 | 110k | if (mechanism_info.flags & CKF_DECAPSULATE) { |
1880 | 14.6k | PK11_SETATTRS(privattrs, CKA_DECAPSULATE, &cktrue, sizeof(CK_BBOOL)); |
1881 | 14.6k | privattrs++; |
1882 | 14.6k | } |
1883 | | |
1884 | 110k | if (token) { |
1885 | 0 | session_handle = PK11_GetRWSession(slot); |
1886 | 0 | haslock = PK11_RWSessionHasLock(slot, session_handle); |
1887 | 0 | restore = PR_TRUE; |
1888 | 110k | } else { |
1889 | 110k | session_handle = slot->session; |
1890 | 110k | if (session_handle != CK_INVALID_HANDLE) |
1891 | 110k | PK11_EnterSlotMonitor(slot); |
1892 | 110k | restore = PR_FALSE; |
1893 | 110k | haslock = PR_TRUE; |
1894 | 110k | } |
1895 | | |
1896 | 110k | if (session_handle == CK_INVALID_HANDLE) { |
1897 | 0 | PORT_SetError(SEC_ERROR_BAD_DATA); |
1898 | 0 | return NULL; |
1899 | 0 | } |
1900 | 110k | privCount = privattrs - privTemplate; |
1901 | 110k | pubCount = attrs - pubTemplate; |
1902 | 110k | crv = PK11_GETTAB(slot)->C_GenerateKeyPair(session_handle, &mechanism, |
1903 | 110k | pubTemplate, pubCount, privTemplate, privCount, &pubID, &privID); |
1904 | | |
1905 | 110k | if (crv != CKR_OK) { |
1906 | 1.26k | if (restore) { |
1907 | 0 | PK11_RestoreROSession(slot, session_handle); |
1908 | 0 | } else |
1909 | 1.26k | PK11_ExitSlotMonitor(slot); |
1910 | 1.26k | PORT_SetError(PK11_MapError(crv)); |
1911 | 1.26k | return NULL; |
1912 | 1.26k | } |
1913 | | /* This locking code is dangerous and needs to be more thought |
1914 | | * out... the real problem is that we're holding the mutex open this long |
1915 | | */ |
1916 | 108k | if (haslock) { |
1917 | 108k | PK11_ExitSlotMonitor(slot); |
1918 | 108k | } |
1919 | | |
1920 | | /* swap around the ID's for older PKCS #11 modules */ |
1921 | 108k | keyClass = PK11_ReadULongAttribute(slot, pubID, CKA_CLASS); |
1922 | 108k | if (keyClass != CKO_PUBLIC_KEY) { |
1923 | 0 | CK_OBJECT_HANDLE tmp = pubID; |
1924 | 0 | pubID = privID; |
1925 | 0 | privID = tmp; |
1926 | 0 | } |
1927 | | |
1928 | 108k | *pubKey = PK11_ExtractPublicKey(slot, keyType, pubID); |
1929 | 108k | if (*pubKey == NULL) { |
1930 | 0 | if (restore) { |
1931 | | /* we may have to restore the mutex so it get's exited properly |
1932 | | * in RestoreROSession */ |
1933 | 0 | if (haslock) |
1934 | 0 | PK11_EnterSlotMonitor(slot); |
1935 | 0 | PK11_RestoreROSession(slot, session_handle); |
1936 | 0 | } |
1937 | 0 | PK11_DestroyObject(slot, pubID); |
1938 | 0 | PK11_DestroyObject(slot, privID); |
1939 | 0 | return NULL; |
1940 | 0 | } |
1941 | | |
1942 | | /* set the ID to the public key so we can find it again */ |
1943 | 108k | cka_id = pk11_MakeIDFromPublicKey(*pubKey); |
1944 | 108k | pubIsToken = (PRBool)PK11_HasAttributeSet(slot, pubID, CKA_TOKEN, PR_FALSE); |
1945 | | |
1946 | 108k | PK11_SETATTRS(&setTemplate, CKA_ID, cka_id->data, cka_id->len); |
1947 | | |
1948 | 108k | if (haslock) { |
1949 | 108k | PK11_EnterSlotMonitor(slot); |
1950 | 108k | } |
1951 | 108k | crv = PK11_GETTAB(slot)->C_SetAttributeValue(session_handle, privID, |
1952 | 108k | &setTemplate, 1); |
1953 | | |
1954 | 108k | if (crv == CKR_OK && pubIsToken) { |
1955 | 0 | crv = PK11_GETTAB(slot)->C_SetAttributeValue(session_handle, pubID, |
1956 | 0 | &setTemplate, 1); |
1957 | 0 | } |
1958 | | |
1959 | 108k | if (restore) { |
1960 | 0 | PK11_RestoreROSession(slot, session_handle); |
1961 | 108k | } else { |
1962 | 108k | PK11_ExitSlotMonitor(slot); |
1963 | 108k | } |
1964 | 108k | SECITEM_FreeItem(cka_id, PR_TRUE); |
1965 | | |
1966 | 108k | if (crv != CKR_OK) { |
1967 | 0 | PK11_DestroyObject(slot, pubID); |
1968 | 0 | PK11_DestroyObject(slot, privID); |
1969 | 0 | PORT_SetError(PK11_MapError(crv)); |
1970 | 0 | *pubKey = NULL; |
1971 | 0 | return NULL; |
1972 | 0 | } |
1973 | | |
1974 | 108k | privKey = PK11_MakePrivKey(slot, keyType, !token, privID, wincx); |
1975 | 108k | if (privKey == NULL) { |
1976 | 0 | SECKEY_DestroyPublicKey(*pubKey); |
1977 | 0 | PK11_DestroyObject(slot, privID); |
1978 | 0 | *pubKey = NULL; |
1979 | 0 | return NULL; |
1980 | 0 | } |
1981 | | |
1982 | 108k | return privKey; |
1983 | 108k | } |
1984 | | |
1985 | | SECKEYPrivateKey * |
1986 | | PK11_GenerateKeyPairWithFlags(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, |
1987 | | void *param, SECKEYPublicKey **pubKey, PK11AttrFlags attrFlags, void *wincx) |
1988 | 11.8k | { |
1989 | 11.8k | return PK11_GenerateKeyPairWithOpFlags(slot, type, param, pubKey, attrFlags, |
1990 | 11.8k | 0, 0, wincx); |
1991 | 11.8k | } |
1992 | | |
1993 | | /* |
1994 | | * Use the token to generate a key pair. |
1995 | | */ |
1996 | | SECKEYPrivateKey * |
1997 | | PK11_GenerateKeyPair(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, |
1998 | | void *param, SECKEYPublicKey **pubKey, PRBool token, |
1999 | | PRBool sensitive, void *wincx) |
2000 | 11.8k | { |
2001 | 11.8k | PK11AttrFlags attrFlags = 0; |
2002 | | |
2003 | 11.8k | if (token) { |
2004 | 0 | attrFlags |= PK11_ATTR_TOKEN; |
2005 | 11.8k | } else { |
2006 | 11.8k | attrFlags |= PK11_ATTR_SESSION; |
2007 | 11.8k | } |
2008 | 11.8k | if (sensitive) { |
2009 | 3.87k | attrFlags |= (PK11_ATTR_SENSITIVE | PK11_ATTR_PRIVATE); |
2010 | 8.01k | } else { |
2011 | 8.01k | attrFlags |= (PK11_ATTR_INSENSITIVE | PK11_ATTR_PUBLIC); |
2012 | 8.01k | } |
2013 | 11.8k | return PK11_GenerateKeyPairWithFlags(slot, type, param, pubKey, |
2014 | 11.8k | attrFlags, wincx); |
2015 | 11.8k | } |
2016 | | |
2017 | | /* build a public KEA key from the public value */ |
2018 | | SECKEYPublicKey * |
2019 | | PK11_MakeKEAPubKey(unsigned char *keyData, int length) |
2020 | 0 | { |
2021 | 0 | SECKEYPublicKey *pubk; |
2022 | 0 | SECItem pkData; |
2023 | 0 | SECStatus rv; |
2024 | 0 | PLArenaPool *arena; |
2025 | |
|
2026 | 0 | pkData.data = keyData; |
2027 | 0 | pkData.len = length; |
2028 | 0 | pkData.type = siBuffer; |
2029 | |
|
2030 | 0 | arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); |
2031 | 0 | if (arena == NULL) |
2032 | 0 | return NULL; |
2033 | | |
2034 | 0 | pubk = (SECKEYPublicKey *)PORT_ArenaZAlloc(arena, sizeof(SECKEYPublicKey)); |
2035 | 0 | if (pubk == NULL) { |
2036 | 0 | PORT_FreeArena(arena, PR_FALSE); |
2037 | 0 | return NULL; |
2038 | 0 | } |
2039 | | |
2040 | 0 | pubk->arena = arena; |
2041 | 0 | pubk->pkcs11Slot = 0; |
2042 | 0 | pubk->pkcs11ID = CK_INVALID_HANDLE; |
2043 | 0 | pubk->keyType = fortezzaKey; |
2044 | 0 | rv = SECITEM_CopyItem(arena, &pubk->u.fortezza.KEAKey, &pkData); |
2045 | 0 | if (rv != SECSuccess) { |
2046 | 0 | PORT_FreeArena(arena, PR_FALSE); |
2047 | 0 | return NULL; |
2048 | 0 | } |
2049 | 0 | return pubk; |
2050 | 0 | } |
2051 | | |
2052 | | SECStatus |
2053 | | SECKEY_SetPublicValue(SECKEYPrivateKey *privKey, const SECItem *publicValue) |
2054 | 0 | { |
2055 | 0 | SECStatus rv; |
2056 | 0 | SECKEYPublicKey pubKey; |
2057 | 0 | PLArenaPool *arena; |
2058 | 0 | PK11SlotInfo *slot; |
2059 | 0 | CK_OBJECT_HANDLE privKeyID; |
2060 | 0 | CK_ULONG paramSet; |
2061 | |
|
2062 | 0 | if (privKey == NULL || publicValue == NULL || |
2063 | 0 | publicValue->data == NULL || publicValue->len == 0) { |
2064 | 0 | PORT_SetError(SEC_ERROR_INVALID_ARGS); |
2065 | 0 | return SECFailure; |
2066 | 0 | } |
2067 | | |
2068 | 0 | pubKey.arena = NULL; |
2069 | 0 | pubKey.keyType = privKey->keyType; |
2070 | 0 | pubKey.pkcs11Slot = NULL; |
2071 | 0 | pubKey.pkcs11ID = CK_INVALID_HANDLE; |
2072 | | /* can't use PORT_InitCheapArena here becase SECKEY_DestroyPublic is used |
2073 | | * to free it, and it uses PORT_FreeArena which not only frees the |
2074 | | * underlying arena, it also frees the allocated arena struct. */ |
2075 | 0 | arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); |
2076 | 0 | pubKey.arena = arena; |
2077 | 0 | if (arena == NULL) { |
2078 | 0 | return SECFailure; |
2079 | 0 | } |
2080 | | |
2081 | 0 | slot = privKey->pkcs11Slot; |
2082 | 0 | privKeyID = privKey->pkcs11ID; |
2083 | 0 | rv = SECFailure; |
2084 | 0 | switch (privKey->keyType) { |
2085 | 0 | default: |
2086 | | /* error code already set to SECFailure */ |
2087 | 0 | break; |
2088 | 0 | case rsaKey: |
2089 | 0 | pubKey.u.rsa.modulus = *publicValue; |
2090 | 0 | rv = PK11_ReadAttribute(slot, privKeyID, CKA_PUBLIC_EXPONENT, |
2091 | 0 | arena, &pubKey.u.rsa.publicExponent); |
2092 | 0 | break; |
2093 | 0 | case dsaKey: |
2094 | 0 | pubKey.u.dsa.publicValue = *publicValue; |
2095 | 0 | rv = PK11_ReadAttribute(slot, privKeyID, CKA_PRIME, |
2096 | 0 | arena, &pubKey.u.dsa.params.prime); |
2097 | 0 | if (rv != SECSuccess) { |
2098 | 0 | break; |
2099 | 0 | } |
2100 | 0 | rv = PK11_ReadAttribute(slot, privKeyID, CKA_SUBPRIME, |
2101 | 0 | arena, &pubKey.u.dsa.params.subPrime); |
2102 | 0 | if (rv != SECSuccess) { |
2103 | 0 | break; |
2104 | 0 | } |
2105 | 0 | rv = PK11_ReadAttribute(slot, privKeyID, CKA_BASE, |
2106 | 0 | arena, &pubKey.u.dsa.params.base); |
2107 | 0 | break; |
2108 | 0 | case dhKey: |
2109 | 0 | pubKey.u.dh.publicValue = *publicValue; |
2110 | 0 | rv = PK11_ReadAttribute(slot, privKeyID, CKA_PRIME, |
2111 | 0 | arena, &pubKey.u.dh.prime); |
2112 | 0 | if (rv != SECSuccess) { |
2113 | 0 | break; |
2114 | 0 | } |
2115 | 0 | rv = PK11_ReadAttribute(slot, privKeyID, CKA_BASE, |
2116 | 0 | arena, &pubKey.u.dh.base); |
2117 | 0 | break; |
2118 | 0 | case ecKey: |
2119 | 0 | case edKey: |
2120 | 0 | case ecMontKey: |
2121 | 0 | pubKey.u.ec.publicValue = *publicValue; |
2122 | 0 | pubKey.u.ec.encoding = ECPoint_Undefined; |
2123 | 0 | pubKey.u.ec.size = 0; |
2124 | 0 | rv = PK11_ReadAttribute(slot, privKeyID, CKA_EC_PARAMS, |
2125 | 0 | arena, &pubKey.u.ec.DEREncodedParams); |
2126 | 0 | break; |
2127 | 0 | case mldsaKey: |
2128 | 0 | pubKey.u.mldsa.publicValue = *publicValue; |
2129 | 0 | paramSet = PK11_ReadULongAttribute(slot, privKeyID, |
2130 | 0 | CKA_PARAMETER_SET); |
2131 | 0 | if (paramSet == CK_UNAVAILABLE_INFORMATION) { |
2132 | 0 | PORT_SetError(SEC_ERROR_BAD_KEY); |
2133 | 0 | break; |
2134 | 0 | } |
2135 | 0 | pubKey.u.mldsa.paramSet = SECKEY_GetMLDSAPkcs11ParamSetByOidTag(paramSet); |
2136 | 0 | if (pubKey.u.mldsa.paramSet == SEC_OID_UNKNOWN) { |
2137 | 0 | PORT_SetError(SEC_ERROR_BAD_KEY); |
2138 | 0 | break; |
2139 | 0 | } |
2140 | 0 | rv = SECSuccess; |
2141 | 0 | break; |
2142 | 0 | } |
2143 | 0 | if (rv == SECSuccess) { |
2144 | 0 | rv = PK11_ImportPublicKey(slot, &pubKey, PR_TRUE); |
2145 | 0 | } |
2146 | | /* Even though pubKey is stored on the stack, we've allocated |
2147 | | * some of it's data from the arena. SECKEY_DestroyPublicKey |
2148 | | * destroys keys by freeing the arena, so this will clean up all |
2149 | | * the data we allocated specifically for the key above. It will |
2150 | | * also free any slot references which we may have picked up in |
2151 | | * PK11_ImportPublicKey. It won't delete the underlying key if |
2152 | | * its a Token/Permanent key (which it will be if |
2153 | | * PK11_ImportPublicKey succeeds). */ |
2154 | 0 | SECKEY_DestroyPublicKey(&pubKey); |
2155 | |
|
2156 | 0 | return rv; |
2157 | 0 | } |
2158 | | |
2159 | | /* |
2160 | | * NOTE: This function doesn't return a SECKEYPrivateKey struct to represent |
2161 | | * the new private key object. If it were to create a session object that |
2162 | | * could later be looked up by its nickname, it would leak a SECKEYPrivateKey. |
2163 | | * So isPerm must be true. |
2164 | | */ |
2165 | | SECStatus |
2166 | | PK11_ImportEncryptedPrivateKeyInfo(PK11SlotInfo *slot, |
2167 | | SECKEYEncryptedPrivateKeyInfo *epki, SECItem *pwitem, |
2168 | | SECItem *nickname, const SECItem *publicValue, PRBool isPerm, |
2169 | | PRBool isPrivate, KeyType keyType, |
2170 | | unsigned int keyUsage, void *wincx) |
2171 | 0 | { |
2172 | 0 | if (!isPerm) { |
2173 | 0 | PORT_SetError(SEC_ERROR_INVALID_ARGS); |
2174 | 0 | return SECFailure; |
2175 | 0 | } |
2176 | 0 | return PK11_ImportEncryptedPrivateKeyInfoAndReturnKey(slot, epki, |
2177 | 0 | pwitem, nickname, publicValue, isPerm, isPrivate, keyType, |
2178 | 0 | keyUsage, NULL, wincx); |
2179 | 0 | } |
2180 | | |
2181 | | SECStatus |
2182 | | PK11_ImportEncryptedPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot, |
2183 | | SECKEYEncryptedPrivateKeyInfo *epki, SECItem *pwitem, |
2184 | | SECItem *nickname, const SECItem *publicValue, PRBool isPerm, |
2185 | | PRBool isPrivate, KeyType keyType, |
2186 | | unsigned int keyUsage, SECKEYPrivateKey **privk, |
2187 | | void *wincx) |
2188 | 0 | { |
2189 | 0 | CK_MECHANISM_TYPE pbeMechType; |
2190 | 0 | SECItem *crypto_param = NULL; |
2191 | 0 | PK11SymKey *key = NULL; |
2192 | 0 | SECStatus rv = SECSuccess; |
2193 | 0 | CK_MECHANISM_TYPE cryptoMechType; |
2194 | 0 | SECKEYPrivateKey *privKey = NULL; |
2195 | 0 | PRBool faulty3DES = PR_FALSE; |
2196 | 0 | if ((epki == NULL) || (pwitem == NULL)) |
2197 | 0 | return SECFailure; |
2198 | | |
2199 | 0 | pbeMechType = PK11_AlgtagToMechanism(SECOID_FindOIDTag( |
2200 | 0 | &epki->algorithm.algorithm)); |
2201 | |
|
2202 | 0 | try_faulty_3des: |
2203 | |
|
2204 | 0 | key = PK11_PBEKeyGen(slot, &epki->algorithm, pwitem, faulty3DES, wincx); |
2205 | 0 | if (key == NULL) { |
2206 | 0 | rv = SECFailure; |
2207 | 0 | goto done; |
2208 | 0 | } |
2209 | 0 | cryptoMechType = pk11_GetPBECryptoMechanism(&epki->algorithm, |
2210 | 0 | &crypto_param, pwitem, faulty3DES); |
2211 | 0 | if (cryptoMechType == CKM_INVALID_MECHANISM) { |
2212 | 0 | rv = SECFailure; |
2213 | 0 | goto done; |
2214 | 0 | } |
2215 | | |
2216 | 0 | cryptoMechType = PK11_GetPadMechanism(cryptoMechType); |
2217 | |
|
2218 | 0 | privKey = PK11_UnwrapPrivKeyByKeyType(slot, key, cryptoMechType, |
2219 | 0 | crypto_param, &epki->encryptedData, |
2220 | 0 | nickname, publicValue, isPerm, |
2221 | 0 | isPrivate, keyType, keyUsage, wincx); |
2222 | 0 | if (privKey) { |
2223 | 0 | rv = SECSuccess; |
2224 | 0 | goto done; |
2225 | 0 | } |
2226 | | |
2227 | | /* if we are unable to import the key and the pbeMechType is |
2228 | | * CKM_NSS_PBE_SHA1_TRIPLE_DES_CBC, then it is possible that |
2229 | | * the encrypted blob was created with a buggy key generation method |
2230 | | * which is described in the PKCS 12 implementation notes. So we |
2231 | | * need to try importing via that method. |
2232 | | */ |
2233 | 0 | if ((pbeMechType == CKM_NSS_PBE_SHA1_TRIPLE_DES_CBC) && (!faulty3DES)) { |
2234 | | /* clean up after ourselves before redoing the key generation. */ |
2235 | |
|
2236 | 0 | PK11_FreeSymKey(key); |
2237 | 0 | key = NULL; |
2238 | |
|
2239 | 0 | if (crypto_param) { |
2240 | 0 | SECITEM_ZfreeItem(crypto_param, PR_TRUE); |
2241 | 0 | crypto_param = NULL; |
2242 | 0 | } |
2243 | |
|
2244 | 0 | faulty3DES = PR_TRUE; |
2245 | 0 | goto try_faulty_3des; |
2246 | 0 | } |
2247 | | |
2248 | | /* key import really did fail */ |
2249 | 0 | rv = SECFailure; |
2250 | |
|
2251 | 0 | done: |
2252 | 0 | if ((rv == SECSuccess) && isPerm) { |
2253 | | /* If we are importing a token object, |
2254 | | * create the corresponding public key. |
2255 | | * If this fails, just continue as the target |
2256 | | * token simply might not support persistant |
2257 | | * public keys. Such tokens are usable, but |
2258 | | * need to be authenticated before searching |
2259 | | * for user certs. */ |
2260 | 0 | (void)SECKEY_SetPublicValue(privKey, publicValue); |
2261 | 0 | } |
2262 | |
|
2263 | 0 | if (privKey) { |
2264 | 0 | if (privk) { |
2265 | 0 | *privk = privKey; |
2266 | 0 | } else { |
2267 | 0 | SECKEY_DestroyPrivateKey(privKey); |
2268 | 0 | } |
2269 | 0 | privKey = NULL; |
2270 | 0 | } |
2271 | 0 | if (crypto_param != NULL) { |
2272 | 0 | SECITEM_ZfreeItem(crypto_param, PR_TRUE); |
2273 | 0 | } |
2274 | |
|
2275 | 0 | if (key != NULL) { |
2276 | 0 | PK11_FreeSymKey(key); |
2277 | 0 | } |
2278 | |
|
2279 | 0 | return rv; |
2280 | 0 | } |
2281 | | |
2282 | | SECKEYPrivateKeyInfo * |
2283 | | PK11_ExportPrivateKeyInfo(CERTCertificate *cert, void *wincx) |
2284 | 0 | { |
2285 | 0 | SECKEYPrivateKeyInfo *pki = NULL; |
2286 | 0 | SECKEYPrivateKey *pk = PK11_FindKeyByAnyCert(cert, wincx); |
2287 | 0 | if (pk != NULL) { |
2288 | 0 | pki = PK11_ExportPrivKeyInfo(pk, wincx); |
2289 | 0 | SECKEY_DestroyPrivateKey(pk); |
2290 | 0 | } |
2291 | 0 | return pki; |
2292 | 0 | } |
2293 | | |
2294 | | /* V2 refers to PKCS #5 V2 here. If a PKCS #5 v1 or PKCS #12 pbe is passed |
2295 | | * for pbeTag, then encTag and hashTag are ignored. If pbe is an encryption |
2296 | | * algorithm, then PKCS #5 V2 is used with prfTag for the prf. If prfTag isn't |
2297 | | * supplied prf will be SEC_OID_HMAC_SHA1 */ |
2298 | | SECKEYEncryptedPrivateKeyInfo * |
2299 | | PK11_ExportEncryptedPrivKeyInfoV2( |
2300 | | PK11SlotInfo *slot, /* optional, encrypt key in this slot */ |
2301 | | SECOidTag pbeAlg, /* PBE algorithm to encrypt the with key */ |
2302 | | SECOidTag encAlg, /* Encryption algorithm to Encrypt the key with */ |
2303 | | SECOidTag prfAlg, /* Hash algorithm for PRF */ |
2304 | | SECItem *pwitem, /* password for PBE encryption */ |
2305 | | SECKEYPrivateKey *pk, /* encrypt this private key */ |
2306 | | int iteration, /* interations for PBE alg */ |
2307 | | void *pwArg) /* context for password callback */ |
2308 | 0 | { |
2309 | 0 | SECKEYEncryptedPrivateKeyInfo *epki = NULL; |
2310 | 0 | PLArenaPool *arena = NULL; |
2311 | 0 | SECAlgorithmID *algid; |
2312 | 0 | SECOidTag pbeAlgTag = SEC_OID_UNKNOWN; |
2313 | 0 | SECItem *crypto_param = NULL; |
2314 | 0 | PK11SymKey *key = NULL; |
2315 | 0 | SECKEYPrivateKey *tmpPK = NULL; |
2316 | 0 | SECStatus rv = SECSuccess; |
2317 | 0 | CK_RV crv; |
2318 | 0 | CK_ULONG encBufLen; |
2319 | 0 | CK_MECHANISM_TYPE pbeMechType; |
2320 | 0 | CK_MECHANISM_TYPE cryptoMechType; |
2321 | 0 | CK_MECHANISM cryptoMech; |
2322 | |
|
2323 | 0 | if (!pwitem || !pk) { |
2324 | 0 | PORT_SetError(SEC_ERROR_INVALID_ARGS); |
2325 | 0 | return NULL; |
2326 | 0 | } |
2327 | | |
2328 | 0 | algid = sec_pkcs5CreateAlgorithmID(pbeAlg, encAlg, prfAlg, |
2329 | 0 | &pbeAlgTag, 0, NULL, iteration); |
2330 | 0 | if (algid == NULL) { |
2331 | 0 | return NULL; |
2332 | 0 | } |
2333 | | |
2334 | 0 | arena = PORT_NewArena(2048); |
2335 | 0 | if (arena) |
2336 | 0 | epki = PORT_ArenaZNew(arena, SECKEYEncryptedPrivateKeyInfo); |
2337 | 0 | if (epki == NULL) { |
2338 | 0 | rv = SECFailure; |
2339 | 0 | goto loser; |
2340 | 0 | } |
2341 | 0 | epki->arena = arena; |
2342 | | |
2343 | | /* if we didn't specify a slot, use the slot the private key was in */ |
2344 | 0 | if (!slot) { |
2345 | 0 | slot = pk->pkcs11Slot; |
2346 | 0 | } |
2347 | | |
2348 | | /* if we specified a different slot, and the private key slot can do the |
2349 | | * pbe key gen, generate the key in the private key slot so we don't have |
2350 | | * to move it later */ |
2351 | 0 | pbeMechType = PK11_AlgtagToMechanism(pbeAlgTag); |
2352 | 0 | if (slot != pk->pkcs11Slot) { |
2353 | 0 | if (PK11_DoesMechanism(pk->pkcs11Slot, pbeMechType)) { |
2354 | 0 | slot = pk->pkcs11Slot; |
2355 | 0 | } |
2356 | 0 | } |
2357 | 0 | key = PK11_PBEKeyGen(slot, algid, pwitem, PR_FALSE, pwArg); |
2358 | 0 | if (key == NULL) { |
2359 | 0 | rv = SECFailure; |
2360 | 0 | goto loser; |
2361 | 0 | } |
2362 | | |
2363 | 0 | cryptoMechType = PK11_GetPBECryptoMechanism(algid, &crypto_param, pwitem); |
2364 | 0 | if (cryptoMechType == CKM_INVALID_MECHANISM) { |
2365 | 0 | rv = SECFailure; |
2366 | 0 | goto loser; |
2367 | 0 | } |
2368 | | |
2369 | 0 | cryptoMech.mechanism = PK11_GetPadMechanism(cryptoMechType); |
2370 | 0 | cryptoMech.pParameter = crypto_param ? crypto_param->data : NULL; |
2371 | 0 | cryptoMech.ulParameterLen = crypto_param ? crypto_param->len : 0; |
2372 | | |
2373 | | /* If the key isn't in the private key slot, move it */ |
2374 | 0 | if (key->slot != pk->pkcs11Slot) { |
2375 | 0 | PK11SymKey *newkey = pk11_CopyToSlot(pk->pkcs11Slot, |
2376 | 0 | key->type, CKA_WRAP, key); |
2377 | 0 | if (newkey == NULL) { |
2378 | | /* couldn't import the wrapping key, try exporting the |
2379 | | * private key */ |
2380 | 0 | tmpPK = pk11_loadPrivKey(key->slot, pk, NULL, PR_FALSE, PR_TRUE); |
2381 | 0 | if (tmpPK == NULL) { |
2382 | 0 | rv = SECFailure; |
2383 | 0 | goto loser; |
2384 | 0 | } |
2385 | 0 | pk = tmpPK; |
2386 | 0 | } else { |
2387 | | /* free the old key and use the new key */ |
2388 | 0 | PK11_FreeSymKey(key); |
2389 | 0 | key = newkey; |
2390 | 0 | } |
2391 | 0 | } |
2392 | | |
2393 | | /* we are extracting an encrypted privateKey structure. |
2394 | | * which needs to be freed along with the buffer into which it is |
2395 | | * returned. eventually, we should retrieve an encrypted key using |
2396 | | * pkcs8/pkcs5. |
2397 | | */ |
2398 | 0 | encBufLen = 0; |
2399 | 0 | PK11_EnterSlotMonitor(pk->pkcs11Slot); |
2400 | 0 | crv = PK11_GETTAB(pk->pkcs11Slot)->C_WrapKey(pk->pkcs11Slot->session, &cryptoMech, key->objectID, pk->pkcs11ID, NULL, &encBufLen); |
2401 | 0 | PK11_ExitSlotMonitor(pk->pkcs11Slot); |
2402 | 0 | if (crv != CKR_OK) { |
2403 | 0 | rv = SECFailure; |
2404 | 0 | goto loser; |
2405 | 0 | } |
2406 | 0 | epki->encryptedData.data = PORT_ArenaAlloc(arena, encBufLen); |
2407 | 0 | if (!epki->encryptedData.data) { |
2408 | 0 | rv = SECFailure; |
2409 | 0 | goto loser; |
2410 | 0 | } |
2411 | 0 | PK11_EnterSlotMonitor(pk->pkcs11Slot); |
2412 | 0 | crv = PK11_GETTAB(pk->pkcs11Slot)->C_WrapKey(pk->pkcs11Slot->session, &cryptoMech, key->objectID, pk->pkcs11ID, epki->encryptedData.data, &encBufLen); |
2413 | 0 | PK11_ExitSlotMonitor(pk->pkcs11Slot); |
2414 | 0 | epki->encryptedData.len = (unsigned int)encBufLen; |
2415 | 0 | if (crv != CKR_OK) { |
2416 | 0 | rv = SECFailure; |
2417 | 0 | goto loser; |
2418 | 0 | } |
2419 | | |
2420 | 0 | if (!epki->encryptedData.len) { |
2421 | 0 | rv = SECFailure; |
2422 | 0 | goto loser; |
2423 | 0 | } |
2424 | | |
2425 | 0 | rv = SECOID_CopyAlgorithmID(arena, &epki->algorithm, algid); |
2426 | |
|
2427 | 0 | loser: |
2428 | 0 | if (crypto_param != NULL) { |
2429 | 0 | SECITEM_ZfreeItem(crypto_param, PR_TRUE); |
2430 | 0 | crypto_param = NULL; |
2431 | 0 | } |
2432 | |
|
2433 | 0 | if (key != NULL) { |
2434 | 0 | PK11_FreeSymKey(key); |
2435 | 0 | } |
2436 | 0 | if (tmpPK != NULL) { |
2437 | 0 | SECKEY_DestroyPrivateKey(tmpPK); |
2438 | 0 | } |
2439 | 0 | SECOID_DestroyAlgorithmID(algid, PR_TRUE); |
2440 | |
|
2441 | 0 | if (rv == SECFailure) { |
2442 | 0 | if (arena != NULL) { |
2443 | 0 | PORT_FreeArena(arena, PR_TRUE); |
2444 | 0 | } |
2445 | 0 | epki = NULL; |
2446 | 0 | } |
2447 | |
|
2448 | 0 | return epki; |
2449 | 0 | } |
2450 | | |
2451 | | SECKEYEncryptedPrivateKeyInfo * |
2452 | | PK11_ExportEncryptedPrivKeyInfo( |
2453 | | PK11SlotInfo *slot, /* optional, encrypt key in this slot */ |
2454 | | SECOidTag algTag, /* PBE algorithm to encrypt the with key */ |
2455 | | SECItem *pwitem, /* password for PBE encryption */ |
2456 | | SECKEYPrivateKey *pk, /* encrypt this private key */ |
2457 | | int iteration, /* interations for PBE alg */ |
2458 | | void *pwArg) /* context for password callback */ |
2459 | 0 | { |
2460 | 0 | return PK11_ExportEncryptedPrivKeyInfoV2(slot, algTag, SEC_OID_UNKNOWN, |
2461 | 0 | SEC_OID_UNKNOWN, pwitem, pk, |
2462 | 0 | iteration, pwArg); |
2463 | 0 | } |
2464 | | |
2465 | | /* V2 refers to PKCS #5 V2 here. If a PKCS #5 v1 or PKCS #12 pbe is passed |
2466 | | * for pbeTag, then encTag and hashTag are ignored. If pbe is an encryption |
2467 | | * algorithm, then PKCS #5 V2 is used with prfTag for the prf. If prfTag isn't |
2468 | | * supplied prf will be SEC_OID_HMAC_SHA1 */ |
2469 | | SECKEYEncryptedPrivateKeyInfo * |
2470 | | PK11_ExportEncryptedPrivateKeyInfoV2( |
2471 | | PK11SlotInfo *slot, /* optional, encrypt key in this slot */ |
2472 | | SECOidTag pbeAlg, /* PBE algorithm to encrypt the with key */ |
2473 | | SECOidTag encAlg, /* Encryption algorithm to Encrypt the key with */ |
2474 | | SECOidTag prfAlg, /* HMAC algorithm for PRF*/ |
2475 | | SECItem *pwitem, /* password for PBE encryption */ |
2476 | | CERTCertificate *cert, /* wrap priv key for this user cert */ |
2477 | | int iteration, /* interations for PBE alg */ |
2478 | | void *pwArg) /* context for password callback */ |
2479 | 0 | { |
2480 | 0 | SECKEYEncryptedPrivateKeyInfo *epki = NULL; |
2481 | 0 | SECKEYPrivateKey *pk = PK11_FindKeyByAnyCert(cert, pwArg); |
2482 | 0 | if (pk != NULL) { |
2483 | 0 | epki = PK11_ExportEncryptedPrivKeyInfoV2(slot, pbeAlg, encAlg, prfAlg, |
2484 | 0 | pwitem, pk, iteration, |
2485 | 0 | pwArg); |
2486 | 0 | SECKEY_DestroyPrivateKey(pk); |
2487 | 0 | } |
2488 | 0 | return epki; |
2489 | 0 | } |
2490 | | |
2491 | | SECKEYEncryptedPrivateKeyInfo * |
2492 | | PK11_ExportEncryptedPrivateKeyInfo( |
2493 | | PK11SlotInfo *slot, /* optional, encrypt key in this slot */ |
2494 | | SECOidTag algTag, /* encrypt key with this algorithm */ |
2495 | | SECItem *pwitem, /* password for PBE encryption */ |
2496 | | CERTCertificate *cert, /* wrap priv key for this user cert */ |
2497 | | int iteration, /* interations for PBE alg */ |
2498 | | void *pwArg) /* context for password callback */ |
2499 | 0 | { |
2500 | 0 | return PK11_ExportEncryptedPrivateKeyInfoV2(slot, algTag, SEC_OID_UNKNOWN, |
2501 | 0 | SEC_OID_UNKNOWN, pwitem, cert, |
2502 | 0 | iteration, pwArg); |
2503 | 0 | } |
2504 | | |
2505 | | SECItem * |
2506 | | PK11_DEREncodePublicKey(const SECKEYPublicKey *pubk) |
2507 | 0 | { |
2508 | 0 | return SECKEY_EncodeDERSubjectPublicKeyInfo(pubk); |
2509 | 0 | } |
2510 | | |
2511 | | char * |
2512 | | PK11_GetPrivateKeyNickname(SECKEYPrivateKey *privKey) |
2513 | 96 | { |
2514 | 96 | return PK11_GetObjectNickname(privKey->pkcs11Slot, privKey->pkcs11ID); |
2515 | 96 | } |
2516 | | |
2517 | | char * |
2518 | | PK11_GetPublicKeyNickname(SECKEYPublicKey *pubKey) |
2519 | 0 | { |
2520 | 0 | return PK11_GetObjectNickname(pubKey->pkcs11Slot, pubKey->pkcs11ID); |
2521 | 0 | } |
2522 | | |
2523 | | SECStatus |
2524 | | PK11_SetPrivateKeyNickname(SECKEYPrivateKey *privKey, const char *nickname) |
2525 | 0 | { |
2526 | 0 | return PK11_SetObjectNickname(privKey->pkcs11Slot, |
2527 | 0 | privKey->pkcs11ID, nickname); |
2528 | 0 | } |
2529 | | |
2530 | | SECStatus |
2531 | | PK11_SetPublicKeyNickname(SECKEYPublicKey *pubKey, const char *nickname) |
2532 | 0 | { |
2533 | 0 | return PK11_SetObjectNickname(pubKey->pkcs11Slot, |
2534 | 0 | pubKey->pkcs11ID, nickname); |
2535 | 0 | } |
2536 | | |
2537 | | SECKEYPQGParams * |
2538 | | PK11_GetPQGParamsFromPrivateKey(SECKEYPrivateKey *privKey) |
2539 | 96 | { |
2540 | 96 | CK_ATTRIBUTE pTemplate[] = { |
2541 | 96 | { CKA_PRIME, NULL, 0 }, |
2542 | 96 | { CKA_SUBPRIME, NULL, 0 }, |
2543 | 96 | { CKA_BASE, NULL, 0 }, |
2544 | 96 | }; |
2545 | 96 | int pTemplateLen = sizeof(pTemplate) / sizeof(pTemplate[0]); |
2546 | 96 | PLArenaPool *arena = NULL; |
2547 | 96 | SECKEYPQGParams *params; |
2548 | 96 | CK_RV crv; |
2549 | | |
2550 | 96 | arena = PORT_NewArena(2048); |
2551 | 96 | if (arena == NULL) { |
2552 | 0 | goto loser; |
2553 | 0 | } |
2554 | 96 | params = (SECKEYPQGParams *)PORT_ArenaZAlloc(arena, sizeof(SECKEYPQGParams)); |
2555 | 96 | if (params == NULL) { |
2556 | 0 | goto loser; |
2557 | 0 | } |
2558 | | |
2559 | 96 | crv = PK11_GetAttributes(arena, privKey->pkcs11Slot, privKey->pkcs11ID, |
2560 | 96 | pTemplate, pTemplateLen); |
2561 | 96 | if (crv != CKR_OK) { |
2562 | 96 | PORT_SetError(PK11_MapError(crv)); |
2563 | 96 | goto loser; |
2564 | 96 | } |
2565 | | |
2566 | 0 | params->arena = arena; |
2567 | 0 | params->prime.data = pTemplate[0].pValue; |
2568 | 0 | params->prime.len = pTemplate[0].ulValueLen; |
2569 | 0 | params->subPrime.data = pTemplate[1].pValue; |
2570 | 0 | params->subPrime.len = pTemplate[1].ulValueLen; |
2571 | 0 | params->base.data = pTemplate[2].pValue; |
2572 | 0 | params->base.len = pTemplate[2].ulValueLen; |
2573 | |
|
2574 | 0 | return params; |
2575 | | |
2576 | 96 | loser: |
2577 | 96 | if (arena != NULL) { |
2578 | 96 | PORT_FreeArena(arena, PR_FALSE); |
2579 | 96 | } |
2580 | 96 | return NULL; |
2581 | 96 | } |
2582 | | |
2583 | | SECKEYPrivateKey * |
2584 | | PK11_CopyTokenPrivKeyToSessionPrivKey(PK11SlotInfo *destSlot, |
2585 | | SECKEYPrivateKey *privKey) |
2586 | 8 | { |
2587 | 8 | CK_RV crv; |
2588 | 8 | CK_OBJECT_HANDLE newKeyID; |
2589 | | |
2590 | 8 | static const CK_BBOOL ckfalse = CK_FALSE; |
2591 | 8 | static const CK_ATTRIBUTE template[1] = { |
2592 | 8 | { CKA_TOKEN, (CK_BBOOL *)&ckfalse, sizeof ckfalse } |
2593 | 8 | }; |
2594 | | |
2595 | 8 | if (destSlot && destSlot != privKey->pkcs11Slot) { |
2596 | 0 | SECKEYPrivateKey *newKey = |
2597 | 0 | pk11_loadPrivKey(destSlot, |
2598 | 0 | privKey, |
2599 | 0 | NULL, /* pubKey */ |
2600 | 0 | PR_FALSE, /* token */ |
2601 | 0 | PR_FALSE); /* sensitive */ |
2602 | 0 | if (newKey) |
2603 | 0 | return newKey; |
2604 | 0 | } |
2605 | 8 | destSlot = privKey->pkcs11Slot; |
2606 | 8 | PK11_Authenticate(destSlot, PR_TRUE, privKey->wincx); |
2607 | 8 | PK11_EnterSlotMonitor(destSlot); |
2608 | 8 | crv = PK11_GETTAB(destSlot)->C_CopyObject(destSlot->session, |
2609 | 8 | privKey->pkcs11ID, |
2610 | 8 | (CK_ATTRIBUTE *)template, |
2611 | 8 | 1, &newKeyID); |
2612 | 8 | PK11_ExitSlotMonitor(destSlot); |
2613 | | |
2614 | 8 | if (crv != CKR_OK) { |
2615 | 0 | PORT_SetError(PK11_MapError(crv)); |
2616 | 0 | return NULL; |
2617 | 0 | } |
2618 | | |
2619 | 8 | return PK11_MakePrivKey(destSlot, privKey->keyType, PR_TRUE /*isTemp*/, |
2620 | 8 | newKeyID, privKey->wincx); |
2621 | 8 | } |
2622 | | |
2623 | | SECKEYPrivateKey * |
2624 | | PK11_ConvertSessionPrivKeyToTokenPrivKey(SECKEYPrivateKey *privk, void *wincx) |
2625 | 0 | { |
2626 | 0 | PK11SlotInfo *slot = privk->pkcs11Slot; |
2627 | 0 | CK_ATTRIBUTE template[1]; |
2628 | 0 | CK_ATTRIBUTE *attrs = template; |
2629 | 0 | CK_BBOOL cktrue = CK_TRUE; |
2630 | 0 | CK_RV crv; |
2631 | 0 | CK_OBJECT_HANDLE newKeyID; |
2632 | 0 | CK_SESSION_HANDLE rwsession; |
2633 | |
|
2634 | 0 | PK11_SETATTRS(attrs, CKA_TOKEN, &cktrue, sizeof(cktrue)); |
2635 | 0 | attrs++; |
2636 | |
|
2637 | 0 | PK11_Authenticate(slot, PR_TRUE, wincx); |
2638 | 0 | rwsession = PK11_GetRWSession(slot); |
2639 | 0 | if (rwsession == CK_INVALID_HANDLE) { |
2640 | 0 | PORT_SetError(SEC_ERROR_BAD_DATA); |
2641 | 0 | return NULL; |
2642 | 0 | } |
2643 | 0 | crv = PK11_GETTAB(slot)->C_CopyObject(rwsession, privk->pkcs11ID, |
2644 | 0 | template, 1, &newKeyID); |
2645 | 0 | PK11_RestoreROSession(slot, rwsession); |
2646 | |
|
2647 | 0 | if (crv != CKR_OK) { |
2648 | 0 | PORT_SetError(PK11_MapError(crv)); |
2649 | 0 | return NULL; |
2650 | 0 | } |
2651 | | |
2652 | 0 | return PK11_MakePrivKey(slot, nullKey /*KeyType*/, PR_FALSE /*isTemp*/, |
2653 | 0 | newKeyID, NULL /*wincx*/); |
2654 | 0 | } |
2655 | | |
2656 | | /* |
2657 | | * destroy a private key if there are no matching certs. |
2658 | | * this function also frees the privKey structure. |
2659 | | */ |
2660 | | SECStatus |
2661 | | PK11_DeleteTokenPrivateKey(SECKEYPrivateKey *privKey, PRBool force) |
2662 | 0 | { |
2663 | 0 | CERTCertificate *cert = PK11_GetCertFromPrivateKey(privKey); |
2664 | 0 | SECStatus rv = SECWouldBlock; |
2665 | |
|
2666 | 0 | if (!cert || force) { |
2667 | | /* now, then it's safe for the key to go away */ |
2668 | 0 | rv = PK11_DestroyTokenObject(privKey->pkcs11Slot, privKey->pkcs11ID); |
2669 | 0 | } |
2670 | 0 | if (cert) { |
2671 | 0 | CERT_DestroyCertificate(cert); |
2672 | 0 | } |
2673 | 0 | SECKEY_DestroyPrivateKey(privKey); |
2674 | 0 | return rv; |
2675 | 0 | } |
2676 | | |
2677 | | /* |
2678 | | * destroy a private key if there are no matching certs. |
2679 | | * this function also frees the privKey structure. |
2680 | | */ |
2681 | | SECStatus |
2682 | | PK11_DeleteTokenPublicKey(SECKEYPublicKey *pubKey) |
2683 | 0 | { |
2684 | | /* now, then it's safe for the key to go away */ |
2685 | 0 | if (pubKey->pkcs11Slot == NULL) { |
2686 | 0 | return SECFailure; |
2687 | 0 | } |
2688 | 0 | PK11_DestroyTokenObject(pubKey->pkcs11Slot, pubKey->pkcs11ID); |
2689 | 0 | SECKEY_DestroyPublicKey(pubKey); |
2690 | 0 | return SECSuccess; |
2691 | 0 | } |
2692 | | |
2693 | | /* |
2694 | | * key call back structure. |
2695 | | */ |
2696 | | typedef struct pk11KeyCallbackStr { |
2697 | | SECStatus (*callback)(SECKEYPrivateKey *, void *); |
2698 | | void *callbackArg; |
2699 | | void *wincx; |
2700 | | } pk11KeyCallback; |
2701 | | |
2702 | | /* |
2703 | | * callback to map Object Handles to Private Keys; |
2704 | | */ |
2705 | | SECStatus |
2706 | | pk11_DoKeys(PK11SlotInfo *slot, CK_OBJECT_HANDLE keyHandle, void *arg) |
2707 | 0 | { |
2708 | 0 | SECStatus rv = SECSuccess; |
2709 | 0 | SECKEYPrivateKey *privKey; |
2710 | 0 | pk11KeyCallback *keycb = (pk11KeyCallback *)arg; |
2711 | 0 | if (!arg) { |
2712 | 0 | return SECFailure; |
2713 | 0 | } |
2714 | | |
2715 | 0 | privKey = PK11_MakePrivKey(slot, nullKey, PR_TRUE, keyHandle, keycb->wincx); |
2716 | |
|
2717 | 0 | if (privKey == NULL) { |
2718 | 0 | return SECFailure; |
2719 | 0 | } |
2720 | | |
2721 | 0 | if (keycb->callback) { |
2722 | 0 | rv = (*keycb->callback)(privKey, keycb->callbackArg); |
2723 | 0 | } |
2724 | |
|
2725 | 0 | SECKEY_DestroyPrivateKey(privKey); |
2726 | 0 | return rv; |
2727 | 0 | } |
2728 | | |
2729 | | /*********************************************************************** |
2730 | | * PK11_TraversePrivateKeysInSlot |
2731 | | * |
2732 | | * Traverses all the private keys on a slot. |
2733 | | * |
2734 | | * INPUTS |
2735 | | * slot |
2736 | | * The PKCS #11 slot whose private keys you want to traverse. |
2737 | | * callback |
2738 | | * A callback function that will be called for each key. |
2739 | | * arg |
2740 | | * An argument that will be passed to the callback function. |
2741 | | */ |
2742 | | SECStatus |
2743 | | PK11_TraversePrivateKeysInSlot(PK11SlotInfo *slot, |
2744 | | SECStatus (*callback)(SECKEYPrivateKey *, void *), void *arg) |
2745 | 0 | { |
2746 | 0 | pk11KeyCallback perKeyCB; |
2747 | 0 | pk11TraverseSlot perObjectCB; |
2748 | 0 | CK_OBJECT_CLASS privkClass = CKO_PRIVATE_KEY; |
2749 | 0 | CK_BBOOL ckTrue = CK_TRUE; |
2750 | 0 | CK_ATTRIBUTE theTemplate[2]; |
2751 | 0 | int templateSize = 2; |
2752 | |
|
2753 | 0 | theTemplate[0].type = CKA_CLASS; |
2754 | 0 | theTemplate[0].pValue = &privkClass; |
2755 | 0 | theTemplate[0].ulValueLen = sizeof(privkClass); |
2756 | 0 | theTemplate[1].type = CKA_TOKEN; |
2757 | 0 | theTemplate[1].pValue = &ckTrue; |
2758 | 0 | theTemplate[1].ulValueLen = sizeof(ckTrue); |
2759 | |
|
2760 | 0 | if (slot == NULL) { |
2761 | 0 | return SECSuccess; |
2762 | 0 | } |
2763 | | |
2764 | 0 | perObjectCB.callback = pk11_DoKeys; |
2765 | 0 | perObjectCB.callbackArg = &perKeyCB; |
2766 | 0 | perObjectCB.findTemplate = theTemplate; |
2767 | 0 | perObjectCB.templateCount = templateSize; |
2768 | 0 | perKeyCB.callback = callback; |
2769 | 0 | perKeyCB.callbackArg = arg; |
2770 | 0 | perKeyCB.wincx = NULL; |
2771 | |
|
2772 | 0 | return PK11_TraverseSlot(slot, &perObjectCB); |
2773 | 0 | } |
2774 | | |
2775 | | /* |
2776 | | * return the private key with the given ID |
2777 | | */ |
2778 | | CK_OBJECT_HANDLE |
2779 | | pk11_FindPrivateKeyFromCertID(PK11SlotInfo *slot, SECItem *keyID) |
2780 | 0 | { |
2781 | 0 | CK_OBJECT_CLASS privKey = CKO_PRIVATE_KEY; |
2782 | 0 | CK_ATTRIBUTE theTemplate[] = { |
2783 | 0 | { CKA_ID, NULL, 0 }, |
2784 | 0 | { CKA_CLASS, NULL, 0 }, |
2785 | 0 | }; |
2786 | | /* if you change the array, change the variable below as well */ |
2787 | 0 | int tsize = sizeof(theTemplate) / sizeof(theTemplate[0]); |
2788 | 0 | CK_ATTRIBUTE *attrs = theTemplate; |
2789 | |
|
2790 | 0 | PK11_SETATTRS(attrs, CKA_ID, keyID->data, keyID->len); |
2791 | 0 | attrs++; |
2792 | 0 | PK11_SETATTRS(attrs, CKA_CLASS, &privKey, sizeof(privKey)); |
2793 | |
|
2794 | 0 | return pk11_FindObjectByTemplate(slot, theTemplate, tsize); |
2795 | 0 | } |
2796 | | |
2797 | | SECKEYPrivateKey * |
2798 | | PK11_FindKeyByKeyID(PK11SlotInfo *slot, SECItem *keyID, void *wincx) |
2799 | 0 | { |
2800 | 0 | CK_OBJECT_HANDLE keyHandle; |
2801 | 0 | SECKEYPrivateKey *privKey; |
2802 | |
|
2803 | 0 | keyHandle = pk11_FindPrivateKeyFromCertID(slot, keyID); |
2804 | 0 | if (keyHandle == CK_INVALID_HANDLE) { |
2805 | 0 | return NULL; |
2806 | 0 | } |
2807 | 0 | privKey = PK11_MakePrivKey(slot, nullKey, PR_TRUE, keyHandle, wincx); |
2808 | 0 | return privKey; |
2809 | 0 | } |
2810 | | |
2811 | | /* |
2812 | | * Generate a CKA_ID from the relevant public key data. The CKA_ID is generated |
2813 | | * from the pubKeyData by SHA1_Hashing it to produce a smaller CKA_ID (to make |
2814 | | * smart cards happy. |
2815 | | */ |
2816 | | SECItem * |
2817 | | PK11_MakeIDFromPubKey(const SECItem *pubKeyData) |
2818 | 111k | { |
2819 | 111k | PK11Context *context; |
2820 | 111k | SECItem *certCKA_ID; |
2821 | 111k | SECStatus rv; |
2822 | | |
2823 | 111k | if (pubKeyData->len <= SHA1_LENGTH) { |
2824 | | /* probably an already hashed value. The strongest known public |
2825 | | * key values <= 160 bits would be less than 40 bit symetric in |
2826 | | * strength. Don't hash them, just return the value. There are |
2827 | | * none at the time of this writing supported by previous versions |
2828 | | * of NSS, so change is binary compatible safe */ |
2829 | 2.48k | return SECITEM_DupItem(pubKeyData); |
2830 | 2.48k | } |
2831 | | |
2832 | 108k | context = PK11_CreateDigestContext(SEC_OID_SHA1); |
2833 | 108k | if (context == NULL) { |
2834 | 0 | return NULL; |
2835 | 0 | } |
2836 | | |
2837 | 108k | rv = PK11_DigestBegin(context); |
2838 | 108k | if (rv == SECSuccess) { |
2839 | 108k | rv = PK11_DigestOp(context, pubKeyData->data, pubKeyData->len); |
2840 | 108k | } |
2841 | 108k | if (rv != SECSuccess) { |
2842 | 0 | PK11_DestroyContext(context, PR_TRUE); |
2843 | 0 | return NULL; |
2844 | 0 | } |
2845 | | |
2846 | 108k | certCKA_ID = (SECItem *)PORT_Alloc(sizeof(SECItem)); |
2847 | 108k | if (certCKA_ID == NULL) { |
2848 | 0 | PK11_DestroyContext(context, PR_TRUE); |
2849 | 0 | return NULL; |
2850 | 0 | } |
2851 | | |
2852 | 108k | certCKA_ID->len = SHA1_LENGTH; |
2853 | 108k | certCKA_ID->data = (unsigned char *)PORT_Alloc(certCKA_ID->len); |
2854 | 108k | if (certCKA_ID->data == NULL) { |
2855 | 0 | PORT_Free(certCKA_ID); |
2856 | 0 | PK11_DestroyContext(context, PR_TRUE); |
2857 | 0 | return NULL; |
2858 | 0 | } |
2859 | | |
2860 | 108k | rv = PK11_DigestFinal(context, certCKA_ID->data, &certCKA_ID->len, |
2861 | 108k | SHA1_LENGTH); |
2862 | 108k | PK11_DestroyContext(context, PR_TRUE); |
2863 | 108k | if (rv != SECSuccess) { |
2864 | 0 | SECITEM_FreeItem(certCKA_ID, PR_TRUE); |
2865 | 0 | return NULL; |
2866 | 0 | } |
2867 | | |
2868 | 108k | return certCKA_ID; |
2869 | 108k | } |
2870 | | |
2871 | | /* Looking for PK11_GetKeyIDFromPrivateKey? |
2872 | | * Call PK11_GetLowLevelKeyIDForPrivateKey instead. |
2873 | | */ |
2874 | | |
2875 | | SECItem * |
2876 | | PK11_GetLowLevelKeyIDForPrivateKey(SECKEYPrivateKey *privKey) |
2877 | 0 | { |
2878 | 0 | return pk11_GetLowLevelKeyFromHandle(privKey->pkcs11Slot, privKey->pkcs11ID); |
2879 | 0 | } |
2880 | | |
2881 | | static SECStatus |
2882 | | privateKeyListCallback(SECKEYPrivateKey *key, void *arg) |
2883 | 0 | { |
2884 | 0 | SECKEYPrivateKeyList *list = (SECKEYPrivateKeyList *)arg; |
2885 | 0 | return SECKEY_AddPrivateKeyToListTail(list, SECKEY_CopyPrivateKey(key)); |
2886 | 0 | } |
2887 | | |
2888 | | SECKEYPrivateKeyList * |
2889 | | PK11_ListPrivateKeysInSlot(PK11SlotInfo *slot) |
2890 | 0 | { |
2891 | 0 | SECStatus status; |
2892 | 0 | SECKEYPrivateKeyList *keys; |
2893 | |
|
2894 | 0 | keys = SECKEY_NewPrivateKeyList(); |
2895 | 0 | if (keys == NULL) |
2896 | 0 | return NULL; |
2897 | | |
2898 | 0 | status = PK11_TraversePrivateKeysInSlot(slot, privateKeyListCallback, |
2899 | 0 | (void *)keys); |
2900 | |
|
2901 | 0 | if (status != SECSuccess) { |
2902 | 0 | SECKEY_DestroyPrivateKeyList(keys); |
2903 | 0 | keys = NULL; |
2904 | 0 | } |
2905 | |
|
2906 | 0 | return keys; |
2907 | 0 | } |
2908 | | |
2909 | | SECKEYPublicKeyList * |
2910 | | PK11_ListPublicKeysInSlot(PK11SlotInfo *slot, char *nickname) |
2911 | 0 | { |
2912 | 0 | CK_ATTRIBUTE findTemp[4]; |
2913 | 0 | CK_ATTRIBUTE *attrs; |
2914 | 0 | CK_BBOOL ckTrue = CK_TRUE; |
2915 | 0 | CK_OBJECT_CLASS keyclass = CKO_PUBLIC_KEY; |
2916 | 0 | size_t tsize = 0; |
2917 | 0 | int objCount = 0; |
2918 | 0 | CK_OBJECT_HANDLE *key_ids; |
2919 | 0 | SECKEYPublicKeyList *keys; |
2920 | 0 | int i, len; |
2921 | |
|
2922 | 0 | attrs = findTemp; |
2923 | 0 | PK11_SETATTRS(attrs, CKA_CLASS, &keyclass, sizeof(keyclass)); |
2924 | 0 | attrs++; |
2925 | 0 | PK11_SETATTRS(attrs, CKA_TOKEN, &ckTrue, sizeof(ckTrue)); |
2926 | 0 | attrs++; |
2927 | 0 | if (nickname) { |
2928 | 0 | len = PORT_Strlen(nickname); |
2929 | 0 | PK11_SETATTRS(attrs, CKA_LABEL, nickname, len); |
2930 | 0 | attrs++; |
2931 | 0 | } |
2932 | 0 | tsize = attrs - findTemp; |
2933 | 0 | PORT_Assert(tsize <= sizeof(findTemp) / sizeof(CK_ATTRIBUTE)); |
2934 | |
|
2935 | 0 | key_ids = pk11_FindObjectsByTemplate(slot, findTemp, tsize, &objCount); |
2936 | 0 | if (key_ids == NULL) { |
2937 | 0 | return NULL; |
2938 | 0 | } |
2939 | 0 | keys = SECKEY_NewPublicKeyList(); |
2940 | 0 | if (keys == NULL) { |
2941 | 0 | PORT_Free(key_ids); |
2942 | 0 | return NULL; |
2943 | 0 | } |
2944 | | |
2945 | 0 | for (i = 0; i < objCount; i++) { |
2946 | 0 | SECKEYPublicKey *pubKey = |
2947 | 0 | PK11_ExtractPublicKey(slot, nullKey, key_ids[i]); |
2948 | 0 | if (pubKey) { |
2949 | 0 | SECKEY_AddPublicKeyToListTail(keys, pubKey); |
2950 | 0 | } |
2951 | 0 | } |
2952 | |
|
2953 | 0 | PORT_Free(key_ids); |
2954 | 0 | return keys; |
2955 | 0 | } |
2956 | | |
2957 | | SECKEYPrivateKeyList * |
2958 | | PK11_ListPrivKeysInSlot(PK11SlotInfo *slot, char *nickname, void *wincx) |
2959 | 0 | { |
2960 | 0 | CK_ATTRIBUTE findTemp[4]; |
2961 | 0 | CK_ATTRIBUTE *attrs; |
2962 | 0 | CK_BBOOL ckTrue = CK_TRUE; |
2963 | 0 | CK_OBJECT_CLASS keyclass = CKO_PRIVATE_KEY; |
2964 | 0 | size_t tsize = 0; |
2965 | 0 | int objCount = 0; |
2966 | 0 | CK_OBJECT_HANDLE *key_ids; |
2967 | 0 | SECKEYPrivateKeyList *keys; |
2968 | 0 | int i, len; |
2969 | |
|
2970 | 0 | attrs = findTemp; |
2971 | 0 | PK11_SETATTRS(attrs, CKA_CLASS, &keyclass, sizeof(keyclass)); |
2972 | 0 | attrs++; |
2973 | 0 | PK11_SETATTRS(attrs, CKA_TOKEN, &ckTrue, sizeof(ckTrue)); |
2974 | 0 | attrs++; |
2975 | 0 | if (nickname) { |
2976 | 0 | len = PORT_Strlen(nickname); |
2977 | 0 | PK11_SETATTRS(attrs, CKA_LABEL, nickname, len); |
2978 | 0 | attrs++; |
2979 | 0 | } |
2980 | 0 | tsize = attrs - findTemp; |
2981 | 0 | PORT_Assert(tsize <= sizeof(findTemp) / sizeof(CK_ATTRIBUTE)); |
2982 | |
|
2983 | 0 | key_ids = pk11_FindObjectsByTemplate(slot, findTemp, tsize, &objCount); |
2984 | 0 | if (key_ids == NULL) { |
2985 | 0 | return NULL; |
2986 | 0 | } |
2987 | 0 | keys = SECKEY_NewPrivateKeyList(); |
2988 | 0 | if (keys == NULL) { |
2989 | 0 | PORT_Free(key_ids); |
2990 | 0 | return NULL; |
2991 | 0 | } |
2992 | | |
2993 | 0 | for (i = 0; i < objCount; i++) { |
2994 | 0 | SECKEYPrivateKey *privKey = |
2995 | 0 | PK11_MakePrivKey(slot, nullKey, PR_TRUE, key_ids[i], wincx); |
2996 | 0 | SECKEY_AddPrivateKeyToListTail(keys, privKey); |
2997 | 0 | } |
2998 | |
|
2999 | 0 | PORT_Free(key_ids); |
3000 | 0 | return keys; |
3001 | 0 | } |