|
 |
b93447 |
diff -up jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyGenerator.c.fix jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyGenerator.c
|
|
|
b93447 |
--- jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyGenerator.c.fix 2011-08-15 15:39:56.633158000 -0700
|
|
|
b93447 |
+++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyGenerator.c 2011-08-15 20:43:34.947749000 -0700
|
|
|
b93447 |
@@ -239,40 +239,47 @@ print_secitem(SECItem *item) {
|
|
|
b93447 |
* TokenException if an error occurs.
|
|
|
b93447 |
*/
|
|
|
b93447 |
static PK11SymKey*
|
|
|
b93447 |
-constructSHA1PBAKey(JNIEnv *env, SECItem *pwitem, SECItem *salt,
|
|
|
b93447 |
+constructSHA1PBAKey(JNIEnv *env, PK11SlotInfo *slot, SECItem *pwitem, SECItem *salt,
|
|
|
b93447 |
int iterationCount)
|
|
|
b93447 |
{
|
|
|
b93447 |
- PBEBitGenContext* pbeCtxt=NULL;
|
|
|
b93447 |
- SECItem *keyBits=NULL;
|
|
|
b93447 |
PK11SymKey *key=NULL;
|
|
|
b93447 |
|
|
|
b93447 |
- pbeCtxt = PBE_CreateContext( SEC_OID_SHA1, pbeBitGenIntegrityKey,
|
|
|
b93447 |
- pwitem, salt, 160 /* SHA1 key length */, iterationCount);
|
|
|
b93447 |
- if( pbeCtxt == NULL ) {
|
|
|
b93447 |
- JSS_throwMsg(env, TOKEN_EXCEPTION, "Failed to create PBE context");
|
|
|
b93447 |
+ unsigned char ivData[8];
|
|
|
b93447 |
+ SECItem mechItem;
|
|
|
b93447 |
+ CK_PBE_PARAMS pbe_params;
|
|
|
b93447 |
+
|
|
|
b93447 |
+ if( pwitem == NULL ) {
|
|
|
b93447 |
+ JSS_throwMsg(env, TOKEN_EXCEPTION,
|
|
|
b93447 |
+ "constructSHA1PAKey:"
|
|
|
b93447 |
+ " pwitem NULL");
|
|
|
b93447 |
goto finish;
|
|
|
b93447 |
}
|
|
|
b93447 |
-
|
|
|
b93447 |
- keyBits = PBE_GenerateBits(pbeCtxt);
|
|
|
b93447 |
- if( keyBits == NULL ) {
|
|
|
b93447 |
- JSS_throwMsg(env, TOKEN_EXCEPTION, "Failed to generate bits from"
|
|
|
b93447 |
- "PBE context");
|
|
|
b93447 |
+ if( salt == NULL ) {
|
|
|
b93447 |
+ JSS_throwMsg(env, TOKEN_EXCEPTION,
|
|
|
b93447 |
+ "constructSHA1PAKey:"
|
|
|
b93447 |
+ " salt NULL");
|
|
|
b93447 |
goto finish;
|
|
|
b93447 |
}
|
|
|
b93447 |
|
|
|
b93447 |
- key = PK11_ImportSymKey( PK11_GetInternalSlot(), CKM_SHA_1,
|
|
|
b93447 |
- PK11_OriginGenerated, CKA_SIGN, keyBits, NULL);
|
|
|
b93447 |
+ pbe_params.pInitVector = ivData;
|
|
|
b93447 |
+ pbe_params.pPassword = pwitem->data;
|
|
|
b93447 |
+ pbe_params.ulPasswordLen = pwitem->len;
|
|
|
b93447 |
+ pbe_params.pSalt = salt->data;
|
|
|
b93447 |
+ pbe_params.ulSaltLen = salt->len;
|
|
|
b93447 |
+ pbe_params.ulIteration = iterationCount;
|
|
|
b93447 |
+ mechItem.data = (unsigned char *) &pbe_params;
|
|
|
b93447 |
+ mechItem.len = sizeof(pbe_params);
|
|
|
b93447 |
+
|
|
|
b93447 |
+ key = PK11_RawPBEKeyGen(slot, CKM_PBA_SHA1_WITH_SHA1_HMAC, &mechItem, pwitem, PR_FALSE, NULL);
|
|
|
b93447 |
+
|
|
|
b93447 |
if( key == NULL ) {
|
|
|
b93447 |
- JSS_throwMsg(env, TOKEN_EXCEPTION, "Failed to import PBA key from"
|
|
|
b93447 |
- " PBA-generated bits");
|
|
|
b93447 |
+ JSS_throwMsg(env, TOKEN_EXCEPTION,
|
|
|
b93447 |
+ "PK11_RawPBEKeyGen:"
|
|
|
b93447 |
+ " failed to generate key");
|
|
|
b93447 |
goto finish;
|
|
|
b93447 |
}
|
|
|
b93447 |
|
|
|
b93447 |
finish:
|
|
|
b93447 |
- if( pbeCtxt ) {
|
|
|
b93447 |
- PBE_DestroyContext(pbeCtxt);
|
|
|
b93447 |
- }
|
|
|
b93447 |
- /* keyBits == pbeCtxt, so we don't need to free it */
|
|
|
b93447 |
return key;
|
|
|
b93447 |
}
|
|
|
b93447 |
|
|
|
b93447 |
@@ -324,7 +331,7 @@ Java_org_mozilla_jss_pkcs11_PK11KeyGener
|
|
|
b93447 |
|
|
|
b93447 |
/* special case, construct key by hand. Bug #336587 */
|
|
|
b93447 |
|
|
|
b93447 |
- skey = constructSHA1PBAKey(env, pwitem, salt, iterationCount);
|
|
|
b93447 |
+ skey = constructSHA1PBAKey(env, slot, pwitem, salt, iterationCount);
|
|
|
b93447 |
if( skey==NULL ) {
|
|
|
b93447 |
/* exception was thrown */
|
|
|
b93447 |
goto finish;
|