|
 |
6fbbf4 |
diff -up ./nss/lib/softoken/pkcs11.c.add_encrypt_derive ./nss/lib/softoken/pkcs11.c
|
|
|
6fbbf4 |
--- ./nss/lib/softoken/pkcs11.c.add_encrypt_derive 2014-06-24 13:45:27.000000000 -0700
|
|
|
6fbbf4 |
+++ ./nss/lib/softoken/pkcs11.c 2014-10-31 17:24:58.021526521 -0700
|
|
|
6fbbf4 |
@@ -442,11 +442,22 @@ static const struct mechanismList mechan
|
|
|
6fbbf4 |
#endif
|
|
|
6fbbf4 |
/* --------------------- Secret Key Operations ------------------------ */
|
|
|
6fbbf4 |
{CKM_GENERIC_SECRET_KEY_GEN, {1, 32, CKF_GENERATE}, PR_TRUE},
|
|
|
6fbbf4 |
- {CKM_CONCATENATE_BASE_AND_KEY, {1, 32, CKF_GENERATE}, PR_FALSE},
|
|
|
6fbbf4 |
- {CKM_CONCATENATE_BASE_AND_DATA, {1, 32, CKF_GENERATE}, PR_FALSE},
|
|
|
6fbbf4 |
- {CKM_CONCATENATE_DATA_AND_BASE, {1, 32, CKF_GENERATE}, PR_FALSE},
|
|
|
6fbbf4 |
- {CKM_XOR_BASE_AND_DATA, {1, 32, CKF_GENERATE}, PR_FALSE},
|
|
|
6fbbf4 |
+ {CKM_CONCATENATE_BASE_AND_KEY, {1, 32, CKF_DERIVE}, PR_FALSE},
|
|
|
6fbbf4 |
+ {CKM_CONCATENATE_BASE_AND_DATA, {1, 32, CKF_DERIVE}, PR_FALSE},
|
|
|
6fbbf4 |
+ {CKM_CONCATENATE_DATA_AND_BASE, {1, 32, CKF_DERIVE}, PR_FALSE},
|
|
|
6fbbf4 |
+ {CKM_XOR_BASE_AND_DATA, {1, 32, CKF_DERIVE}, PR_FALSE},
|
|
|
6fbbf4 |
{CKM_EXTRACT_KEY_FROM_KEY, {1, 32, CKF_DERIVE}, PR_FALSE},
|
|
|
6fbbf4 |
+ {CKM_EXTRACT_KEY_FROM_KEY, {1, 32, CKF_DERIVE}, PR_FALSE},
|
|
|
6fbbf4 |
+ {CKM_DES_ECB_ENCRYPT_DATA, {1, 32, CKF_DERIVE}, PR_FALSE},
|
|
|
6fbbf4 |
+ {CKM_DES_CBC_ENCRYPT_DATA, {1, 32, CKF_DERIVE}, PR_FALSE},
|
|
|
6fbbf4 |
+ {CKM_DES3_ECB_ENCRYPT_DATA, {1, 32, CKF_DERIVE}, PR_FALSE},
|
|
|
6fbbf4 |
+ {CKM_DES3_CBC_ENCRYPT_DATA, {1, 32, CKF_DERIVE}, PR_FALSE},
|
|
|
6fbbf4 |
+ {CKM_AES_ECB_ENCRYPT_DATA, {1, 32, CKF_DERIVE}, PR_FALSE},
|
|
|
6fbbf4 |
+ {CKM_AES_CBC_ENCRYPT_DATA, {1, 32, CKF_DERIVE}, PR_FALSE},
|
|
|
6fbbf4 |
+ {CKM_CAMELLIA_ECB_ENCRYPT_DATA, {1, 32, CKF_DERIVE}, PR_FALSE},
|
|
|
6fbbf4 |
+ {CKM_CAMELLIA_CBC_ENCRYPT_DATA, {1, 32, CKF_DERIVE}, PR_FALSE},
|
|
|
6fbbf4 |
+ {CKM_SEED_ECB_ENCRYPT_DATA, {1, 32, CKF_DERIVE}, PR_FALSE},
|
|
|
6fbbf4 |
+ {CKM_SEED_CBC_ENCRYPT_DATA, {1, 32, CKF_DERIVE}, PR_FALSE},
|
|
|
6fbbf4 |
/* ---------------------- SSL Key Derivations ------------------------- */
|
|
|
6fbbf4 |
{CKM_SSL3_PRE_MASTER_KEY_GEN, {48, 48, CKF_GENERATE}, PR_FALSE},
|
|
|
6fbbf4 |
{CKM_SSL3_MASTER_KEY_DERIVE, {48, 48, CKF_DERIVE}, PR_FALSE},
|
|
|
6fbbf4 |
diff -up ./nss/lib/softoken/pkcs11c.c.add_encrypt_derive ./nss/lib/softoken/pkcs11c.c
|
|
|
6fbbf4 |
--- ./nss/lib/softoken/pkcs11c.c.add_encrypt_derive 2014-10-31 17:24:58.007526287 -0700
|
|
|
6fbbf4 |
+++ ./nss/lib/softoken/pkcs11c.c 2014-10-31 17:33:59.457507480 -0700
|
|
|
6fbbf4 |
@@ -5840,6 +5840,44 @@ static CK_RV sftk_ANSI_X9_63_kdf(CK_BYTE
|
|
|
6fbbf4 |
#endif /* NSS_DISABLE_ECC */
|
|
|
6fbbf4 |
|
|
|
6fbbf4 |
/*
|
|
|
6fbbf4 |
+ * Handle The derive from a block encryption cipher
|
|
|
6fbbf4 |
+ */
|
|
|
6fbbf4 |
+CK_RV
|
|
|
6fbbf4 |
+sftk_DeriveEncrypt(SFTKObject *key, CK_ULONG keySize, void *cipherInfo,
|
|
|
6fbbf4 |
+ int blockSize, unsigned char *data, CK_ULONG len, SFTKCipher encrypt)
|
|
|
6fbbf4 |
+{
|
|
|
6fbbf4 |
+ unsigned char *tmpdata = NULL;
|
|
|
6fbbf4 |
+ SECStatus rv;
|
|
|
6fbbf4 |
+ unsigned int outLen;
|
|
|
6fbbf4 |
+ CK_RV crv;
|
|
|
6fbbf4 |
+
|
|
|
6fbbf4 |
+ if ((len % blockSize) != 0) {
|
|
|
6fbbf4 |
+ return CKR_MECHANISM_PARAM_INVALID;
|
|
|
6fbbf4 |
+ }
|
|
|
6fbbf4 |
+ if (keySize && (len < keySize)) {
|
|
|
6fbbf4 |
+ return CKR_MECHANISM_PARAM_INVALID;
|
|
|
6fbbf4 |
+ }
|
|
|
6fbbf4 |
+ if (keySize == 0) {
|
|
|
6fbbf4 |
+ keySize = len;
|
|
|
6fbbf4 |
+ }
|
|
|
6fbbf4 |
+
|
|
|
6fbbf4 |
+ tmpdata = PORT_Alloc(len);
|
|
|
6fbbf4 |
+ if (tmpdata == NULL) {
|
|
|
6fbbf4 |
+ return CKR_HOST_MEMORY;
|
|
|
6fbbf4 |
+ }
|
|
|
6fbbf4 |
+ rv = (*encrypt)(cipherInfo, tmpdata, &outLen, len, data, len);
|
|
|
6fbbf4 |
+ if (rv != SECSuccess) {
|
|
|
6fbbf4 |
+ crv = sftk_MapCryptError(PORT_GetError());
|
|
|
6fbbf4 |
+ PORT_ZFree(tmpdata, len);
|
|
|
6fbbf4 |
+ return crv;
|
|
|
6fbbf4 |
+ }
|
|
|
6fbbf4 |
+
|
|
|
6fbbf4 |
+ crv = sftk_forceAttribute (key,CKA_VALUE,tmpdata,keySize);
|
|
|
6fbbf4 |
+ PORT_ZFree(tmpdata,len);
|
|
|
6fbbf4 |
+ return crv;
|
|
|
6fbbf4 |
+}
|
|
|
6fbbf4 |
+
|
|
|
6fbbf4 |
+/*
|
|
|
6fbbf4 |
* SSL Key generation given pre master secret
|
|
|
6fbbf4 |
*/
|
|
|
6fbbf4 |
#define NUM_MIXERS 9
|
|
|
6fbbf4 |
@@ -5883,6 +5921,9 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE h
|
|
|
6fbbf4 |
CK_KEY_TYPE keyType = CKK_GENERIC_SECRET;
|
|
|
6fbbf4 |
CK_OBJECT_CLASS classType = CKO_SECRET_KEY;
|
|
|
6fbbf4 |
CK_KEY_DERIVATION_STRING_DATA *stringPtr;
|
|
|
6fbbf4 |
+ CK_AES_CBC_ENCRYPT_DATA_PARAMS *aesEncryptPtr;
|
|
|
6fbbf4 |
+ CK_DES_CBC_ENCRYPT_DATA_PARAMS *desEncryptPtr;
|
|
|
6fbbf4 |
+ void *cipherInfo;
|
|
|
6fbbf4 |
PRBool isTLS = PR_FALSE;
|
|
|
6fbbf4 |
PRBool isSHA256 = PR_FALSE;
|
|
|
6fbbf4 |
PRBool isDH = PR_FALSE;
|
|
|
6fbbf4 |
@@ -5892,6 +5933,7 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE h
|
|
|
6fbbf4 |
unsigned char sha_out[SHA1_LENGTH];
|
|
|
6fbbf4 |
unsigned char key_block[NUM_MIXERS * MD5_LENGTH];
|
|
|
6fbbf4 |
unsigned char key_block2[MD5_LENGTH];
|
|
|
6fbbf4 |
+ unsigned char des3key[24];
|
|
|
6fbbf4 |
PRBool isFIPS;
|
|
|
6fbbf4 |
HASH_HashType hashType;
|
|
|
6fbbf4 |
PRBool extractValue = PR_TRUE;
|
|
|
6fbbf4 |
@@ -6544,6 +6586,136 @@ key_and_mac_derive_fail:
|
|
|
6fbbf4 |
break;
|
|
|
6fbbf4 |
}
|
|
|
6fbbf4 |
|
|
|
6fbbf4 |
+ case CKM_DES_ECB_ENCRYPT_DATA:
|
|
|
6fbbf4 |
+ stringPtr = (CK_KEY_DERIVATION_STRING_DATA *) pMechanism->pParameter;
|
|
|
6fbbf4 |
+ cipherInfo = DES_CreateContext( (unsigned char*)att->attrib.pValue,
|
|
|
6fbbf4 |
+ NULL, NSS_DES, PR_TRUE);
|
|
|
6fbbf4 |
+ if (cipherInfo == NULL) { crv = CKR_HOST_MEMORY; break; }
|
|
|
6fbbf4 |
+ crv = sftk_DeriveEncrypt(key, keySize, cipherInfo, 8,
|
|
|
6fbbf4 |
+ stringPtr->pData, stringPtr->ulLen, (SFTKCipher) DES_Encrypt);
|
|
|
6fbbf4 |
+ DES_DestroyContext(cipherInfo, PR_TRUE);
|
|
|
6fbbf4 |
+ break;
|
|
|
6fbbf4 |
+
|
|
|
6fbbf4 |
+ case CKM_DES_CBC_ENCRYPT_DATA:
|
|
|
6fbbf4 |
+ desEncryptPtr = (CK_DES_CBC_ENCRYPT_DATA_PARAMS *)
|
|
|
6fbbf4 |
+ pMechanism->pParameter;
|
|
|
6fbbf4 |
+ cipherInfo = DES_CreateContext( (unsigned char*)att->attrib.pValue,
|
|
|
6fbbf4 |
+ desEncryptPtr->iv, NSS_DES_CBC, PR_TRUE);
|
|
|
6fbbf4 |
+ if (cipherInfo == NULL) { crv = CKR_HOST_MEMORY; break; }
|
|
|
6fbbf4 |
+ crv = sftk_DeriveEncrypt(key, keySize, cipherInfo, 8,
|
|
|
6fbbf4 |
+ desEncryptPtr->pData, desEncryptPtr->length,
|
|
|
6fbbf4 |
+ (SFTKCipher) DES_Encrypt);
|
|
|
6fbbf4 |
+ DES_DestroyContext(cipherInfo, PR_TRUE);
|
|
|
6fbbf4 |
+ break;
|
|
|
6fbbf4 |
+
|
|
|
6fbbf4 |
+ case CKM_DES3_ECB_ENCRYPT_DATA:
|
|
|
6fbbf4 |
+ stringPtr = (CK_KEY_DERIVATION_STRING_DATA *) pMechanism->pParameter;
|
|
|
6fbbf4 |
+ if (att->attrib.ulValueLen == 16) {
|
|
|
6fbbf4 |
+ PORT_Memcpy(des3key, att->attrib.pValue, 16);
|
|
|
6fbbf4 |
+ PORT_Memcpy(des3key + 16, des3key, 8);
|
|
|
6fbbf4 |
+ } else if (att->attrib.ulValueLen == 24) {
|
|
|
6fbbf4 |
+ PORT_Memcpy(des3key, att->attrib.pValue, 24);
|
|
|
6fbbf4 |
+ } else {
|
|
|
6fbbf4 |
+ crv = CKR_KEY_SIZE_RANGE; break;
|
|
|
6fbbf4 |
+ }
|
|
|
6fbbf4 |
+ cipherInfo = DES_CreateContext( des3key, NULL, NSS_DES_EDE3, PR_TRUE);
|
|
|
6fbbf4 |
+ PORT_Memset(des3key, 0, 24);
|
|
|
6fbbf4 |
+ if (cipherInfo == NULL) { crv = CKR_HOST_MEMORY; break; }
|
|
|
6fbbf4 |
+ crv = sftk_DeriveEncrypt(key, keySize, cipherInfo, 8,
|
|
|
6fbbf4 |
+ stringPtr->pData, stringPtr->ulLen, (SFTKCipher) DES_Encrypt);
|
|
|
6fbbf4 |
+ DES_DestroyContext(cipherInfo, PR_TRUE);
|
|
|
6fbbf4 |
+ break;
|
|
|
6fbbf4 |
+
|
|
|
6fbbf4 |
+ case CKM_DES3_CBC_ENCRYPT_DATA:
|
|
|
6fbbf4 |
+ desEncryptPtr = (CK_DES_CBC_ENCRYPT_DATA_PARAMS *)
|
|
|
6fbbf4 |
+ pMechanism->pParameter;
|
|
|
6fbbf4 |
+ if (att->attrib.ulValueLen == 16) {
|
|
|
6fbbf4 |
+ PORT_Memcpy(des3key, att->attrib.pValue, 16);
|
|
|
6fbbf4 |
+ PORT_Memcpy(des3key + 16, des3key, 8);
|
|
|
6fbbf4 |
+ } else if (att->attrib.ulValueLen == 24) {
|
|
|
6fbbf4 |
+ PORT_Memcpy(des3key, att->attrib.pValue, 24);
|
|
|
6fbbf4 |
+ } else {
|
|
|
6fbbf4 |
+ crv = CKR_KEY_SIZE_RANGE; break;
|
|
|
6fbbf4 |
+ }
|
|
|
6fbbf4 |
+ cipherInfo = DES_CreateContext( des3key, desEncryptPtr->iv,
|
|
|
6fbbf4 |
+ NSS_DES_EDE3_CBC, PR_TRUE);
|
|
|
6fbbf4 |
+ PORT_Memset(des3key, 0, 24);
|
|
|
6fbbf4 |
+ if (cipherInfo == NULL) { crv = CKR_HOST_MEMORY; break; }
|
|
|
6fbbf4 |
+ crv = sftk_DeriveEncrypt(key, keySize, cipherInfo, 8,
|
|
|
6fbbf4 |
+ desEncryptPtr->pData, desEncryptPtr->length,
|
|
|
6fbbf4 |
+ (SFTKCipher) DES_Encrypt);
|
|
|
6fbbf4 |
+ DES_DestroyContext(cipherInfo, PR_TRUE);
|
|
|
6fbbf4 |
+ break;
|
|
|
6fbbf4 |
+
|
|
|
6fbbf4 |
+ case CKM_AES_ECB_ENCRYPT_DATA:
|
|
|
6fbbf4 |
+ stringPtr = (CK_KEY_DERIVATION_STRING_DATA *) pMechanism->pParameter;
|
|
|
6fbbf4 |
+ cipherInfo = AES_CreateContext( (unsigned char*)att->attrib.pValue,
|
|
|
6fbbf4 |
+ NULL, NSS_AES, PR_TRUE, att->attrib.ulValueLen, 16);
|
|
|
6fbbf4 |
+ if (cipherInfo == NULL) { crv = CKR_HOST_MEMORY; break; }
|
|
|
6fbbf4 |
+ crv = sftk_DeriveEncrypt(key, keySize, cipherInfo, 16,
|
|
|
6fbbf4 |
+ stringPtr->pData, stringPtr->ulLen, (SFTKCipher) AES_Encrypt);
|
|
|
6fbbf4 |
+ AES_DestroyContext(cipherInfo, PR_TRUE);
|
|
|
6fbbf4 |
+ break;
|
|
|
6fbbf4 |
+
|
|
|
6fbbf4 |
+ case CKM_AES_CBC_ENCRYPT_DATA:
|
|
|
6fbbf4 |
+ aesEncryptPtr = (CK_AES_CBC_ENCRYPT_DATA_PARAMS *)
|
|
|
6fbbf4 |
+ pMechanism->pParameter;
|
|
|
6fbbf4 |
+ cipherInfo = AES_CreateContext( (unsigned char*)att->attrib.pValue,
|
|
|
6fbbf4 |
+ aesEncryptPtr->iv, NSS_AES_CBC,
|
|
|
6fbbf4 |
+ PR_TRUE, att->attrib.ulValueLen, 16);
|
|
|
6fbbf4 |
+ if (cipherInfo == NULL) { crv = CKR_HOST_MEMORY; break; }
|
|
|
6fbbf4 |
+ crv = sftk_DeriveEncrypt(key, keySize, cipherInfo, 16,
|
|
|
6fbbf4 |
+ aesEncryptPtr->pData, aesEncryptPtr->length,
|
|
|
6fbbf4 |
+ (SFTKCipher) AES_Encrypt);
|
|
|
6fbbf4 |
+ AES_DestroyContext(cipherInfo, PR_TRUE);
|
|
|
6fbbf4 |
+ break;
|
|
|
6fbbf4 |
+
|
|
|
6fbbf4 |
+ case CKM_CAMELLIA_ECB_ENCRYPT_DATA:
|
|
|
6fbbf4 |
+ stringPtr = (CK_KEY_DERIVATION_STRING_DATA *) pMechanism->pParameter;
|
|
|
6fbbf4 |
+ cipherInfo = Camellia_CreateContext( (unsigned char*)att->attrib.pValue,
|
|
|
6fbbf4 |
+ NULL, NSS_CAMELLIA, PR_TRUE,att->attrib.ulValueLen);
|
|
|
6fbbf4 |
+ if (cipherInfo == NULL) { crv = CKR_HOST_MEMORY; break; }
|
|
|
6fbbf4 |
+ crv = sftk_DeriveEncrypt(key, keySize, cipherInfo, 16,
|
|
|
6fbbf4 |
+ stringPtr->pData, stringPtr->ulLen,
|
|
|
6fbbf4 |
+ (SFTKCipher) Camellia_Encrypt);
|
|
|
6fbbf4 |
+ Camellia_DestroyContext(cipherInfo, PR_TRUE);
|
|
|
6fbbf4 |
+ break;
|
|
|
6fbbf4 |
+
|
|
|
6fbbf4 |
+ case CKM_CAMELLIA_CBC_ENCRYPT_DATA:
|
|
|
6fbbf4 |
+ aesEncryptPtr = (CK_AES_CBC_ENCRYPT_DATA_PARAMS *)
|
|
|
6fbbf4 |
+ pMechanism->pParameter;
|
|
|
6fbbf4 |
+ cipherInfo = Camellia_CreateContext((unsigned char*)att->attrib.pValue,
|
|
|
6fbbf4 |
+ aesEncryptPtr->iv,NSS_CAMELLIA_CBC,
|
|
|
6fbbf4 |
+ PR_TRUE, att->attrib.ulValueLen);
|
|
|
6fbbf4 |
+ if (cipherInfo == NULL) { crv = CKR_HOST_MEMORY; break; }
|
|
|
6fbbf4 |
+ crv = sftk_DeriveEncrypt(key, keySize, cipherInfo, 16,
|
|
|
6fbbf4 |
+ aesEncryptPtr->pData, aesEncryptPtr->length,
|
|
|
6fbbf4 |
+ (SFTKCipher) Camellia_Encrypt);
|
|
|
6fbbf4 |
+ Camellia_DestroyContext(cipherInfo, PR_TRUE);
|
|
|
6fbbf4 |
+ break;
|
|
|
6fbbf4 |
+
|
|
|
6fbbf4 |
+ case CKM_SEED_ECB_ENCRYPT_DATA:
|
|
|
6fbbf4 |
+ stringPtr = (CK_KEY_DERIVATION_STRING_DATA *) pMechanism->pParameter;
|
|
|
6fbbf4 |
+ cipherInfo = SEED_CreateContext( (unsigned char*)att->attrib.pValue,
|
|
|
6fbbf4 |
+ NULL, NSS_SEED, PR_TRUE);
|
|
|
6fbbf4 |
+ if (cipherInfo == NULL) { crv = CKR_HOST_MEMORY; break; }
|
|
|
6fbbf4 |
+ crv = sftk_DeriveEncrypt(key, keySize, cipherInfo, 16,
|
|
|
6fbbf4 |
+ stringPtr->pData, stringPtr->ulLen, (SFTKCipher) SEED_Encrypt);
|
|
|
6fbbf4 |
+ SEED_DestroyContext(cipherInfo, PR_TRUE);
|
|
|
6fbbf4 |
+ break;
|
|
|
6fbbf4 |
+
|
|
|
6fbbf4 |
+ case CKM_SEED_CBC_ENCRYPT_DATA:
|
|
|
6fbbf4 |
+ aesEncryptPtr = (CK_AES_CBC_ENCRYPT_DATA_PARAMS *)
|
|
|
6fbbf4 |
+ pMechanism->pParameter;
|
|
|
6fbbf4 |
+ cipherInfo = SEED_CreateContext( (unsigned char*)att->attrib.pValue,
|
|
|
6fbbf4 |
+ aesEncryptPtr->iv, NSS_SEED_CBC, PR_TRUE);
|
|
|
6fbbf4 |
+ if (cipherInfo == NULL) { crv = CKR_HOST_MEMORY; break; }
|
|
|
6fbbf4 |
+ crv = sftk_DeriveEncrypt(key, keySize, cipherInfo, 16,
|
|
|
6fbbf4 |
+ aesEncryptPtr->pData, aesEncryptPtr->length,
|
|
|
6fbbf4 |
+ (SFTKCipher) SEED_Encrypt);
|
|
|
6fbbf4 |
+ SEED_DestroyContext(cipherInfo, PR_TRUE);
|
|
|
6fbbf4 |
+ break;
|
|
|
6fbbf4 |
+
|
|
|
6fbbf4 |
case CKM_CONCATENATE_BASE_AND_DATA:
|
|
|
6fbbf4 |
crv = sftk_DeriveSensitiveCheck(sourceKey,key);
|
|
|
6fbbf4 |
if (crv != CKR_OK) break;
|