|
 |
60ce18 |
diff -up ./nss/lib/softoken/lowpbe.c.pkcs12-sha2 ./nss/lib/softoken/lowpbe.c
|
|
|
60ce18 |
--- ./nss/lib/softoken/lowpbe.c.pkcs12-sha2 2017-02-17 05:20:06.000000000 -0800
|
|
|
60ce18 |
+++ ./nss/lib/softoken/lowpbe.c 2017-03-23 10:34:22.320526927 -0700
|
|
|
60ce18 |
@@ -408,7 +408,6 @@ loser:
|
|
|
60ce18 |
return result;
|
|
|
60ce18 |
}
|
|
|
60ce18 |
|
|
|
60ce18 |
-#define HMAC_BUFFER 64
|
|
|
60ce18 |
#define NSSPBE_ROUNDUP(x, y) ((((x) + ((y)-1)) / (y)) * (y))
|
|
|
60ce18 |
#define NSSPBE_MIN(x, y) ((x) < (y) ? (x) : (y))
|
|
|
60ce18 |
/*
|
|
|
60ce18 |
@@ -430,6 +429,7 @@ nsspkcs5_PKCS12PBE(const SECHashObject *
|
|
|
60ce18 |
int iter;
|
|
|
60ce18 |
unsigned char *iterBuf;
|
|
|
60ce18 |
void *hash = NULL;
|
|
|
60ce18 |
+ unsigned int bufferLength;
|
|
|
60ce18 |
|
|
|
60ce18 |
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
|
|
|
60ce18 |
if (!arena) {
|
|
|
60ce18 |
@@ -439,8 +439,11 @@ nsspkcs5_PKCS12PBE(const SECHashObject *
|
|
|
60ce18 |
/* how many hash object lengths are needed */
|
|
|
60ce18 |
c = (bytesNeeded + (hashLength - 1)) / hashLength;
|
|
|
60ce18 |
|
|
|
60ce18 |
+ /* 64 if 0 < hashLength <= 32, 128 if 32 < hashLength <= 64 */
|
|
|
60ce18 |
+ bufferLength = NSSPBE_ROUNDUP(hashLength * 2, 64);
|
|
|
60ce18 |
+
|
|
|
60ce18 |
/* initialize our buffers */
|
|
|
60ce18 |
- D.len = HMAC_BUFFER;
|
|
|
60ce18 |
+ D.len = bufferLength;
|
|
|
60ce18 |
/* B and D are the same length, use one alloc go get both */
|
|
|
60ce18 |
D.data = (unsigned char *)PORT_ArenaZAlloc(arena, D.len * 2);
|
|
|
60ce18 |
B.len = D.len;
|
|
|
60ce18 |
@@ -452,8 +455,8 @@ nsspkcs5_PKCS12PBE(const SECHashObject *
|
|
|
60ce18 |
goto loser;
|
|
|
60ce18 |
}
|
|
|
60ce18 |
|
|
|
60ce18 |
- SLen = NSSPBE_ROUNDUP(salt->len, HMAC_BUFFER);
|
|
|
60ce18 |
- PLen = NSSPBE_ROUNDUP(pwitem->len, HMAC_BUFFER);
|
|
|
60ce18 |
+ SLen = NSSPBE_ROUNDUP(salt->len, bufferLength);
|
|
|
60ce18 |
+ PLen = NSSPBE_ROUNDUP(pwitem->len, bufferLength);
|
|
|
60ce18 |
I.len = SLen + PLen;
|
|
|
60ce18 |
I.data = (unsigned char *)PORT_ArenaZAlloc(arena, I.len);
|
|
|
60ce18 |
if (I.data == NULL) {
|
|
|
60ce18 |
diff -up ./nss/lib/softoken/pkcs11c.c.pkcs12-sha2 ./nss/lib/softoken/pkcs11c.c
|
|
|
60ce18 |
--- ./nss/lib/softoken/pkcs11c.c.pkcs12-sha2 2017-02-17 05:20:06.000000000 -0800
|
|
|
60ce18 |
+++ ./nss/lib/softoken/pkcs11c.c 2017-03-23 10:34:22.322526961 -0700
|
|
|
60ce18 |
@@ -3971,6 +3971,22 @@ nsc_SetupHMACKeyGen(CK_MECHANISM_PTR pMe
|
|
|
60ce18 |
params->hashType = HASH_AlgMD2;
|
|
|
60ce18 |
params->keyLen = 16;
|
|
|
60ce18 |
break;
|
|
|
60ce18 |
+ case CKM_NSS_PKCS12_PBE_SHA224_HMAC_KEY_GEN:
|
|
|
60ce18 |
+ params->hashType = HASH_AlgSHA224;
|
|
|
60ce18 |
+ params->keyLen = 28;
|
|
|
60ce18 |
+ break;
|
|
|
60ce18 |
+ case CKM_NSS_PKCS12_PBE_SHA256_HMAC_KEY_GEN:
|
|
|
60ce18 |
+ params->hashType = HASH_AlgSHA256;
|
|
|
60ce18 |
+ params->keyLen = 32;
|
|
|
60ce18 |
+ break;
|
|
|
60ce18 |
+ case CKM_NSS_PKCS12_PBE_SHA384_HMAC_KEY_GEN:
|
|
|
60ce18 |
+ params->hashType = HASH_AlgSHA384;
|
|
|
60ce18 |
+ params->keyLen = 48;
|
|
|
60ce18 |
+ break;
|
|
|
60ce18 |
+ case CKM_NSS_PKCS12_PBE_SHA512_HMAC_KEY_GEN:
|
|
|
60ce18 |
+ params->hashType = HASH_AlgSHA512;
|
|
|
60ce18 |
+ params->keyLen = 64;
|
|
|
60ce18 |
+ break;
|
|
|
60ce18 |
default:
|
|
|
60ce18 |
PORT_FreeArena(arena, PR_TRUE);
|
|
|
60ce18 |
return CKR_MECHANISM_INVALID;
|
|
|
60ce18 |
@@ -4189,6 +4205,10 @@ NSC_GenerateKey(CK_SESSION_HANDLE hSessi
|
|
|
60ce18 |
case CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN:
|
|
|
60ce18 |
case CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN:
|
|
|
60ce18 |
case CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN:
|
|
|
60ce18 |
+ case CKM_NSS_PKCS12_PBE_SHA224_HMAC_KEY_GEN:
|
|
|
60ce18 |
+ case CKM_NSS_PKCS12_PBE_SHA256_HMAC_KEY_GEN:
|
|
|
60ce18 |
+ case CKM_NSS_PKCS12_PBE_SHA384_HMAC_KEY_GEN:
|
|
|
60ce18 |
+ case CKM_NSS_PKCS12_PBE_SHA512_HMAC_KEY_GEN:
|
|
|
60ce18 |
key_gen_type = nsc_pbe;
|
|
|
60ce18 |
key_type = CKK_GENERIC_SECRET;
|
|
|
60ce18 |
crv = nsc_SetupHMACKeyGen(pMechanism, &pbe_param);
|
|
|
60ce18 |
diff -up ./nss/lib/softoken/pkcs11.c.pkcs12-sha2 ./nss/lib/softoken/pkcs11.c
|
|
|
60ce18 |
--- ./nss/lib/softoken/pkcs11.c.pkcs12-sha2 2017-02-17 05:20:06.000000000 -0800
|
|
|
60ce18 |
+++ ./nss/lib/softoken/pkcs11.c 2017-03-23 10:34:22.321526944 -0700
|
|
|
60ce18 |
@@ -480,6 +480,10 @@ static const struct mechanismList mechan
|
|
|
60ce18 |
{ CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN, { 20, 20, CKF_GENERATE }, PR_TRUE },
|
|
|
60ce18 |
{ CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN, { 16, 16, CKF_GENERATE }, PR_TRUE },
|
|
|
60ce18 |
{ CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN, { 16, 16, CKF_GENERATE }, PR_TRUE },
|
|
|
60ce18 |
+ { CKM_NSS_PKCS12_PBE_SHA224_HMAC_KEY_GEN, { 28, 28, CKF_GENERATE }, PR_TRUE },
|
|
|
60ce18 |
+ { CKM_NSS_PKCS12_PBE_SHA256_HMAC_KEY_GEN, { 32, 32, CKF_GENERATE }, PR_TRUE },
|
|
|
60ce18 |
+ { CKM_NSS_PKCS12_PBE_SHA384_HMAC_KEY_GEN, { 48, 48, CKF_GENERATE }, PR_TRUE },
|
|
|
60ce18 |
+ { CKM_NSS_PKCS12_PBE_SHA512_HMAC_KEY_GEN, { 64, 64, CKF_GENERATE }, PR_TRUE },
|
|
|
60ce18 |
/* ------------------ AES Key Wrap (also encrypt) ------------------- */
|
|
|
60ce18 |
{ CKM_NETSCAPE_AES_KEY_WRAP, { 16, 32, CKF_EN_DE_WR_UN }, PR_TRUE },
|
|
|
60ce18 |
{ CKM_NETSCAPE_AES_KEY_WRAP_PAD, { 16, 32, CKF_EN_DE_WR_UN }, PR_TRUE },
|