1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4 /*
5 * This file maps various PKCS #11 Mechanisms to related mechanisms, key
6 * types, and ASN.1 encodings.
7 */
8 #include "seccomon.h"
9 #include "secmod.h"
10 #include "secmodi.h"
11 #include "pkcs11t.h"
12 #include "pk11func.h"
13 #include "secitem.h"
14 #include "secder.h"
15 #include "secasn1.h"
16 #include "secoid.h"
17 #include "secerr.h"
18
19 /*************************************************************
20 * local static and global data
21 *************************************************************/
22
23 /*
24 * Tables used for Extended mechanism mapping (currently not used)
25 */
26 typedef struct {
27 CK_MECHANISM_TYPE keyGen;
28 CK_KEY_TYPE keyType;
29 CK_MECHANISM_TYPE type;
30 CK_MECHANISM_TYPE padType;
31 int blockSize;
32 int iv;
33 } pk11MechanismData;
34
35 static pk11MechanismData pk11_default =
36 { CKM_GENERIC_SECRET_KEY_GEN, CKK_GENERIC_SECRET,
37 CKM_FAKE_RANDOM, CKM_FAKE_RANDOM, 8, 8 };
38 static pk11MechanismData *pk11_MechanismTable = NULL;
39 static int pk11_MechTableSize = 0;
40 static int pk11_MechEntrySize = 0;
41
42 /*
43 * list of mechanisms we're willing to wrap secret keys with.
44 * This list is ordered by preference.
45 */
46 CK_MECHANISM_TYPE wrapMechanismList[] = {
47 CKM_DES3_ECB,
48 CKM_CAST5_ECB,
49 CKM_AES_ECB,
50 CKM_CAMELLIA_ECB,
51 CKM_SEED_ECB,
52 CKM_CAST5_ECB,
53 CKM_DES_ECB,
54 CKM_KEY_WRAP_LYNKS,
55 CKM_IDEA_ECB,
56 CKM_CAST3_ECB,
57 CKM_CAST_ECB,
58 CKM_RC5_ECB,
59 CKM_RC2_ECB,
60 CKM_CDMF_ECB,
61 CKM_SKIPJACK_WRAP,
62 };
63
64 int wrapMechanismCount = sizeof(wrapMechanismList) / sizeof(wrapMechanismList[0]);
65
66 /*********************************************************************
67 * Mechanism Mapping functions
68 *********************************************************************/
69
70 /*
71 * lookup an entry in the mechanism table. If none found, return the
72 * default structure.
73 */
74 static pk11MechanismData *
pk11_lookup(CK_MECHANISM_TYPE type)75 pk11_lookup(CK_MECHANISM_TYPE type)
76 {
77 int i;
78 for (i = 0; i < pk11_MechEntrySize; i++) {
79 if (pk11_MechanismTable[i].type == type) {
80 return (&pk11_MechanismTable[i]);
81 }
82 }
83 return &pk11_default;
84 }
85
86 /*
87 * find the best key wrap mechanism for this slot.
88 */
89 CK_MECHANISM_TYPE
PK11_GetBestWrapMechanism(PK11SlotInfo * slot)90 PK11_GetBestWrapMechanism(PK11SlotInfo *slot)
91 {
92 int i;
93 for (i = 0; i < wrapMechanismCount; i++) {
94 if (PK11_DoesMechanism(slot, wrapMechanismList[i])) {
95 return wrapMechanismList[i];
96 }
97 }
98 return CKM_INVALID_MECHANISM;
99 }
100
101 /*
102 * NOTE: This is not thread safe. Called at init time, and when loading
103 * a new Entry. It is reasonably safe as long as it is not re-entered
104 * (readers will always see a consistant table)
105 *
106 * This routine is called to add entries to the mechanism table, once there,
107 * they can not be removed.
108 */
109 void
PK11_AddMechanismEntry(CK_MECHANISM_TYPE type,CK_KEY_TYPE key,CK_MECHANISM_TYPE keyGen,CK_MECHANISM_TYPE padType,int ivLen,int blockSize)110 PK11_AddMechanismEntry(CK_MECHANISM_TYPE type, CK_KEY_TYPE key,
111 CK_MECHANISM_TYPE keyGen,
112 CK_MECHANISM_TYPE padType,
113 int ivLen, int blockSize)
114 {
115 int tableSize = pk11_MechTableSize;
116 int size = pk11_MechEntrySize;
117 int entry = size++;
118 pk11MechanismData *old = pk11_MechanismTable;
119 pk11MechanismData *newt = pk11_MechanismTable;
120
121 if (size > tableSize) {
122 int oldTableSize = tableSize;
123 tableSize += 10;
124 newt = PORT_NewArray(pk11MechanismData, tableSize);
125 if (newt == NULL)
126 return;
127
128 if (old)
129 PORT_Memcpy(newt, old, oldTableSize * sizeof(*newt));
130 } else
131 old = NULL;
132
133 newt[entry].type = type;
134 newt[entry].keyType = key;
135 newt[entry].keyGen = keyGen;
136 newt[entry].padType = padType;
137 newt[entry].iv = ivLen;
138 newt[entry].blockSize = blockSize;
139
140 pk11_MechanismTable = newt;
141 pk11_MechTableSize = tableSize;
142 pk11_MechEntrySize = size;
143 if (old)
144 PORT_Free(old);
145 }
146
147 /*
148 * Get the mechanism needed for the given key type
149 */
150 CK_MECHANISM_TYPE
PK11_GetKeyMechanism(CK_KEY_TYPE type)151 PK11_GetKeyMechanism(CK_KEY_TYPE type)
152 {
153 switch (type) {
154 case CKK_SEED:
155 return CKM_SEED_CBC;
156 case CKK_CAMELLIA:
157 return CKM_CAMELLIA_CBC;
158 case CKK_NSS_CHACHA20:
159 return CKM_NSS_CHACHA20_POLY1305;
160 case CKK_CHACHA20:
161 return CKM_CHACHA20_POLY1305;
162 case CKK_AES:
163 return CKM_AES_CBC;
164 case CKK_DES:
165 return CKM_DES_CBC;
166 case CKK_DES3:
167 return CKM_DES3_KEY_GEN;
168 case CKK_DES2:
169 return CKM_DES2_KEY_GEN;
170 case CKK_CDMF:
171 return CKM_CDMF_CBC;
172 case CKK_RC2:
173 return CKM_RC2_CBC;
174 case CKK_RC4:
175 return CKM_RC4;
176 case CKK_RC5:
177 return CKM_RC5_CBC;
178 case CKK_SKIPJACK:
179 return CKM_SKIPJACK_CBC64;
180 case CKK_BATON:
181 return CKM_BATON_CBC128;
182 case CKK_JUNIPER:
183 return CKM_JUNIPER_CBC128;
184 case CKK_IDEA:
185 return CKM_IDEA_CBC;
186 case CKK_CAST:
187 return CKM_CAST_CBC;
188 case CKK_CAST3:
189 return CKM_CAST3_CBC;
190 case CKK_CAST5:
191 return CKM_CAST5_CBC;
192 case CKK_RSA:
193 return CKM_RSA_PKCS;
194 case CKK_DSA:
195 return CKM_DSA;
196 case CKK_DH:
197 return CKM_DH_PKCS_DERIVE;
198 case CKK_KEA:
199 return CKM_KEA_KEY_DERIVE;
200 case CKK_EC: /* CKK_ECDSA is deprecated */
201 return CKM_ECDSA;
202 case CKK_HKDF:
203 return CKM_HKDF_DERIVE;
204 case CKK_GENERIC_SECRET:
205 default:
206 return CKM_SHA_1_HMAC;
207 }
208 }
209
210 /*
211 * Get the key type needed for the given mechanism
212 */
213 CK_KEY_TYPE
PK11_GetKeyType(CK_MECHANISM_TYPE type,unsigned long len)214 PK11_GetKeyType(CK_MECHANISM_TYPE type, unsigned long len)
215 {
216 switch (type) {
217 case CKM_SEED_ECB:
218 case CKM_SEED_CBC:
219 case CKM_SEED_MAC:
220 case CKM_SEED_MAC_GENERAL:
221 case CKM_SEED_CBC_PAD:
222 case CKM_SEED_KEY_GEN:
223 return CKK_SEED;
224 case CKM_CAMELLIA_ECB:
225 case CKM_CAMELLIA_CBC:
226 case CKM_CAMELLIA_MAC:
227 case CKM_CAMELLIA_MAC_GENERAL:
228 case CKM_CAMELLIA_CBC_PAD:
229 case CKM_CAMELLIA_KEY_GEN:
230 return CKK_CAMELLIA;
231 case CKM_NSS_CHACHA20_POLY1305:
232 case CKM_NSS_CHACHA20_KEY_GEN:
233 case CKM_NSS_CHACHA20_CTR:
234 return CKK_NSS_CHACHA20;
235 case CKM_CHACHA20_POLY1305:
236 case CKM_CHACHA20_KEY_GEN:
237 case CKM_CHACHA20:
238 return CKK_NSS_CHACHA20;
239 case CKM_AES_ECB:
240 case CKM_AES_CBC:
241 case CKM_AES_CCM:
242 case CKM_AES_CTR:
243 case CKM_AES_CTS:
244 case CKM_AES_GCM:
245 case CKM_AES_MAC:
246 case CKM_AES_MAC_GENERAL:
247 case CKM_AES_CMAC:
248 case CKM_AES_CMAC_GENERAL:
249 case CKM_AES_CBC_PAD:
250 case CKM_AES_KEY_GEN:
251 case CKM_NSS_AES_KEY_WRAP:
252 case CKM_NSS_AES_KEY_WRAP_PAD:
253 case CKM_AES_KEY_WRAP:
254 case CKM_AES_KEY_WRAP_KWP:
255 case CKM_AES_XCBC_MAC:
256 case CKM_AES_XCBC_MAC_96:
257 return CKK_AES;
258 case CKM_DES_ECB:
259 case CKM_DES_CBC:
260 case CKM_DES_MAC:
261 case CKM_DES_MAC_GENERAL:
262 case CKM_DES_CBC_PAD:
263 case CKM_DES_KEY_GEN:
264 case CKM_KEY_WRAP_LYNKS:
265 case CKM_PBE_MD2_DES_CBC:
266 case CKM_PBE_MD5_DES_CBC:
267 return CKK_DES;
268 case CKM_DES3_ECB:
269 case CKM_DES3_CBC:
270 case CKM_DES3_MAC:
271 case CKM_DES3_MAC_GENERAL:
272 case CKM_DES3_CBC_PAD:
273 return (len == 16) ? CKK_DES2 : CKK_DES3;
274 case CKM_DES2_KEY_GEN:
275 case CKM_PBE_SHA1_DES2_EDE_CBC:
276 return CKK_DES2;
277 case CKM_PBE_SHA1_DES3_EDE_CBC:
278 case CKM_DES3_KEY_GEN:
279 return CKK_DES3;
280 case CKM_CDMF_ECB:
281 case CKM_CDMF_CBC:
282 case CKM_CDMF_MAC:
283 case CKM_CDMF_MAC_GENERAL:
284 case CKM_CDMF_CBC_PAD:
285 case CKM_CDMF_KEY_GEN:
286 return CKK_CDMF;
287 case CKM_RC2_ECB:
288 case CKM_RC2_CBC:
289 case CKM_RC2_MAC:
290 case CKM_RC2_MAC_GENERAL:
291 case CKM_RC2_CBC_PAD:
292 case CKM_RC2_KEY_GEN:
293 case CKM_PBE_SHA1_RC2_128_CBC:
294 case CKM_PBE_SHA1_RC2_40_CBC:
295 return CKK_RC2;
296 case CKM_RC4:
297 case CKM_RC4_KEY_GEN:
298 return CKK_RC4;
299 case CKM_RC5_ECB:
300 case CKM_RC5_CBC:
301 case CKM_RC5_MAC:
302 case CKM_RC5_MAC_GENERAL:
303 case CKM_RC5_CBC_PAD:
304 case CKM_RC5_KEY_GEN:
305 return CKK_RC5;
306 case CKM_SKIPJACK_CBC64:
307 case CKM_SKIPJACK_ECB64:
308 case CKM_SKIPJACK_OFB64:
309 case CKM_SKIPJACK_CFB64:
310 case CKM_SKIPJACK_CFB32:
311 case CKM_SKIPJACK_CFB16:
312 case CKM_SKIPJACK_CFB8:
313 case CKM_SKIPJACK_KEY_GEN:
314 case CKM_SKIPJACK_WRAP:
315 case CKM_SKIPJACK_PRIVATE_WRAP:
316 return CKK_SKIPJACK;
317 case CKM_BATON_ECB128:
318 case CKM_BATON_ECB96:
319 case CKM_BATON_CBC128:
320 case CKM_BATON_COUNTER:
321 case CKM_BATON_SHUFFLE:
322 case CKM_BATON_WRAP:
323 case CKM_BATON_KEY_GEN:
324 return CKK_BATON;
325 case CKM_JUNIPER_ECB128:
326 case CKM_JUNIPER_CBC128:
327 case CKM_JUNIPER_COUNTER:
328 case CKM_JUNIPER_SHUFFLE:
329 case CKM_JUNIPER_WRAP:
330 case CKM_JUNIPER_KEY_GEN:
331 return CKK_JUNIPER;
332 case CKM_IDEA_CBC:
333 case CKM_IDEA_ECB:
334 case CKM_IDEA_MAC:
335 case CKM_IDEA_MAC_GENERAL:
336 case CKM_IDEA_CBC_PAD:
337 case CKM_IDEA_KEY_GEN:
338 return CKK_IDEA;
339 case CKM_CAST_ECB:
340 case CKM_CAST_CBC:
341 case CKM_CAST_MAC:
342 case CKM_CAST_MAC_GENERAL:
343 case CKM_CAST_CBC_PAD:
344 case CKM_CAST_KEY_GEN:
345 case CKM_PBE_MD5_CAST_CBC:
346 return CKK_CAST;
347 case CKM_CAST3_ECB:
348 case CKM_CAST3_CBC:
349 case CKM_CAST3_MAC:
350 case CKM_CAST3_MAC_GENERAL:
351 case CKM_CAST3_CBC_PAD:
352 case CKM_CAST3_KEY_GEN:
353 case CKM_PBE_MD5_CAST3_CBC:
354 return CKK_CAST3;
355 case CKM_CAST5_ECB:
356 case CKM_CAST5_CBC:
357 case CKM_CAST5_MAC:
358 case CKM_CAST5_MAC_GENERAL:
359 case CKM_CAST5_CBC_PAD:
360 case CKM_CAST5_KEY_GEN:
361 case CKM_PBE_MD5_CAST5_CBC:
362 return CKK_CAST5;
363 case CKM_RSA_PKCS:
364 case CKM_RSA_9796:
365 case CKM_RSA_X_509:
366 case CKM_MD2_RSA_PKCS:
367 case CKM_MD5_RSA_PKCS:
368 case CKM_SHA1_RSA_PKCS:
369 case CKM_SHA224_RSA_PKCS:
370 case CKM_SHA256_RSA_PKCS:
371 case CKM_SHA384_RSA_PKCS:
372 case CKM_SHA512_RSA_PKCS:
373 case CKM_KEY_WRAP_SET_OAEP:
374 case CKM_RSA_PKCS_KEY_PAIR_GEN:
375 case CKM_RSA_X9_31_KEY_PAIR_GEN:
376 return CKK_RSA;
377 case CKM_DSA:
378 case CKM_DSA_SHA1:
379 case CKM_DSA_KEY_PAIR_GEN:
380 return CKK_DSA;
381 case CKM_DH_PKCS_DERIVE:
382 case CKM_DH_PKCS_KEY_PAIR_GEN:
383 return CKK_DH;
384 case CKM_KEA_KEY_DERIVE:
385 case CKM_KEA_KEY_PAIR_GEN:
386 return CKK_KEA;
387 case CKM_ECDSA:
388 case CKM_ECDSA_SHA1:
389 case CKM_EC_KEY_PAIR_GEN: /* aka CKM_ECDSA_KEY_PAIR_GEN */
390 case CKM_ECDH1_DERIVE:
391 return CKK_EC; /* CKK_ECDSA is deprecated */
392 case CKM_HKDF_KEY_GEN:
393 case CKM_HKDF_DERIVE:
394 case CKM_HKDF_DATA:
395 return CKK_HKDF;
396 case CKM_SSL3_PRE_MASTER_KEY_GEN:
397 case CKM_GENERIC_SECRET_KEY_GEN:
398 case CKM_SSL3_MASTER_KEY_DERIVE:
399 case CKM_SSL3_MASTER_KEY_DERIVE_DH:
400 case CKM_SSL3_KEY_AND_MAC_DERIVE:
401 case CKM_SSL3_SHA1_MAC:
402 case CKM_SSL3_MD5_MAC:
403 case CKM_TLS_MASTER_KEY_DERIVE:
404 case CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256:
405 case CKM_TLS_MASTER_KEY_DERIVE_DH:
406 case CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256:
407 case CKM_TLS_KEY_AND_MAC_DERIVE:
408 case CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256:
409 case CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE:
410 case CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH:
411 case CKM_SHA_1_HMAC:
412 case CKM_SHA_1_HMAC_GENERAL:
413 case CKM_SHA224_HMAC:
414 case CKM_SHA224_HMAC_GENERAL:
415 case CKM_SHA256_HMAC:
416 case CKM_SHA256_HMAC_GENERAL:
417 case CKM_SHA384_HMAC:
418 case CKM_SHA384_HMAC_GENERAL:
419 case CKM_SHA512_HMAC:
420 case CKM_SHA512_HMAC_GENERAL:
421 case CKM_MD2_HMAC:
422 case CKM_MD2_HMAC_GENERAL:
423 case CKM_MD5_HMAC:
424 case CKM_MD5_HMAC_GENERAL:
425 case CKM_TLS_PRF_GENERAL:
426 case CKM_NSS_TLS_PRF_GENERAL_SHA256:
427 return CKK_GENERIC_SECRET;
428 default:
429 return pk11_lookup(type)->keyType;
430 }
431 }
432
433 /*
434 * Get the Key Gen Mechanism needed for the given
435 * crypto mechanism
436 */
437 CK_MECHANISM_TYPE
PK11_GetKeyGen(CK_MECHANISM_TYPE type)438 PK11_GetKeyGen(CK_MECHANISM_TYPE type)
439 {
440 return PK11_GetKeyGenWithSize(type, 0);
441 }
442
443 CK_MECHANISM_TYPE
PK11_GetKeyGenWithSize(CK_MECHANISM_TYPE type,int size)444 PK11_GetKeyGenWithSize(CK_MECHANISM_TYPE type, int size)
445 {
446 switch (type) {
447 case CKM_SEED_ECB:
448 case CKM_SEED_CBC:
449 case CKM_SEED_MAC:
450 case CKM_SEED_MAC_GENERAL:
451 case CKM_SEED_CBC_PAD:
452 case CKM_SEED_KEY_GEN:
453 return CKM_SEED_KEY_GEN;
454 case CKM_CAMELLIA_ECB:
455 case CKM_CAMELLIA_CBC:
456 case CKM_CAMELLIA_MAC:
457 case CKM_CAMELLIA_MAC_GENERAL:
458 case CKM_CAMELLIA_CBC_PAD:
459 case CKM_CAMELLIA_KEY_GEN:
460 return CKM_CAMELLIA_KEY_GEN;
461 case CKM_NSS_CHACHA20_POLY1305:
462 case CKM_NSS_CHACHA20_CTR:
463 return CKM_NSS_CHACHA20_KEY_GEN;
464 case CKM_CHACHA20_POLY1305:
465 case CKM_CHACHA20:
466 return CKM_CHACHA20_KEY_GEN;
467 case CKM_AES_ECB:
468 case CKM_AES_CBC:
469 case CKM_AES_CCM:
470 case CKM_AES_CTR:
471 case CKM_AES_CTS:
472 case CKM_AES_GCM:
473 case CKM_AES_MAC:
474 case CKM_AES_MAC_GENERAL:
475 case CKM_AES_CMAC:
476 case CKM_AES_CMAC_GENERAL:
477 case CKM_AES_CBC_PAD:
478 case CKM_AES_KEY_GEN:
479 return CKM_AES_KEY_GEN;
480 case CKM_DES_ECB:
481 case CKM_DES_CBC:
482 case CKM_DES_MAC:
483 case CKM_DES_MAC_GENERAL:
484 case CKM_KEY_WRAP_LYNKS:
485 case CKM_DES_CBC_PAD:
486 case CKM_DES_KEY_GEN:
487 return CKM_DES_KEY_GEN;
488 case CKM_DES3_ECB:
489 case CKM_DES3_CBC:
490 case CKM_DES3_MAC:
491 case CKM_DES3_MAC_GENERAL:
492 case CKM_DES3_CBC_PAD:
493 return (size == 16) ? CKM_DES2_KEY_GEN : CKM_DES3_KEY_GEN;
494 case CKM_DES3_KEY_GEN:
495 return CKM_DES3_KEY_GEN;
496 case CKM_DES2_KEY_GEN:
497 return CKM_DES2_KEY_GEN;
498 case CKM_CDMF_ECB:
499 case CKM_CDMF_CBC:
500 case CKM_CDMF_MAC:
501 case CKM_CDMF_MAC_GENERAL:
502 case CKM_CDMF_CBC_PAD:
503 case CKM_CDMF_KEY_GEN:
504 return CKM_CDMF_KEY_GEN;
505 case CKM_RC2_ECB:
506 case CKM_RC2_CBC:
507 case CKM_RC2_MAC:
508 case CKM_RC2_MAC_GENERAL:
509 case CKM_RC2_CBC_PAD:
510 case CKM_RC2_KEY_GEN:
511 return CKM_RC2_KEY_GEN;
512 case CKM_RC4:
513 case CKM_RC4_KEY_GEN:
514 return CKM_RC4_KEY_GEN;
515 case CKM_RC5_ECB:
516 case CKM_RC5_CBC:
517 case CKM_RC5_MAC:
518 case CKM_RC5_MAC_GENERAL:
519 case CKM_RC5_CBC_PAD:
520 case CKM_RC5_KEY_GEN:
521 return CKM_RC5_KEY_GEN;
522 case CKM_SKIPJACK_CBC64:
523 case CKM_SKIPJACK_ECB64:
524 case CKM_SKIPJACK_OFB64:
525 case CKM_SKIPJACK_CFB64:
526 case CKM_SKIPJACK_CFB32:
527 case CKM_SKIPJACK_CFB16:
528 case CKM_SKIPJACK_CFB8:
529 case CKM_SKIPJACK_WRAP:
530 case CKM_SKIPJACK_KEY_GEN:
531 return CKM_SKIPJACK_KEY_GEN;
532 case CKM_BATON_ECB128:
533 case CKM_BATON_ECB96:
534 case CKM_BATON_CBC128:
535 case CKM_BATON_COUNTER:
536 case CKM_BATON_SHUFFLE:
537 case CKM_BATON_WRAP:
538 case CKM_BATON_KEY_GEN:
539 return CKM_BATON_KEY_GEN;
540 case CKM_JUNIPER_ECB128:
541 case CKM_JUNIPER_CBC128:
542 case CKM_JUNIPER_COUNTER:
543 case CKM_JUNIPER_SHUFFLE:
544 case CKM_JUNIPER_WRAP:
545 case CKM_JUNIPER_KEY_GEN:
546 return CKM_JUNIPER_KEY_GEN;
547 case CKM_IDEA_CBC:
548 case CKM_IDEA_ECB:
549 case CKM_IDEA_MAC:
550 case CKM_IDEA_MAC_GENERAL:
551 case CKM_IDEA_CBC_PAD:
552 case CKM_IDEA_KEY_GEN:
553 return CKM_IDEA_KEY_GEN;
554 case CKM_CAST_ECB:
555 case CKM_CAST_CBC:
556 case CKM_CAST_MAC:
557 case CKM_CAST_MAC_GENERAL:
558 case CKM_CAST_CBC_PAD:
559 case CKM_CAST_KEY_GEN:
560 return CKM_CAST_KEY_GEN;
561 case CKM_CAST3_ECB:
562 case CKM_CAST3_CBC:
563 case CKM_CAST3_MAC:
564 case CKM_CAST3_MAC_GENERAL:
565 case CKM_CAST3_CBC_PAD:
566 case CKM_CAST3_KEY_GEN:
567 return CKM_CAST3_KEY_GEN;
568 case CKM_CAST5_ECB:
569 case CKM_CAST5_CBC:
570 case CKM_CAST5_MAC:
571 case CKM_CAST5_MAC_GENERAL:
572 case CKM_CAST5_CBC_PAD:
573 case CKM_CAST5_KEY_GEN:
574 return CKM_CAST5_KEY_GEN;
575 case CKM_RSA_PKCS:
576 case CKM_RSA_9796:
577 case CKM_RSA_X_509:
578 case CKM_MD2_RSA_PKCS:
579 case CKM_MD5_RSA_PKCS:
580 case CKM_SHA1_RSA_PKCS:
581 case CKM_SHA224_RSA_PKCS:
582 case CKM_SHA256_RSA_PKCS:
583 case CKM_SHA384_RSA_PKCS:
584 case CKM_SHA512_RSA_PKCS:
585 case CKM_KEY_WRAP_SET_OAEP:
586 case CKM_RSA_PKCS_KEY_PAIR_GEN:
587 return CKM_RSA_PKCS_KEY_PAIR_GEN;
588 case CKM_RSA_X9_31_KEY_PAIR_GEN:
589 return CKM_RSA_X9_31_KEY_PAIR_GEN;
590 case CKM_DSA:
591 case CKM_DSA_SHA1:
592 case CKM_DSA_KEY_PAIR_GEN:
593 return CKM_DSA_KEY_PAIR_GEN;
594 case CKM_DH_PKCS_DERIVE:
595 case CKM_DH_PKCS_KEY_PAIR_GEN:
596 return CKM_DH_PKCS_KEY_PAIR_GEN;
597 case CKM_KEA_KEY_DERIVE:
598 case CKM_KEA_KEY_PAIR_GEN:
599 return CKM_KEA_KEY_PAIR_GEN;
600 case CKM_ECDSA:
601 case CKM_ECDSA_SHA1:
602 case CKM_EC_KEY_PAIR_GEN: /* aka CKM_ECDSA_KEY_PAIR_GEN */
603 case CKM_ECDH1_DERIVE:
604 return CKM_EC_KEY_PAIR_GEN;
605 case CKM_SSL3_PRE_MASTER_KEY_GEN:
606 case CKM_SSL3_MASTER_KEY_DERIVE:
607 case CKM_SSL3_KEY_AND_MAC_DERIVE:
608 case CKM_SSL3_SHA1_MAC:
609 case CKM_SSL3_MD5_MAC:
610 case CKM_TLS_MASTER_KEY_DERIVE:
611 case CKM_TLS_KEY_AND_MAC_DERIVE:
612 case CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256:
613 case CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE:
614 case CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH:
615 return CKM_SSL3_PRE_MASTER_KEY_GEN;
616 case CKM_SHA_1_HMAC:
617 case CKM_SHA_1_HMAC_GENERAL:
618 case CKM_SHA224_HMAC:
619 case CKM_SHA224_HMAC_GENERAL:
620 case CKM_SHA256_HMAC:
621 case CKM_SHA256_HMAC_GENERAL:
622 case CKM_SHA384_HMAC:
623 case CKM_SHA384_HMAC_GENERAL:
624 case CKM_SHA512_HMAC:
625 case CKM_SHA512_HMAC_GENERAL:
626 case CKM_MD2_HMAC:
627 case CKM_MD2_HMAC_GENERAL:
628 case CKM_MD5_HMAC:
629 case CKM_MD5_HMAC_GENERAL:
630 case CKM_TLS_PRF_GENERAL:
631 case CKM_NSS_TLS_PRF_GENERAL_SHA256:
632 case CKM_GENERIC_SECRET_KEY_GEN:
633 return CKM_GENERIC_SECRET_KEY_GEN;
634 case CKM_PBE_MD2_DES_CBC:
635 case CKM_PBE_MD5_DES_CBC:
636 case CKM_PBA_SHA1_WITH_SHA1_HMAC:
637 case CKM_NSS_PBE_SHA1_HMAC_KEY_GEN:
638 case CKM_NSS_PBE_MD5_HMAC_KEY_GEN:
639 case CKM_NSS_PBE_MD2_HMAC_KEY_GEN:
640 case CKM_NSS_PKCS12_PBE_SHA224_HMAC_KEY_GEN:
641 case CKM_NSS_PKCS12_PBE_SHA256_HMAC_KEY_GEN:
642 case CKM_NSS_PKCS12_PBE_SHA384_HMAC_KEY_GEN:
643 case CKM_NSS_PKCS12_PBE_SHA512_HMAC_KEY_GEN:
644 case CKM_NSS_PBE_SHA1_DES_CBC:
645 case CKM_NSS_PBE_SHA1_40_BIT_RC2_CBC:
646 case CKM_NSS_PBE_SHA1_128_BIT_RC2_CBC:
647 case CKM_NSS_PBE_SHA1_40_BIT_RC4:
648 case CKM_NSS_PBE_SHA1_128_BIT_RC4:
649 case CKM_NSS_PBE_SHA1_TRIPLE_DES_CBC:
650 case CKM_NSS_PBE_SHA1_FAULTY_3DES_CBC:
651 case CKM_PBE_SHA1_RC2_40_CBC:
652 case CKM_PBE_SHA1_RC2_128_CBC:
653 case CKM_PBE_SHA1_RC4_40:
654 case CKM_PBE_SHA1_RC4_128:
655 case CKM_PBE_SHA1_DES3_EDE_CBC:
656 case CKM_PBE_SHA1_DES2_EDE_CBC:
657 case CKM_PKCS5_PBKD2:
658 return type;
659 default:
660 return pk11_lookup(type)->keyGen;
661 }
662 }
663
664 /*
665 * get the mechanism block size
666 */
667 int
PK11_GetBlockSize(CK_MECHANISM_TYPE type,SECItem * params)668 PK11_GetBlockSize(CK_MECHANISM_TYPE type, SECItem *params)
669 {
670 CK_RC5_PARAMS *rc5_params;
671 CK_RC5_CBC_PARAMS *rc5_cbc_params;
672 switch (type) {
673 case CKM_RC5_ECB:
674 if ((params) && (params->data)) {
675 rc5_params = (CK_RC5_PARAMS *)params->data;
676 return (rc5_params->ulWordsize) * 2;
677 }
678 return 8;
679 case CKM_RC5_CBC:
680 case CKM_RC5_CBC_PAD:
681 if ((params) && (params->data)) {
682 rc5_cbc_params = (CK_RC5_CBC_PARAMS *)params->data;
683 return (rc5_cbc_params->ulWordsize) * 2;
684 }
685 return 8;
686 case CKM_DES_ECB:
687 case CKM_DES3_ECB:
688 case CKM_RC2_ECB:
689 case CKM_IDEA_ECB:
690 case CKM_CAST_ECB:
691 case CKM_CAST3_ECB:
692 case CKM_CAST5_ECB:
693 case CKM_RC2_CBC:
694 case CKM_SKIPJACK_CBC64:
695 case CKM_SKIPJACK_ECB64:
696 case CKM_SKIPJACK_OFB64:
697 case CKM_SKIPJACK_CFB64:
698 case CKM_DES_CBC:
699 case CKM_DES3_CBC:
700 case CKM_IDEA_CBC:
701 case CKM_CAST_CBC:
702 case CKM_CAST3_CBC:
703 case CKM_CAST5_CBC:
704 case CKM_DES_CBC_PAD:
705 case CKM_DES3_CBC_PAD:
706 case CKM_RC2_CBC_PAD:
707 case CKM_IDEA_CBC_PAD:
708 case CKM_CAST_CBC_PAD:
709 case CKM_CAST3_CBC_PAD:
710 case CKM_CAST5_CBC_PAD:
711 case CKM_PBE_MD2_DES_CBC:
712 case CKM_PBE_MD5_DES_CBC:
713 case CKM_NSS_PBE_SHA1_DES_CBC:
714 case CKM_NSS_PBE_SHA1_40_BIT_RC2_CBC:
715 case CKM_NSS_PBE_SHA1_128_BIT_RC2_CBC:
716 case CKM_NSS_PBE_SHA1_TRIPLE_DES_CBC:
717 case CKM_NSS_PBE_SHA1_FAULTY_3DES_CBC:
718 case CKM_PBE_SHA1_RC2_40_CBC:
719 case CKM_PBE_SHA1_RC2_128_CBC:
720 case CKM_PBE_SHA1_DES3_EDE_CBC:
721 case CKM_PBE_SHA1_DES2_EDE_CBC:
722 return 8;
723 case CKM_SKIPJACK_CFB32:
724 case CKM_SKIPJACK_CFB16:
725 case CKM_SKIPJACK_CFB8:
726 return 4;
727 case CKM_SEED_ECB:
728 case CKM_SEED_CBC:
729 case CKM_SEED_CBC_PAD:
730 case CKM_CAMELLIA_ECB:
731 case CKM_CAMELLIA_CBC:
732 case CKM_CAMELLIA_CBC_PAD:
733 case CKM_AES_ECB:
734 case CKM_AES_CBC:
735 case CKM_AES_CBC_PAD:
736 case CKM_BATON_ECB128:
737 case CKM_BATON_CBC128:
738 case CKM_BATON_COUNTER:
739 case CKM_BATON_SHUFFLE:
740 case CKM_JUNIPER_ECB128:
741 case CKM_JUNIPER_CBC128:
742 case CKM_JUNIPER_COUNTER:
743 case CKM_JUNIPER_SHUFFLE:
744 return 16;
745 case CKM_BATON_ECB96:
746 return 12;
747 case CKM_RC4:
748 case CKM_NSS_PBE_SHA1_40_BIT_RC4:
749 case CKM_NSS_PBE_SHA1_128_BIT_RC4:
750 case CKM_PBE_SHA1_RC4_40:
751 case CKM_PBE_SHA1_RC4_128:
752 return 0;
753 case CKM_RSA_PKCS:
754 case CKM_RSA_9796:
755 case CKM_RSA_X_509:
756 /*actually it's the modulus length of the key!*/
757 return -1; /* failure */
758 case CKM_NSS_CHACHA20_POLY1305:
759 case CKM_NSS_CHACHA20_CTR:
760 case CKM_CHACHA20_POLY1305:
761 case CKM_CHACHA20:
762 return 64;
763 default:
764 return pk11_lookup(type)->blockSize;
765 }
766 }
767
768 /*
769 * get the iv length
770 */
771 int
PK11_GetIVLength(CK_MECHANISM_TYPE type)772 PK11_GetIVLength(CK_MECHANISM_TYPE type)
773 {
774 switch (type) {
775 case CKM_SEED_ECB:
776 case CKM_CAMELLIA_ECB:
777 case CKM_AES_ECB:
778 case CKM_DES_ECB:
779 case CKM_DES3_ECB:
780 case CKM_RC2_ECB:
781 case CKM_IDEA_ECB:
782 case CKM_SKIPJACK_WRAP:
783 case CKM_BATON_WRAP:
784 case CKM_RC5_ECB:
785 case CKM_CAST_ECB:
786 case CKM_CAST3_ECB:
787 case CKM_CAST5_ECB:
788 return 0;
789 case CKM_RC2_CBC:
790 case CKM_DES_CBC:
791 case CKM_DES3_CBC:
792 case CKM_IDEA_CBC:
793 case CKM_PBE_MD2_DES_CBC:
794 case CKM_PBE_MD5_DES_CBC:
795 case CKM_NSS_PBE_SHA1_DES_CBC:
796 case CKM_NSS_PBE_SHA1_40_BIT_RC2_CBC:
797 case CKM_NSS_PBE_SHA1_128_BIT_RC2_CBC:
798 case CKM_NSS_PBE_SHA1_TRIPLE_DES_CBC:
799 case CKM_NSS_PBE_SHA1_FAULTY_3DES_CBC:
800 case CKM_PBE_SHA1_RC2_40_CBC:
801 case CKM_PBE_SHA1_RC2_128_CBC:
802 case CKM_PBE_SHA1_DES3_EDE_CBC:
803 case CKM_PBE_SHA1_DES2_EDE_CBC:
804 case CKM_RC5_CBC:
805 case CKM_CAST_CBC:
806 case CKM_CAST3_CBC:
807 case CKM_CAST5_CBC:
808 case CKM_RC2_CBC_PAD:
809 case CKM_DES_CBC_PAD:
810 case CKM_DES3_CBC_PAD:
811 case CKM_IDEA_CBC_PAD:
812 case CKM_RC5_CBC_PAD:
813 case CKM_CAST_CBC_PAD:
814 case CKM_CAST3_CBC_PAD:
815 case CKM_CAST5_CBC_PAD:
816 return 8;
817 case CKM_AES_GCM:
818 case CKM_NSS_CHACHA20_POLY1305:
819 case CKM_CHACHA20_POLY1305:
820 return 12;
821 case CKM_SEED_CBC:
822 case CKM_SEED_CBC_PAD:
823 case CKM_CAMELLIA_CBC:
824 case CKM_CAMELLIA_CBC_PAD:
825 case CKM_AES_CBC:
826 case CKM_AES_CBC_PAD:
827 case CKM_NSS_CHACHA20_CTR:
828 case CKM_CHACHA20:
829 return 16;
830 case CKM_SKIPJACK_CBC64:
831 case CKM_SKIPJACK_ECB64:
832 case CKM_SKIPJACK_OFB64:
833 case CKM_SKIPJACK_CFB64:
834 case CKM_SKIPJACK_CFB32:
835 case CKM_SKIPJACK_CFB16:
836 case CKM_SKIPJACK_CFB8:
837 case CKM_BATON_ECB128:
838 case CKM_BATON_ECB96:
839 case CKM_BATON_CBC128:
840 case CKM_BATON_COUNTER:
841 case CKM_BATON_SHUFFLE:
842 case CKM_JUNIPER_ECB128:
843 case CKM_JUNIPER_CBC128:
844 case CKM_JUNIPER_COUNTER:
845 case CKM_JUNIPER_SHUFFLE:
846 return 24;
847 case CKM_RC4:
848 case CKM_RSA_PKCS:
849 case CKM_RSA_9796:
850 case CKM_RSA_X_509:
851 case CKM_NSS_PBE_SHA1_40_BIT_RC4:
852 case CKM_NSS_PBE_SHA1_128_BIT_RC4:
853 case CKM_PBE_SHA1_RC4_40:
854 case CKM_PBE_SHA1_RC4_128:
855 return 0;
856 default:
857 return pk11_lookup(type)->iv;
858 }
859 }
860
861 /* These next two utilities are here to help facilitate future
862 * Dynamic Encrypt/Decrypt symetric key mechanisms, and to allow functions
863 * like SSL and S-MIME to automatically add them.
864 */
865 SECItem *
pk11_ParamFromIVWithLen(CK_MECHANISM_TYPE type,SECItem * iv,int keyLen)866 pk11_ParamFromIVWithLen(CK_MECHANISM_TYPE type, SECItem *iv, int keyLen)
867 {
868 CK_RC2_CBC_PARAMS *rc2_params = NULL;
869 CK_RC2_PARAMS *rc2_ecb_params = NULL;
870 CK_RC5_PARAMS *rc5_params = NULL;
871 CK_RC5_CBC_PARAMS *rc5_cbc_params = NULL;
872 SECItem *param;
873
874 param = (SECItem *)PORT_Alloc(sizeof(SECItem));
875 if (param == NULL)
876 return NULL;
877 param->data = NULL;
878 param->len = 0;
879 param->type = 0;
880 switch (type) {
881 case CKM_SEED_ECB:
882 case CKM_CAMELLIA_ECB:
883 case CKM_AES_ECB:
884 case CKM_DES_ECB:
885 case CKM_DES3_ECB:
886 case CKM_RSA_PKCS:
887 case CKM_RSA_X_509:
888 case CKM_RSA_9796:
889 case CKM_IDEA_ECB:
890 case CKM_CDMF_ECB:
891 case CKM_CAST_ECB:
892 case CKM_CAST3_ECB:
893 case CKM_CAST5_ECB:
894 case CKM_RC4:
895 break;
896 case CKM_RC2_ECB:
897 rc2_ecb_params = (CK_RC2_PARAMS *)PORT_Alloc(sizeof(CK_RC2_PARAMS));
898 if (rc2_ecb_params == NULL)
899 break;
900 /* Maybe we should pass the key size in too to get this value? */
901 *rc2_ecb_params = keyLen ? keyLen * 8 : 128;
902 param->data = (unsigned char *)rc2_ecb_params;
903 param->len = sizeof(CK_RC2_PARAMS);
904 break;
905 case CKM_RC2_CBC:
906 case CKM_RC2_CBC_PAD:
907 rc2_params = (CK_RC2_CBC_PARAMS *)PORT_Alloc(sizeof(CK_RC2_CBC_PARAMS));
908 if (rc2_params == NULL)
909 break;
910 /* Maybe we should pass the key size in too to get this value? */
911 rc2_params->ulEffectiveBits = keyLen ? keyLen * 8 : 128;
912 if (iv && iv->data)
913 PORT_Memcpy(rc2_params->iv, iv->data, sizeof(rc2_params->iv));
914 param->data = (unsigned char *)rc2_params;
915 param->len = sizeof(CK_RC2_CBC_PARAMS);
916 break;
917 case CKM_RC5_CBC:
918 case CKM_RC5_CBC_PAD:
919 rc5_cbc_params = (CK_RC5_CBC_PARAMS *)
920 PORT_Alloc(sizeof(CK_RC5_CBC_PARAMS) + ((iv) ? iv->len : 0));
921 if (rc5_cbc_params == NULL)
922 break;
923 if (iv && iv->data && iv->len) {
924 rc5_cbc_params->pIv = ((CK_BYTE_PTR)rc5_cbc_params) + sizeof(CK_RC5_CBC_PARAMS);
925 PORT_Memcpy(rc5_cbc_params->pIv, iv->data, iv->len);
926 rc5_cbc_params->ulIvLen = iv->len;
927 rc5_cbc_params->ulWordsize = iv->len / 2;
928 } else {
929 rc5_cbc_params->ulWordsize = 4;
930 rc5_cbc_params->pIv = NULL;
931 rc5_cbc_params->ulIvLen = 0;
932 }
933 rc5_cbc_params->ulRounds = 16;
934 param->data = (unsigned char *)rc5_cbc_params;
935 param->len = sizeof(CK_RC5_CBC_PARAMS);
936 break;
937 case CKM_RC5_ECB:
938 rc5_params = (CK_RC5_PARAMS *)PORT_Alloc(sizeof(CK_RC5_PARAMS));
939 if (rc5_params == NULL)
940 break;
941 if (iv && iv->data && iv->len) {
942 rc5_params->ulWordsize = iv->len / 2;
943 } else {
944 rc5_params->ulWordsize = 4;
945 }
946 rc5_params->ulRounds = 16;
947 param->data = (unsigned char *)rc5_params;
948 param->len = sizeof(CK_RC5_PARAMS);
949 break;
950
951 case CKM_SEED_CBC:
952 case CKM_CAMELLIA_CBC:
953 case CKM_AES_CBC:
954 case CKM_DES_CBC:
955 case CKM_DES3_CBC:
956 case CKM_IDEA_CBC:
957 case CKM_CDMF_CBC:
958 case CKM_CAST_CBC:
959 case CKM_CAST3_CBC:
960 case CKM_CAST5_CBC:
961 case CKM_CAMELLIA_CBC_PAD:
962 case CKM_AES_CBC_PAD:
963 case CKM_DES_CBC_PAD:
964 case CKM_DES3_CBC_PAD:
965 case CKM_IDEA_CBC_PAD:
966 case CKM_CDMF_CBC_PAD:
967 case CKM_CAST_CBC_PAD:
968 case CKM_CAST3_CBC_PAD:
969 case CKM_CAST5_CBC_PAD:
970 case CKM_SKIPJACK_CBC64:
971 case CKM_SKIPJACK_ECB64:
972 case CKM_SKIPJACK_OFB64:
973 case CKM_SKIPJACK_CFB64:
974 case CKM_SKIPJACK_CFB32:
975 case CKM_SKIPJACK_CFB16:
976 case CKM_SKIPJACK_CFB8:
977 case CKM_BATON_ECB128:
978 case CKM_BATON_ECB96:
979 case CKM_BATON_CBC128:
980 case CKM_BATON_COUNTER:
981 case CKM_BATON_SHUFFLE:
982 case CKM_JUNIPER_ECB128:
983 case CKM_JUNIPER_CBC128:
984 case CKM_JUNIPER_COUNTER:
985 case CKM_JUNIPER_SHUFFLE:
986 if ((iv == NULL) || (iv->data == NULL))
987 break;
988 param->data = (unsigned char *)PORT_Alloc(iv->len);
989 if (param->data != NULL) {
990 PORT_Memcpy(param->data, iv->data, iv->len);
991 param->len = iv->len;
992 }
993 break;
994 /* unknown mechanism, pass IV in if it's there */
995 default:
996 if (pk11_lookup(type)->iv == 0) {
997 break;
998 }
999 if ((iv == NULL) || (iv->data == NULL)) {
1000 break;
1001 }
1002 param->data = (unsigned char *)PORT_Alloc(iv->len);
1003 if (param->data != NULL) {
1004 PORT_Memcpy(param->data, iv->data, iv->len);
1005 param->len = iv->len;
1006 }
1007 break;
1008 }
1009 return param;
1010 }
1011
1012 /* These next two utilities are here to help facilitate future
1013 * Dynamic Encrypt/Decrypt symetric key mechanisms, and to allow functions
1014 * like SSL and S-MIME to automatically add them.
1015 */
1016 SECItem *
PK11_ParamFromIV(CK_MECHANISM_TYPE type,SECItem * iv)1017 PK11_ParamFromIV(CK_MECHANISM_TYPE type, SECItem *iv)
1018 {
1019 return pk11_ParamFromIVWithLen(type, iv, 0);
1020 }
1021
1022 unsigned char *
PK11_IVFromParam(CK_MECHANISM_TYPE type,SECItem * param,int * len)1023 PK11_IVFromParam(CK_MECHANISM_TYPE type, SECItem *param, int *len)
1024 {
1025 CK_RC2_CBC_PARAMS *rc2_params;
1026 CK_RC5_CBC_PARAMS *rc5_cbc_params;
1027
1028 *len = 0;
1029 switch (type) {
1030 case CKM_SEED_ECB:
1031 case CKM_CAMELLIA_ECB:
1032 case CKM_AES_ECB:
1033 case CKM_DES_ECB:
1034 case CKM_DES3_ECB:
1035 case CKM_RSA_PKCS:
1036 case CKM_RSA_X_509:
1037 case CKM_RSA_9796:
1038 case CKM_IDEA_ECB:
1039 case CKM_CDMF_ECB:
1040 case CKM_CAST_ECB:
1041 case CKM_CAST3_ECB:
1042 case CKM_CAST5_ECB:
1043 case CKM_RC4:
1044 return NULL;
1045 case CKM_RC2_ECB:
1046 return NULL;
1047 case CKM_RC2_CBC:
1048 case CKM_RC2_CBC_PAD:
1049 rc2_params = (CK_RC2_CBC_PARAMS *)param->data;
1050 *len = sizeof(rc2_params->iv);
1051 return &rc2_params->iv[0];
1052 case CKM_RC5_CBC:
1053 case CKM_RC5_CBC_PAD:
1054 rc5_cbc_params = (CK_RC5_CBC_PARAMS *)param->data;
1055 *len = rc5_cbc_params->ulIvLen;
1056 return rc5_cbc_params->pIv;
1057 case CKM_SEED_CBC:
1058 case CKM_CAMELLIA_CBC:
1059 case CKM_AES_CBC:
1060 case CKM_DES_CBC:
1061 case CKM_DES3_CBC:
1062 case CKM_IDEA_CBC:
1063 case CKM_CDMF_CBC:
1064 case CKM_CAST_CBC:
1065 case CKM_CAST3_CBC:
1066 case CKM_CAST5_CBC:
1067 case CKM_CAMELLIA_CBC_PAD:
1068 case CKM_AES_CBC_PAD:
1069 case CKM_DES_CBC_PAD:
1070 case CKM_DES3_CBC_PAD:
1071 case CKM_IDEA_CBC_PAD:
1072 case CKM_CDMF_CBC_PAD:
1073 case CKM_CAST_CBC_PAD:
1074 case CKM_CAST3_CBC_PAD:
1075 case CKM_CAST5_CBC_PAD:
1076 case CKM_SKIPJACK_CBC64:
1077 case CKM_SKIPJACK_ECB64:
1078 case CKM_SKIPJACK_OFB64:
1079 case CKM_SKIPJACK_CFB64:
1080 case CKM_SKIPJACK_CFB32:
1081 case CKM_SKIPJACK_CFB16:
1082 case CKM_SKIPJACK_CFB8:
1083 case CKM_BATON_ECB128:
1084 case CKM_BATON_ECB96:
1085 case CKM_BATON_CBC128:
1086 case CKM_BATON_COUNTER:
1087 case CKM_BATON_SHUFFLE:
1088 case CKM_JUNIPER_ECB128:
1089 case CKM_JUNIPER_CBC128:
1090 case CKM_JUNIPER_COUNTER:
1091 case CKM_JUNIPER_SHUFFLE:
1092 break;
1093 /* unknown mechanism, pass IV in if it's there */
1094 default:
1095 break;
1096 }
1097 if (param->data) {
1098 *len = param->len;
1099 }
1100 return param->data;
1101 }
1102
1103 typedef struct sec_rc5cbcParameterStr {
1104 SECItem version;
1105 SECItem rounds;
1106 SECItem blockSizeInBits;
1107 SECItem iv;
1108 } sec_rc5cbcParameter;
1109
1110 static const SEC_ASN1Template sec_rc5ecb_parameter_template[] = {
1111 { SEC_ASN1_SEQUENCE,
1112 0, NULL, sizeof(sec_rc5cbcParameter) },
1113 { SEC_ASN1_INTEGER,
1114 offsetof(sec_rc5cbcParameter, version) },
1115 { SEC_ASN1_INTEGER,
1116 offsetof(sec_rc5cbcParameter, rounds) },
1117 { SEC_ASN1_INTEGER,
1118 offsetof(sec_rc5cbcParameter, blockSizeInBits) },
1119 { 0 }
1120 };
1121
1122 static const SEC_ASN1Template sec_rc5cbc_parameter_template[] = {
1123 { SEC_ASN1_SEQUENCE,
1124 0, NULL, sizeof(sec_rc5cbcParameter) },
1125 { SEC_ASN1_INTEGER,
1126 offsetof(sec_rc5cbcParameter, version) },
1127 { SEC_ASN1_INTEGER,
1128 offsetof(sec_rc5cbcParameter, rounds) },
1129 { SEC_ASN1_INTEGER,
1130 offsetof(sec_rc5cbcParameter, blockSizeInBits) },
1131 { SEC_ASN1_OCTET_STRING,
1132 offsetof(sec_rc5cbcParameter, iv) },
1133 { 0 }
1134 };
1135
1136 typedef struct sec_rc2cbcParameterStr {
1137 SECItem rc2ParameterVersion;
1138 SECItem iv;
1139 } sec_rc2cbcParameter;
1140
1141 static const SEC_ASN1Template sec_rc2cbc_parameter_template[] = {
1142 { SEC_ASN1_SEQUENCE,
1143 0, NULL, sizeof(sec_rc2cbcParameter) },
1144 { SEC_ASN1_INTEGER,
1145 offsetof(sec_rc2cbcParameter, rc2ParameterVersion) },
1146 { SEC_ASN1_OCTET_STRING,
1147 offsetof(sec_rc2cbcParameter, iv) },
1148 { 0 }
1149 };
1150
1151 static const SEC_ASN1Template sec_rc2ecb_parameter_template[] = {
1152 { SEC_ASN1_SEQUENCE,
1153 0, NULL, sizeof(sec_rc2cbcParameter) },
1154 { SEC_ASN1_INTEGER,
1155 offsetof(sec_rc2cbcParameter, rc2ParameterVersion) },
1156 { 0 }
1157 };
1158
1159 /* S/MIME picked id values to represent differnt keysizes */
1160 /* I do have a formula, but it ain't pretty, and it only works because you
1161 * can always match three points to a parabola:) */
1162 static unsigned char
rc2_map(SECItem * version)1163 rc2_map(SECItem *version)
1164 {
1165 long x;
1166
1167 x = DER_GetInteger(version);
1168
1169 switch (x) {
1170 case 58:
1171 return 128;
1172 case 120:
1173 return 64;
1174 case 160:
1175 return 40;
1176 }
1177 return 128;
1178 }
1179
1180 static unsigned long
rc2_unmap(unsigned long x)1181 rc2_unmap(unsigned long x)
1182 {
1183 switch (x) {
1184 case 128:
1185 return 58;
1186 case 64:
1187 return 120;
1188 case 40:
1189 return 160;
1190 }
1191 return 58;
1192 }
1193
1194 /* Generate a mechaism param from a type, and iv. */
1195 SECItem *
PK11_ParamFromAlgid(SECAlgorithmID * algid)1196 PK11_ParamFromAlgid(SECAlgorithmID *algid)
1197 {
1198 CK_RC2_CBC_PARAMS *rc2_cbc_params = NULL;
1199 CK_RC2_PARAMS *rc2_ecb_params = NULL;
1200 CK_RC5_CBC_PARAMS *rc5_cbc_params = NULL;
1201 CK_RC5_PARAMS *rc5_ecb_params = NULL;
1202 PLArenaPool *arena = NULL;
1203 SECItem *mech = NULL;
1204 SECOidTag algtag;
1205 SECStatus rv;
1206 CK_MECHANISM_TYPE type;
1207 /* initialize these to prevent UMRs in the ASN1 decoder. */
1208 SECItem iv = { siBuffer, NULL, 0 };
1209 sec_rc2cbcParameter rc2 = { { siBuffer, NULL, 0 }, { siBuffer, NULL, 0 } };
1210 sec_rc5cbcParameter rc5 = { { siBuffer, NULL, 0 }, { siBuffer, NULL, 0 }, { siBuffer, NULL, 0 }, { siBuffer, NULL, 0 } };
1211
1212 algtag = SECOID_GetAlgorithmTag(algid);
1213 type = PK11_AlgtagToMechanism(algtag);
1214
1215 mech = PORT_New(SECItem);
1216 if (mech == NULL) {
1217 return NULL;
1218 }
1219 mech->type = siBuffer;
1220 mech->data = NULL;
1221 mech->len = 0;
1222
1223 arena = PORT_NewArena(1024);
1224 if (!arena) {
1225 goto loser;
1226 }
1227
1228 /* handle the complicated cases */
1229 switch (type) {
1230 case CKM_RC2_ECB:
1231 rv = SEC_ASN1DecodeItem(arena, &rc2, sec_rc2ecb_parameter_template,
1232 &(algid->parameters));
1233 if (rv != SECSuccess) {
1234 goto loser;
1235 }
1236 rc2_ecb_params = PORT_New(CK_RC2_PARAMS);
1237 if (rc2_ecb_params == NULL) {
1238 goto loser;
1239 }
1240 *rc2_ecb_params = rc2_map(&rc2.rc2ParameterVersion);
1241 mech->data = (unsigned char *)rc2_ecb_params;
1242 mech->len = sizeof *rc2_ecb_params;
1243 break;
1244 case CKM_RC2_CBC:
1245 case CKM_RC2_CBC_PAD:
1246 rv = SEC_ASN1DecodeItem(arena, &rc2, sec_rc2cbc_parameter_template,
1247 &(algid->parameters));
1248 if (rv != SECSuccess) {
1249 goto loser;
1250 }
1251 rc2_cbc_params = PORT_New(CK_RC2_CBC_PARAMS);
1252 if (rc2_cbc_params == NULL) {
1253 goto loser;
1254 }
1255 mech->data = (unsigned char *)rc2_cbc_params;
1256 mech->len = sizeof *rc2_cbc_params;
1257 rc2_cbc_params->ulEffectiveBits = rc2_map(&rc2.rc2ParameterVersion);
1258 if (rc2.iv.len != sizeof rc2_cbc_params->iv) {
1259 PORT_SetError(SEC_ERROR_INPUT_LEN);
1260 goto loser;
1261 }
1262 PORT_Memcpy(rc2_cbc_params->iv, rc2.iv.data, rc2.iv.len);
1263 break;
1264 case CKM_RC5_ECB:
1265 rv = SEC_ASN1DecodeItem(arena, &rc5, sec_rc5ecb_parameter_template,
1266 &(algid->parameters));
1267 if (rv != SECSuccess) {
1268 goto loser;
1269 }
1270 rc5_ecb_params = PORT_New(CK_RC5_PARAMS);
1271 if (rc5_ecb_params == NULL) {
1272 goto loser;
1273 }
1274 rc5_ecb_params->ulRounds = DER_GetInteger(&rc5.rounds);
1275 rc5_ecb_params->ulWordsize = DER_GetInteger(&rc5.blockSizeInBits) / 8;
1276 mech->data = (unsigned char *)rc5_ecb_params;
1277 mech->len = sizeof *rc5_ecb_params;
1278 break;
1279 case CKM_RC5_CBC:
1280 case CKM_RC5_CBC_PAD:
1281 rv = SEC_ASN1DecodeItem(arena, &rc5, sec_rc5cbc_parameter_template,
1282 &(algid->parameters));
1283 if (rv != SECSuccess) {
1284 goto loser;
1285 }
1286 rc5_cbc_params = (CK_RC5_CBC_PARAMS *)
1287 PORT_Alloc(sizeof(CK_RC5_CBC_PARAMS) + rc5.iv.len);
1288 if (rc5_cbc_params == NULL) {
1289 goto loser;
1290 }
1291 mech->data = (unsigned char *)rc5_cbc_params;
1292 mech->len = sizeof *rc5_cbc_params;
1293 rc5_cbc_params->ulRounds = DER_GetInteger(&rc5.rounds);
1294 rc5_cbc_params->ulWordsize = DER_GetInteger(&rc5.blockSizeInBits) / 8;
1295 rc5_cbc_params->pIv = ((CK_BYTE_PTR)rc5_cbc_params) + sizeof(CK_RC5_CBC_PARAMS);
1296 rc5_cbc_params->ulIvLen = rc5.iv.len;
1297 PORT_Memcpy(rc5_cbc_params->pIv, rc5.iv.data, rc5.iv.len);
1298 break;
1299 case CKM_PBE_MD2_DES_CBC:
1300 case CKM_PBE_MD5_DES_CBC:
1301 case CKM_NSS_PBE_SHA1_DES_CBC:
1302 case CKM_NSS_PBE_SHA1_TRIPLE_DES_CBC:
1303 case CKM_NSS_PBE_SHA1_FAULTY_3DES_CBC:
1304 case CKM_NSS_PBE_SHA1_40_BIT_RC2_CBC:
1305 case CKM_NSS_PBE_SHA1_128_BIT_RC2_CBC:
1306 case CKM_NSS_PBE_SHA1_40_BIT_RC4:
1307 case CKM_NSS_PBE_SHA1_128_BIT_RC4:
1308 case CKM_PBE_SHA1_DES2_EDE_CBC:
1309 case CKM_PBE_SHA1_DES3_EDE_CBC:
1310 case CKM_PBE_SHA1_RC2_40_CBC:
1311 case CKM_PBE_SHA1_RC2_128_CBC:
1312 case CKM_PBE_SHA1_RC4_40:
1313 case CKM_PBE_SHA1_RC4_128:
1314 case CKM_PKCS5_PBKD2:
1315 rv = pbe_PK11AlgidToParam(algid, mech);
1316 if (rv != SECSuccess) {
1317 goto loser;
1318 }
1319 break;
1320 case CKM_RC4:
1321 case CKM_SEED_ECB:
1322 case CKM_CAMELLIA_ECB:
1323 case CKM_AES_ECB:
1324 case CKM_DES_ECB:
1325 case CKM_DES3_ECB:
1326 case CKM_IDEA_ECB:
1327 case CKM_CDMF_ECB:
1328 case CKM_CAST_ECB:
1329 case CKM_CAST3_ECB:
1330 case CKM_CAST5_ECB:
1331 break;
1332
1333 default:
1334 if (pk11_lookup(type)->iv == 0) {
1335 break;
1336 }
1337 /* FALL THROUGH */
1338 case CKM_SEED_CBC:
1339 case CKM_CAMELLIA_CBC:
1340 case CKM_AES_CBC:
1341 case CKM_DES_CBC:
1342 case CKM_DES3_CBC:
1343 case CKM_IDEA_CBC:
1344 case CKM_CDMF_CBC:
1345 case CKM_CAST_CBC:
1346 case CKM_CAST3_CBC:
1347 case CKM_CAST5_CBC:
1348 case CKM_SEED_CBC_PAD:
1349 case CKM_CAMELLIA_CBC_PAD:
1350 case CKM_AES_CBC_PAD:
1351 case CKM_DES_CBC_PAD:
1352 case CKM_DES3_CBC_PAD:
1353 case CKM_IDEA_CBC_PAD:
1354 case CKM_CDMF_CBC_PAD:
1355 case CKM_CAST_CBC_PAD:
1356 case CKM_CAST3_CBC_PAD:
1357 case CKM_CAST5_CBC_PAD:
1358 case CKM_SKIPJACK_CBC64:
1359 case CKM_SKIPJACK_ECB64:
1360 case CKM_SKIPJACK_OFB64:
1361 case CKM_SKIPJACK_CFB64:
1362 case CKM_SKIPJACK_CFB32:
1363 case CKM_SKIPJACK_CFB16:
1364 case CKM_SKIPJACK_CFB8:
1365 case CKM_BATON_ECB128:
1366 case CKM_BATON_ECB96:
1367 case CKM_BATON_CBC128:
1368 case CKM_BATON_COUNTER:
1369 case CKM_BATON_SHUFFLE:
1370 case CKM_JUNIPER_ECB128:
1371 case CKM_JUNIPER_CBC128:
1372 case CKM_JUNIPER_COUNTER:
1373 case CKM_JUNIPER_SHUFFLE:
1374 /* simple cases are simply octet string encoded IVs */
1375 rv = SEC_ASN1DecodeItem(arena, &iv,
1376 SEC_ASN1_GET(SEC_OctetStringTemplate),
1377 &(algid->parameters));
1378 if (rv != SECSuccess || iv.data == NULL) {
1379 goto loser;
1380 }
1381 /* XXX Should be some IV length sanity check here. */
1382 mech->data = (unsigned char *)PORT_Alloc(iv.len);
1383 if (mech->data == NULL) {
1384 goto loser;
1385 }
1386 PORT_Memcpy(mech->data, iv.data, iv.len);
1387 mech->len = iv.len;
1388 break;
1389 }
1390 PORT_FreeArena(arena, PR_FALSE);
1391 return mech;
1392
1393 loser:
1394 if (arena)
1395 PORT_FreeArena(arena, PR_FALSE);
1396 SECITEM_FreeItem(mech, PR_TRUE);
1397 return NULL;
1398 }
1399
1400 /*
1401 * Generate an IV for the given mechanism
1402 */
1403 static SECStatus
pk11_GenIV(CK_MECHANISM_TYPE type,SECItem * iv)1404 pk11_GenIV(CK_MECHANISM_TYPE type, SECItem *iv)
1405 {
1406 int iv_size = PK11_GetIVLength(type);
1407 SECStatus rv;
1408
1409 iv->len = iv_size;
1410 if (iv_size == 0) {
1411 iv->data = NULL;
1412 return SECSuccess;
1413 }
1414
1415 iv->data = (unsigned char *)PORT_Alloc(iv_size);
1416 if (iv->data == NULL) {
1417 iv->len = 0;
1418 return SECFailure;
1419 }
1420
1421 rv = PK11_GenerateRandom(iv->data, iv->len);
1422 if (rv != SECSuccess) {
1423 PORT_Free(iv->data);
1424 iv->data = NULL;
1425 iv->len = 0;
1426 return SECFailure;
1427 }
1428 return SECSuccess;
1429 }
1430
1431 /*
1432 * create a new parameter block from the passed in MECHANISM and the
1433 * key. Use Netscape's S/MIME Rules for the New param block.
1434 */
1435 SECItem *
pk11_GenerateNewParamWithKeyLen(CK_MECHANISM_TYPE type,int keyLen)1436 pk11_GenerateNewParamWithKeyLen(CK_MECHANISM_TYPE type, int keyLen)
1437 {
1438 CK_RC2_CBC_PARAMS *rc2_params;
1439 CK_RC2_PARAMS *rc2_ecb_params;
1440 SECItem *mech;
1441 SECItem iv;
1442 SECStatus rv;
1443
1444 mech = (SECItem *)PORT_Alloc(sizeof(SECItem));
1445 if (mech == NULL)
1446 return NULL;
1447
1448 rv = SECSuccess;
1449 mech->type = siBuffer;
1450 mech->data = NULL;
1451 mech->len = 0;
1452 switch (type) {
1453 case CKM_RC4:
1454 case CKM_SEED_ECB:
1455 case CKM_CAMELLIA_ECB:
1456 case CKM_AES_ECB:
1457 case CKM_DES_ECB:
1458 case CKM_DES3_ECB:
1459 case CKM_IDEA_ECB:
1460 case CKM_CDMF_ECB:
1461 case CKM_CAST_ECB:
1462 case CKM_CAST3_ECB:
1463 case CKM_CAST5_ECB:
1464 break;
1465 case CKM_RC2_ECB:
1466 rc2_ecb_params = (CK_RC2_PARAMS *)PORT_Alloc(sizeof(CK_RC2_PARAMS));
1467 if (rc2_ecb_params == NULL) {
1468 rv = SECFailure;
1469 break;
1470 }
1471 /* NOTE PK11_GetKeyLength can return -1 if the key isn't and RC2, RC5,
1472 * or RC4 key. Of course that wouldn't happen here doing RC2:).*/
1473 *rc2_ecb_params = keyLen ? keyLen * 8 : 128;
1474 mech->data = (unsigned char *)rc2_ecb_params;
1475 mech->len = sizeof(CK_RC2_PARAMS);
1476 break;
1477 case CKM_RC2_CBC:
1478 case CKM_RC2_CBC_PAD:
1479 rv = pk11_GenIV(type, &iv);
1480 if (rv != SECSuccess) {
1481 break;
1482 }
1483 rc2_params = (CK_RC2_CBC_PARAMS *)PORT_Alloc(sizeof(CK_RC2_CBC_PARAMS));
1484 if (rc2_params == NULL) {
1485 PORT_Free(iv.data);
1486 rv = SECFailure;
1487 break;
1488 }
1489 /* NOTE PK11_GetKeyLength can return -1 if the key isn't and RC2, RC5,
1490 * or RC4 key. Of course that wouldn't happen here doing RC2:).*/
1491 rc2_params->ulEffectiveBits = keyLen ? keyLen * 8 : 128;
1492 if (iv.data)
1493 PORT_Memcpy(rc2_params->iv, iv.data, sizeof(rc2_params->iv));
1494 mech->data = (unsigned char *)rc2_params;
1495 mech->len = sizeof(CK_RC2_CBC_PARAMS);
1496 PORT_Free(iv.data);
1497 break;
1498 case CKM_RC5_ECB:
1499 PORT_Free(mech);
1500 return PK11_ParamFromIV(type, NULL);
1501 case CKM_RC5_CBC:
1502 case CKM_RC5_CBC_PAD:
1503 rv = pk11_GenIV(type, &iv);
1504 if (rv != SECSuccess) {
1505 break;
1506 }
1507 PORT_Free(mech);
1508 return PK11_ParamFromIV(type, &iv);
1509 default:
1510 if (pk11_lookup(type)->iv == 0) {
1511 break;
1512 }
1513 case CKM_SEED_CBC:
1514 case CKM_CAMELLIA_CBC:
1515 case CKM_AES_CBC:
1516 case CKM_DES_CBC:
1517 case CKM_DES3_CBC:
1518 case CKM_IDEA_CBC:
1519 case CKM_CDMF_CBC:
1520 case CKM_CAST_CBC:
1521 case CKM_CAST3_CBC:
1522 case CKM_CAST5_CBC:
1523 case CKM_DES_CBC_PAD:
1524 case CKM_DES3_CBC_PAD:
1525 case CKM_IDEA_CBC_PAD:
1526 case CKM_CDMF_CBC_PAD:
1527 case CKM_CAST_CBC_PAD:
1528 case CKM_CAST3_CBC_PAD:
1529 case CKM_CAST5_CBC_PAD:
1530 case CKM_SKIPJACK_CBC64:
1531 case CKM_SKIPJACK_ECB64:
1532 case CKM_SKIPJACK_OFB64:
1533 case CKM_SKIPJACK_CFB64:
1534 case CKM_SKIPJACK_CFB32:
1535 case CKM_SKIPJACK_CFB16:
1536 case CKM_SKIPJACK_CFB8:
1537 case CKM_BATON_ECB128:
1538 case CKM_BATON_ECB96:
1539 case CKM_BATON_CBC128:
1540 case CKM_BATON_COUNTER:
1541 case CKM_BATON_SHUFFLE:
1542 case CKM_JUNIPER_ECB128:
1543 case CKM_JUNIPER_CBC128:
1544 case CKM_JUNIPER_COUNTER:
1545 case CKM_JUNIPER_SHUFFLE:
1546 rv = pk11_GenIV(type, &iv);
1547 if (rv != SECSuccess) {
1548 break;
1549 }
1550 mech->data = (unsigned char *)PORT_Alloc(iv.len);
1551 if (mech->data == NULL) {
1552 PORT_Free(iv.data);
1553 rv = SECFailure;
1554 break;
1555 }
1556 PORT_Memcpy(mech->data, iv.data, iv.len);
1557 mech->len = iv.len;
1558 PORT_Free(iv.data);
1559 break;
1560 }
1561 if (rv != SECSuccess) {
1562 SECITEM_FreeItem(mech, PR_TRUE);
1563 return NULL;
1564 }
1565 return mech;
1566 }
1567
1568 SECItem *
PK11_GenerateNewParam(CK_MECHANISM_TYPE type,PK11SymKey * key)1569 PK11_GenerateNewParam(CK_MECHANISM_TYPE type, PK11SymKey *key)
1570 {
1571 int keyLen = key ? PK11_GetKeyLength(key) : 0;
1572
1573 return pk11_GenerateNewParamWithKeyLen(type, keyLen);
1574 }
1575
1576 #define RC5_V10 0x10
1577
1578 /* turn a PKCS #11 parameter into a DER Encoded Algorithm ID */
1579 SECStatus
PK11_ParamToAlgid(SECOidTag algTag,SECItem * param,PLArenaPool * arena,SECAlgorithmID * algid)1580 PK11_ParamToAlgid(SECOidTag algTag, SECItem *param,
1581 PLArenaPool *arena, SECAlgorithmID *algid)
1582 {
1583 CK_RC2_CBC_PARAMS *rc2_params;
1584 sec_rc2cbcParameter rc2;
1585 CK_RC5_CBC_PARAMS *rc5_params;
1586 sec_rc5cbcParameter rc5;
1587 CK_MECHANISM_TYPE type = PK11_AlgtagToMechanism(algTag);
1588 SECItem *newParams = NULL;
1589 SECStatus rv = SECFailure;
1590 unsigned long rc2version;
1591
1592 switch (type) {
1593 case CKM_RC4:
1594 case CKM_SEED_ECB:
1595 case CKM_CAMELLIA_ECB:
1596 case CKM_AES_ECB:
1597 case CKM_DES_ECB:
1598 case CKM_DES3_ECB:
1599 case CKM_IDEA_ECB:
1600 case CKM_CDMF_ECB:
1601 case CKM_CAST_ECB:
1602 case CKM_CAST3_ECB:
1603 case CKM_CAST5_ECB:
1604 newParams = NULL;
1605 rv = SECSuccess;
1606 break;
1607 case CKM_RC2_ECB:
1608 break;
1609 case CKM_RC2_CBC:
1610 case CKM_RC2_CBC_PAD:
1611 rc2_params = (CK_RC2_CBC_PARAMS *)param->data;
1612 rc2version = rc2_unmap(rc2_params->ulEffectiveBits);
1613 if (SEC_ASN1EncodeUnsignedInteger(NULL, &(rc2.rc2ParameterVersion),
1614 rc2version) == NULL)
1615 break;
1616 rc2.iv.data = rc2_params->iv;
1617 rc2.iv.len = sizeof(rc2_params->iv);
1618 newParams = SEC_ASN1EncodeItem(NULL, NULL, &rc2,
1619 sec_rc2cbc_parameter_template);
1620 PORT_Free(rc2.rc2ParameterVersion.data);
1621 if (newParams == NULL)
1622 break;
1623 rv = SECSuccess;
1624 break;
1625
1626 case CKM_RC5_ECB: /* well not really... */
1627 break;
1628 case CKM_RC5_CBC:
1629 case CKM_RC5_CBC_PAD:
1630 rc5_params = (CK_RC5_CBC_PARAMS *)param->data;
1631 if (SEC_ASN1EncodeUnsignedInteger(NULL, &rc5.version, RC5_V10) == NULL)
1632 break;
1633 if (SEC_ASN1EncodeUnsignedInteger(NULL, &rc5.blockSizeInBits,
1634 rc5_params->ulWordsize * 8) == NULL) {
1635 PORT_Free(rc5.version.data);
1636 break;
1637 }
1638 if (SEC_ASN1EncodeUnsignedInteger(NULL, &rc5.rounds,
1639 rc5_params->ulWordsize * 8) == NULL) {
1640 PORT_Free(rc5.blockSizeInBits.data);
1641 PORT_Free(rc5.version.data);
1642 break;
1643 }
1644 rc5.iv.data = rc5_params->pIv;
1645 rc5.iv.len = rc5_params->ulIvLen;
1646 newParams = SEC_ASN1EncodeItem(NULL, NULL, &rc5,
1647 sec_rc5cbc_parameter_template);
1648 PORT_Free(rc5.version.data);
1649 PORT_Free(rc5.blockSizeInBits.data);
1650 PORT_Free(rc5.rounds.data);
1651 if (newParams == NULL)
1652 break;
1653 rv = SECSuccess;
1654 break;
1655 case CKM_PBE_MD2_DES_CBC:
1656 case CKM_PBE_MD5_DES_CBC:
1657 case CKM_NSS_PBE_SHA1_DES_CBC:
1658 case CKM_NSS_PBE_SHA1_TRIPLE_DES_CBC:
1659 case CKM_NSS_PBE_SHA1_FAULTY_3DES_CBC:
1660 case CKM_NSS_PBE_SHA1_40_BIT_RC2_CBC:
1661 case CKM_NSS_PBE_SHA1_128_BIT_RC2_CBC:
1662 case CKM_NSS_PBE_SHA1_40_BIT_RC4:
1663 case CKM_NSS_PBE_SHA1_128_BIT_RC4:
1664 case CKM_PBE_SHA1_DES3_EDE_CBC:
1665 case CKM_PBE_SHA1_DES2_EDE_CBC:
1666 case CKM_PBE_SHA1_RC2_40_CBC:
1667 case CKM_PBE_SHA1_RC2_128_CBC:
1668 case CKM_PBE_SHA1_RC4_40:
1669 case CKM_PBE_SHA1_RC4_128:
1670 return PBE_PK11ParamToAlgid(algTag, param, arena, algid);
1671 default:
1672 if (pk11_lookup(type)->iv == 0) {
1673 rv = SECSuccess;
1674 newParams = NULL;
1675 break;
1676 }
1677 case CKM_SEED_CBC:
1678 case CKM_CAMELLIA_CBC:
1679 case CKM_AES_CBC:
1680 case CKM_DES_CBC:
1681 case CKM_DES3_CBC:
1682 case CKM_IDEA_CBC:
1683 case CKM_CDMF_CBC:
1684 case CKM_CAST_CBC:
1685 case CKM_CAST3_CBC:
1686 case CKM_CAST5_CBC:
1687 case CKM_DES_CBC_PAD:
1688 case CKM_DES3_CBC_PAD:
1689 case CKM_IDEA_CBC_PAD:
1690 case CKM_CDMF_CBC_PAD:
1691 case CKM_CAST_CBC_PAD:
1692 case CKM_CAST3_CBC_PAD:
1693 case CKM_CAST5_CBC_PAD:
1694 case CKM_SKIPJACK_CBC64:
1695 case CKM_SKIPJACK_ECB64:
1696 case CKM_SKIPJACK_OFB64:
1697 case CKM_SKIPJACK_CFB64:
1698 case CKM_SKIPJACK_CFB32:
1699 case CKM_SKIPJACK_CFB16:
1700 case CKM_SKIPJACK_CFB8:
1701 case CKM_BATON_ECB128:
1702 case CKM_BATON_ECB96:
1703 case CKM_BATON_CBC128:
1704 case CKM_BATON_COUNTER:
1705 case CKM_BATON_SHUFFLE:
1706 case CKM_JUNIPER_ECB128:
1707 case CKM_JUNIPER_CBC128:
1708 case CKM_JUNIPER_COUNTER:
1709 case CKM_JUNIPER_SHUFFLE:
1710 newParams = SEC_ASN1EncodeItem(NULL, NULL, param,
1711 SEC_ASN1_GET(SEC_OctetStringTemplate));
1712 if (newParams == NULL)
1713 break;
1714 rv = SECSuccess;
1715 break;
1716 }
1717
1718 if (rv != SECSuccess) {
1719 if (newParams)
1720 SECITEM_FreeItem(newParams, PR_TRUE);
1721 return rv;
1722 }
1723
1724 rv = SECOID_SetAlgorithmID(arena, algid, algTag, newParams);
1725 SECITEM_FreeItem(newParams, PR_TRUE);
1726 return rv;
1727 }
1728
1729 /* turn an OID algorithm tag into a PKCS #11 mechanism. This allows us to
1730 * map OID's directly into the PKCS #11 mechanism we want to call. We find
1731 * this mapping in our standard OID table */
1732 CK_MECHANISM_TYPE
PK11_AlgtagToMechanism(SECOidTag algTag)1733 PK11_AlgtagToMechanism(SECOidTag algTag)
1734 {
1735 SECOidData *oid = SECOID_FindOIDByTag(algTag);
1736
1737 if (oid)
1738 return (CK_MECHANISM_TYPE)oid->mechanism;
1739 return CKM_INVALID_MECHANISM;
1740 }
1741
1742 /* turn a mechanism into an oid. */
1743 SECOidTag
PK11_MechanismToAlgtag(CK_MECHANISM_TYPE type)1744 PK11_MechanismToAlgtag(CK_MECHANISM_TYPE type)
1745 {
1746 SECOidData *oid = SECOID_FindOIDByMechanism((unsigned long)type);
1747
1748 if (oid)
1749 return oid->offset;
1750 return SEC_OID_UNKNOWN;
1751 }
1752
1753 /* Determine appropriate blocking mechanism, used when wrapping private keys
1754 * which require PKCS padding. If the mechanism does not map to a padding
1755 * mechanism, we simply return the mechanism.
1756 */
1757 CK_MECHANISM_TYPE
PK11_GetPadMechanism(CK_MECHANISM_TYPE type)1758 PK11_GetPadMechanism(CK_MECHANISM_TYPE type)
1759 {
1760 switch (type) {
1761 case CKM_SEED_CBC:
1762 return CKM_SEED_CBC_PAD;
1763 case CKM_CAMELLIA_CBC:
1764 return CKM_CAMELLIA_CBC_PAD;
1765 case CKM_AES_CBC:
1766 return CKM_AES_CBC_PAD;
1767 case CKM_DES_CBC:
1768 return CKM_DES_CBC_PAD;
1769 case CKM_DES3_CBC:
1770 return CKM_DES3_CBC_PAD;
1771 case CKM_RC2_CBC:
1772 return CKM_RC2_CBC_PAD;
1773 case CKM_CDMF_CBC:
1774 return CKM_CDMF_CBC_PAD;
1775 case CKM_CAST_CBC:
1776 return CKM_CAST_CBC_PAD;
1777 case CKM_CAST3_CBC:
1778 return CKM_CAST3_CBC_PAD;
1779 case CKM_CAST5_CBC:
1780 return CKM_CAST5_CBC_PAD;
1781 case CKM_RC5_CBC:
1782 return CKM_RC5_CBC_PAD;
1783 case CKM_IDEA_CBC:
1784 return CKM_IDEA_CBC_PAD;
1785 default:
1786 break;
1787 }
1788
1789 return type;
1790 }
1791
1792 static PRBool
pk11_isAllZero(unsigned char * data,int len)1793 pk11_isAllZero(unsigned char *data, int len)
1794 {
1795 while (len--) {
1796 if (*data++) {
1797 return PR_FALSE;
1798 }
1799 }
1800 return PR_TRUE;
1801 }
1802
1803 CK_RV
PK11_MapPBEMechanismToCryptoMechanism(CK_MECHANISM_PTR pPBEMechanism,CK_MECHANISM_PTR pCryptoMechanism,SECItem * pbe_pwd,PRBool faulty3DES)1804 PK11_MapPBEMechanismToCryptoMechanism(CK_MECHANISM_PTR pPBEMechanism,
1805 CK_MECHANISM_PTR pCryptoMechanism,
1806 SECItem *pbe_pwd, PRBool faulty3DES)
1807 {
1808 int iv_len = 0;
1809 CK_PBE_PARAMS_PTR pPBEparams;
1810 CK_RC2_CBC_PARAMS_PTR rc2_params;
1811 CK_ULONG rc2_key_len;
1812
1813 if ((pPBEMechanism == CK_NULL_PTR) || (pCryptoMechanism == CK_NULL_PTR)) {
1814 return CKR_HOST_MEMORY;
1815 }
1816
1817 /* pkcs5 v2 cannot be supported by this interface.
1818 * use PK11_GetPBECryptoMechanism instead.
1819 */
1820 if ((pPBEMechanism->mechanism == CKM_INVALID_MECHANISM) ||
1821 (pPBEMechanism->mechanism == CKM_PKCS5_PBKD2)) {
1822 return CKR_MECHANISM_INVALID;
1823 }
1824
1825 pPBEparams = (CK_PBE_PARAMS_PTR)pPBEMechanism->pParameter;
1826 iv_len = PK11_GetIVLength(pPBEMechanism->mechanism);
1827
1828 if (iv_len) {
1829 if (pk11_isAllZero(pPBEparams->pInitVector, iv_len)) {
1830 SECItem param;
1831 PK11SymKey *symKey;
1832 PK11SlotInfo *intSlot = PK11_GetInternalSlot();
1833
1834 if (intSlot == NULL) {
1835 return CKR_DEVICE_ERROR;
1836 }
1837
1838 param.data = pPBEMechanism->pParameter;
1839 param.len = pPBEMechanism->ulParameterLen;
1840
1841 symKey = PK11_RawPBEKeyGen(intSlot,
1842 pPBEMechanism->mechanism, ¶m, pbe_pwd, faulty3DES, NULL);
1843 PK11_FreeSlot(intSlot);
1844 if (symKey == NULL) {
1845 return CKR_DEVICE_ERROR; /* sigh */
1846 }
1847 PK11_FreeSymKey(symKey);
1848 }
1849 }
1850
1851 switch (pPBEMechanism->mechanism) {
1852 case CKM_PBE_MD2_DES_CBC:
1853 case CKM_PBE_MD5_DES_CBC:
1854 case CKM_NSS_PBE_SHA1_DES_CBC:
1855 pCryptoMechanism->mechanism = CKM_DES_CBC;
1856 goto have_crypto_mechanism;
1857 case CKM_NSS_PBE_SHA1_TRIPLE_DES_CBC:
1858 case CKM_NSS_PBE_SHA1_FAULTY_3DES_CBC:
1859 case CKM_PBE_SHA1_DES3_EDE_CBC:
1860 case CKM_PBE_SHA1_DES2_EDE_CBC:
1861 pCryptoMechanism->mechanism = CKM_DES3_CBC;
1862 have_crypto_mechanism:
1863 pCryptoMechanism->pParameter = PORT_Alloc(iv_len);
1864 pCryptoMechanism->ulParameterLen = (CK_ULONG)iv_len;
1865 if (pCryptoMechanism->pParameter == NULL) {
1866 return CKR_HOST_MEMORY;
1867 }
1868 PORT_Memcpy((unsigned char *)(pCryptoMechanism->pParameter),
1869 (unsigned char *)(pPBEparams->pInitVector),
1870 iv_len);
1871 break;
1872 case CKM_NSS_PBE_SHA1_40_BIT_RC4:
1873 case CKM_NSS_PBE_SHA1_128_BIT_RC4:
1874 case CKM_PBE_SHA1_RC4_40:
1875 case CKM_PBE_SHA1_RC4_128:
1876 pCryptoMechanism->mechanism = CKM_RC4;
1877 pCryptoMechanism->ulParameterLen = 0;
1878 pCryptoMechanism->pParameter = CK_NULL_PTR;
1879 break;
1880 case CKM_NSS_PBE_SHA1_40_BIT_RC2_CBC:
1881 case CKM_PBE_SHA1_RC2_40_CBC:
1882 rc2_key_len = 40;
1883 goto have_key_len;
1884 case CKM_NSS_PBE_SHA1_128_BIT_RC2_CBC:
1885 rc2_key_len = 128;
1886 have_key_len:
1887 pCryptoMechanism->mechanism = CKM_RC2_CBC;
1888 pCryptoMechanism->ulParameterLen = (CK_ULONG)sizeof(CK_RC2_CBC_PARAMS);
1889 pCryptoMechanism->pParameter = (CK_RC2_CBC_PARAMS_PTR)
1890 PORT_ZAlloc(sizeof(CK_RC2_CBC_PARAMS));
1891 if (pCryptoMechanism->pParameter == NULL) {
1892 return CKR_HOST_MEMORY;
1893 }
1894 rc2_params = (CK_RC2_CBC_PARAMS_PTR)pCryptoMechanism->pParameter;
1895 PORT_Memcpy((unsigned char *)rc2_params->iv,
1896 (unsigned char *)pPBEparams->pInitVector,
1897 iv_len);
1898 rc2_params->ulEffectiveBits = rc2_key_len;
1899 break;
1900 default:
1901 return CKR_MECHANISM_INVALID;
1902 }
1903
1904 return CKR_OK;
1905 }
1906
1907 /* Make a Key type to an appropriate signing/verification mechanism */
1908 CK_MECHANISM_TYPE
PK11_MapSignKeyType(KeyType keyType)1909 PK11_MapSignKeyType(KeyType keyType)
1910 {
1911 switch (keyType) {
1912 case rsaKey:
1913 return CKM_RSA_PKCS;
1914 case fortezzaKey:
1915 case dsaKey:
1916 return CKM_DSA;
1917 case ecKey:
1918 return CKM_ECDSA;
1919 case dhKey:
1920 default:
1921 break;
1922 }
1923 return CKM_INVALID_MECHANISM;
1924 }
1925
1926 CK_MECHANISM_TYPE
pk11_mapWrapKeyType(KeyType keyType)1927 pk11_mapWrapKeyType(KeyType keyType)
1928 {
1929 switch (keyType) {
1930 case rsaKey:
1931 return CKM_RSA_PKCS;
1932 /* Add fortezza?? */
1933 default:
1934 break;
1935 }
1936 return CKM_INVALID_MECHANISM;
1937 }
1938
1939 SECOidTag
PK11_FortezzaMapSig(SECOidTag algTag)1940 PK11_FortezzaMapSig(SECOidTag algTag)
1941 {
1942 switch (algTag) {
1943 case SEC_OID_MISSI_KEA_DSS:
1944 case SEC_OID_MISSI_DSS:
1945 case SEC_OID_MISSI_DSS_OLD:
1946 case SEC_OID_MISSI_KEA_DSS_OLD:
1947 case SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST:
1948 return SEC_OID_ANSIX9_DSA_SIGNATURE;
1949 default:
1950 break;
1951 }
1952 return algTag;
1953 }
1954