nsresult
U2FSoftTokenManager::GetOrCreateWrappingKey(const UniquePK11SlotInfo& aSlot,
const nsNSSShutDownPreventionLock& locker)
{
MOZ_ASSERT(aSlot);
if (NS_WARN_IF(!aSlot)) {
return NS_ERROR_INVALID_ARG;
}
// Search for an existing wrapping key. If we find it,
// store it for later and mark ourselves initialized.
mWrappingKey = GetSymKeyByNickname(aSlot, mSecretNickname, locker);
if (mWrappingKey) {
MOZ_LOG(gNSSTokenLog, LogLevel::Debug, ("U2F Soft Token Key found."));
mInitialized = true;
return NS_OK;
}
MOZ_LOG(gNSSTokenLog, LogLevel::Info,
("No keys found. Generating new U2F Soft Token wrapping key."));
// We did not find an existing wrapping key, so we generate one in the
// persistent database (e.g, Token).
mWrappingKey = UniquePK11SymKey(
PK11_TokenKeyGenWithFlags(aSlot.get(), CKM_AES_KEY_GEN,
/* default params */ nullptr,
kWrappingKeyByteLen,
/* empty keyid */ nullptr,
/* flags */ CKF_WRAP | CKF_UNWRAP,
/* attributes */ PK11_ATTR_TOKEN |
PK11_ATTR_PRIVATE,
/* wincx */ nullptr));
if (NS_WARN_IF(!mWrappingKey)) {
MOZ_LOG(gNSSTokenLog, LogLevel::Warning,
("Failed to store wrapping key, NSS error #%d", PORT_GetError()));
return NS_ERROR_FAILURE;
}
SECStatus srv = PK11_SetSymKeyNickname(mWrappingKey.get(),
mSecretNickname.get());
if (NS_WARN_IF(srv != SECSuccess)) {
MOZ_LOG(gNSSTokenLog, LogLevel::Warning,
("Failed to set nickname, NSS error #%d", PORT_GetError()));
return NS_ERROR_FAILURE;
}
MOZ_LOG(gNSSTokenLog, LogLevel::Debug,
("Key stored, nickname set to %s.", mSecretNickname.get()));
AbstractThread::MainThread()->Dispatch(NS_NewRunnableFunction(
[] () {
MOZ_ASSERT(NS_IsMainThread());
Preferences::SetUint(PREF_U2F_NSSTOKEN_COUNTER, 0);
}));
return NS_OK;
}
/*
* CreatePk11PinStore
*/
int
CreatePk11PinStore(Pk11PinStore **out, const char *tokenName, const char *pin)
{
int err = PIN_SUCCESS;
Pk11PinStore *store;
do {
store = (Pk11PinStore*)malloc(sizeof(Pk11PinStore));
if (store == 0) { err = PIN_NOMEMORY; break; }
/* Low-level init */
store->key = 0;
store->params = 0;
store->crypt = 0;
/* Use the tokenName to find a PKCS11 slot */
store->slot = PK11_FindSlotByName((char *)tokenName);
if (store->slot == 0) { err = PIN_NOSUCHTOKEN; break; }
/* Check the password/PIN. This allows access to the token */
{
SECStatus rv = PK11_CheckUserPassword(store->slot, (char *)pin);
if (rv == SECSuccess)
;
else if (rv == SECWouldBlock)
{
/* NSS returns a blocking error when the pin is wrong */
err = PIN_INCORRECTPW;
break;
}
else
{
err = PIN_SYSTEMERROR;
break;
}
}
/* Find the mechanism that this token can do */
{
const mech_item *tp;
store->mech = 0;
for(tp = table;tp < &table[MECH_TABLE_SIZE];tp++)
{
if (PK11_DoesMechanism(store->slot, tp->type))
{
store->mech = (mech_item *)tp;
break;
}
}
/* Default to a mechanism (probably on the internal token */
if (store->mech == 0) {
store->mech = &dflt_mech;
}
}
/* Generate a key and parameters to do the encryption */
#if NSS_VMAJOR >= 3 && (NSS_VMINOR <= 9 || (NSS_VMINOR <= 10 && NSS_VPATCH == 0))
store->key = PK11_KeyGen(store->slot, store->mech->type,
0, 0, 0);
#else
store->key = PK11_TokenKeyGenWithFlags(store->slot, store->mech->type,
NULL, 0, NULL, CKF_ENCRYPT|CKF_DECRYPT, PR_FALSE, NULL);
#endif
if (store->key == 0)
{
/* PR_SetError(xxx); */
err = PIN_SYSTEMERROR;
break;
}
store->params = PK11_GenerateNewParam(store->mech->type, store->key);
if (store->params == 0)
{
err = PIN_SYSTEMERROR;
break;
}
/* Compute the size of the encrypted data including necessary padding */
{
int blocksize = PK11_GetBlockSize(store->mech->type, 0);
store->length = strlen(pin)+1;
/* Compute padded size - 0 means stream cipher */
if (blocksize != 0)
{
store->length += blocksize - (store->length % blocksize);
}
store->crypt = (unsigned char *)malloc(store->length);
if (!store->crypt) { err = PIN_NOMEMORY; break; }
}
/* Encrypt */
{
unsigned char *plain;
PK11Context *ctx;
SECStatus rv;
int outLen;
plain = (unsigned char *)malloc(store->length);
if (!plain) { err = PIN_NOMEMORY; break; }
/* Pad with 0 bytes */
memset(plain, 0, store->length);
strcpy((char *)plain, pin);
ctx = PK11_CreateContextBySymKey(store->mech->type, CKA_ENCRYPT,
store->key, store->params);
if (!ctx) { err = PIN_SYSTEMERROR; break; }
do {
rv = PK11_CipherOp(ctx, store->crypt, &outLen, store->length,
plain, store->length);
if (rv) break;
rv = PK11_Finalize(ctx);
} while(0);
PK11_DestroyContext(ctx, PR_TRUE);
memset(plain, 0, store->length);
free(plain);
if (rv) err = PIN_SYSTEMERROR;
}
} while(0);
if (err)
{
DestroyPk11PinStore(store);
store = 0;
}
*out = store;
return err;
}
/*
* SVRCORE_CreatePk11PinStore
*/
SVRCOREError
SVRCORE_CreatePk11PinStore(
SVRCOREPk11PinStore **out,
const char *tokenName, const char *pin)
{
SVRCOREError err;
SVRCOREPk11PinStore *store;
do {
err = SVRCORE_Success;
store = (SVRCOREPk11PinStore*)malloc(sizeof *store);
if (store == 0) { err = SVRCORE_NoMemory_Error; break; }
/* Low-level init */
store->slot = 0;
store->key = 0;
store->params = 0;
store->crypt = 0;
/* Use the tokenName to find a PKCS11 slot */
store->slot = PK11_FindSlotByName((char *)tokenName);
if (store->slot == 0) { err = SVRCORE_NoSuchToken_Error; break; }
/* Check the password/PIN. This allows access to the token */
{
SECStatus rv = PK11_CheckUserPassword(store->slot, (char *)pin);
if (rv == SECSuccess)
;
else if (rv == SECWouldBlock)
{
err = SVRCORE_IncorrectPassword_Error;
break;
}
else
{
err = SVRCORE_System_Error;
break;
}
}
/* Find the mechanism that this token can do */
{
const mech_item *tp;
store->mech = 0;
for(tp = table;tp < &table[MECH_TABLE_SIZE];tp++)
{
if (PK11_DoesMechanism(store->slot, tp->type))
{
store->mech = tp;
break;
}
}
/* Default to a mechanism (probably on the internal token */
if (store->mech == 0)
store->mech = &dflt_mech;
}
/* Generate a key and parameters to do the encryption */
store->key = PK11_TokenKeyGenWithFlags(store->slot, store->mech->type,
0, 0, 0, CKF_ENCRYPT|CKF_DECRYPT,
0, 0);
if (store->key == 0)
{
/* PR_SetError(xxx); */
err = SVRCORE_System_Error;
break;
}
store->params = PK11_GenerateNewParam(store->mech->type, store->key);
if (store->params == 0)
{
err = SVRCORE_System_Error;
break;
}
/* Compute the size of the encrypted data including necessary padding */
{
int blocksize = PK11_GetBlockSize(store->mech->type, 0);
store->length = strlen(pin)+1;
/* Compute padded size - 0 means stream cipher */
if (blocksize != 0)
{
store->length += blocksize - (store->length % blocksize);
}
store->crypt = (unsigned char *)malloc(store->length);
if (!store->crypt) { err = SVRCORE_NoMemory_Error; break; }
}
/* Encrypt */
{
unsigned char *plain;
PK11Context *ctx;
SECStatus rv;
int outLen;
plain = (unsigned char *)malloc(store->length);
if (!plain) { err = SVRCORE_NoMemory_Error; break; }
/* Pad with 0 bytes */
memset(plain, 0, store->length);
strcpy((char *)plain, pin);
ctx = PK11_CreateContextBySymKey(store->mech->type, CKA_ENCRYPT,
store->key, store->params);
if (!ctx) { err = SVRCORE_System_Error; break; }
do {
rv = PK11_CipherOp(ctx, store->crypt, &outLen, store->length,
plain, store->length);
if (rv) break;
rv = PK11_Finalize(ctx);
} while(0);
PK11_DestroyContext(ctx, PR_TRUE);
memset(plain, 0, store->length);
free(plain);
if (rv) err = SVRCORE_System_Error;
}
} while(0);
if (err)
{
SVRCORE_DestroyPk11PinStore(store);
store = 0;
}
*out = store;
return err;
}
