static sftk_MACConstantTimeCtx * SetupMAC(CK_MECHANISM_PTR mech, SFTKObject *key) { CK_NSS_MAC_CONSTANT_TIME_PARAMS *params = (CK_NSS_MAC_CONSTANT_TIME_PARAMS *) mech->pParameter; sftk_MACConstantTimeCtx *ctx; HASH_HashType alg; SFTKAttribute *keyval; unsigned char secret[sizeof(ctx->secret)]; unsigned int secretLength; if (mech->ulParameterLen != sizeof(CK_NSS_MAC_CONSTANT_TIME_PARAMS)) { return NULL; } alg = MACMechanismToHash(params->macAlg); if (alg == HASH_AlgNULL) { return NULL; } keyval = sftk_FindAttribute(key,CKA_VALUE); if (keyval == NULL) { return NULL; } secretLength = keyval->attrib.ulValueLen; if (secretLength > sizeof(secret)) { sftk_FreeAttribute(keyval); return NULL; } memcpy(secret, keyval->attrib.pValue, secretLength); sftk_FreeAttribute(keyval); ctx = PORT_Alloc(sizeof(sftk_MACConstantTimeCtx)); if (!ctx) { return NULL; } memcpy(ctx->secret, secret, secretLength); ctx->secretLength = secretLength; ctx->hash = HASH_GetRawHashObject(alg); ctx->totalLength = params->ulBodyTotalLen; return ctx; }
/* If the template has the key type set, ensure that it was set to the correct * value. If the template did not have the key type set, set it to the * correct value. */ static CK_RV jpake_enforceKeyType(SFTKObject * key, CK_KEY_TYPE keyType) { CK_RV crv; SFTKAttribute * keyTypeAttr = sftk_FindAttribute(key, CKA_KEY_TYPE); if (keyTypeAttr != NULL) { crv = *(CK_KEY_TYPE *)keyTypeAttr->attrib.pValue == keyType ? CKR_OK : CKR_TEMPLATE_INCONSISTENT; sftk_FreeAttribute(keyTypeAttr); } else { crv = sftk_forceAttribute(key, CKA_KEY_TYPE, &keyType, sizeof keyType); } return crv; }
CK_RV sftk_TLSPRFInit(SFTKSessionContext *context, SFTKObject * key, CK_KEY_TYPE key_type) { SFTKAttribute * keyVal; TLSPRFContext * prf_cx; CK_RV crv = CKR_HOST_MEMORY; PRUint32 keySize; PRUint32 blockSize; if (key_type != CKK_GENERIC_SECRET) return CKR_KEY_TYPE_INCONSISTENT; /* CKR_KEY_FUNCTION_NOT_PERMITTED */ context->multi = PR_TRUE; keyVal = sftk_FindAttribute(key, CKA_VALUE); keySize = (!keyVal) ? 0 : keyVal->attrib.ulValueLen; blockSize = keySize + sizeof(TLSPRFContext); prf_cx = (TLSPRFContext *)PORT_Alloc(blockSize); if (!prf_cx) goto done; prf_cx->cxSize = blockSize; prf_cx->cxKeyLen = keySize; prf_cx->cxDataLen = 0; prf_cx->cxBufSize = blockSize - SFTK_OFFSETOF(TLSPRFContext, cxBuf); prf_cx->cxRv = SECSuccess; prf_cx->cxIsFIPS = (key->slot->slotID == FIPS_SLOT_ID); prf_cx->cxBufPtr = prf_cx->cxBuf; if (keySize) PORT_Memcpy(prf_cx->cxBufPtr, keyVal->attrib.pValue, keySize); context->hashInfo = (void *) prf_cx; context->cipherInfo = (void *) prf_cx; context->hashUpdate = (SFTKHash) sftk_TLSPRFHashUpdate; context->end = (SFTKEnd) sftk_TLSPRFEnd; context->update = (SFTKCipher) sftk_TLSPRFUpdate; context->verify = (SFTKVerify) sftk_TLSPRFVerify; context->destroy = (SFTKDestroy) sftk_TLSPRFNull; context->hashdestroy = (SFTKDestroy) sftk_TLSPRFHashDestroy; crv = CKR_OK; done: if (keyVal) sftk_FreeAttribute(keyVal); return crv; }