static SECStatus crmf_copy_bitstring (PLArenaPool *poolp, SECItem *dest, const SECItem *src) { SECStatus rv; SECItem byteSrc; byteSrc = *src; byteSrc.len = CRMF_BITS_TO_BYTES(byteSrc.len); rv = crmf_copy_secitem(poolp, dest, &byteSrc); dest->len = src->len; return rv; }
SECStatus crmf_encrypted_value_unwrap_priv_key(PLArenaPool *poolp, CRMFEncryptedValue *encValue, SECKEYPrivateKey *privKey, SECKEYPublicKey *newPubKey, SECItem *nickname, PK11SlotInfo *slot, unsigned char keyUsage, SECKEYPrivateKey **unWrappedKey, void *wincx) { PK11SymKey *wrappingKey = NULL; CK_MECHANISM_TYPE wrapMechType; SECOidTag oidTag; SECItem *params = NULL, *publicValue = NULL; int keySize, origLen; CK_KEY_TYPE keyType; CK_ATTRIBUTE_TYPE *usage = NULL; CK_ATTRIBUTE_TYPE rsaUsage[] = { CKA_UNWRAP, CKA_DECRYPT, CKA_SIGN, CKA_SIGN_RECOVER }; CK_ATTRIBUTE_TYPE dsaUsage[] = { CKA_SIGN }; CK_ATTRIBUTE_TYPE dhUsage[] = { CKA_DERIVE }; int usageCount = 0; oidTag = SECOID_GetAlgorithmTag(encValue->symmAlg); wrapMechType = crmf_get_pad_mech_from_tag(oidTag); keySize = crmf_get_key_size_from_mech(wrapMechType); wrappingKey = PK11_PubUnwrapSymKey(privKey, &encValue->encSymmKey, wrapMechType, CKA_UNWRAP, keySize); if (wrappingKey == NULL) { goto loser; } /* Make the length a byte length instead of bit length*/ params = (encValue->symmAlg != NULL) ? crmf_decode_params(&encValue->symmAlg->parameters) : NULL; origLen = encValue->encValue.len; encValue->encValue.len = CRMF_BITS_TO_BYTES(origLen); publicValue = crmf_get_public_value(newPubKey, NULL); switch (newPubKey->keyType) { default: case rsaKey: keyType = CKK_RSA; switch (keyUsage & (KU_KEY_ENCIPHERMENT | KU_DIGITAL_SIGNATURE)) { case KU_KEY_ENCIPHERMENT: usage = rsaUsage; usageCount = 2; break; case KU_DIGITAL_SIGNATURE: usage = &rsaUsage[2]; usageCount = 2; break; case KU_KEY_ENCIPHERMENT | KU_DIGITAL_SIGNATURE: case 0: /* default to everything */ usage = rsaUsage; usageCount = 4; break; } break; case dhKey: keyType = CKK_DH; usage = dhUsage; usageCount = sizeof(dhUsage) / sizeof(dhUsage[0]); break; case dsaKey: keyType = CKK_DSA; usage = dsaUsage; usageCount = sizeof(dsaUsage) / sizeof(dsaUsage[0]); break; } PORT_Assert(usage != NULL); PORT_Assert(usageCount != 0); *unWrappedKey = PK11_UnwrapPrivKey(slot, wrappingKey, wrapMechType, params, &encValue->encValue, nickname, publicValue, PR_TRUE, PR_TRUE, keyType, usage, usageCount, wincx); encValue->encValue.len = origLen; if (*unWrappedKey == NULL) { goto loser; } SECITEM_FreeItem(publicValue, PR_TRUE); if (params != NULL) { SECITEM_FreeItem(params, PR_TRUE); } PK11_FreeSymKey(wrappingKey); return SECSuccess; loser: *unWrappedKey = NULL; return SECFailure; }