PK11SymKey * NSS_CMSContentInfo_GetBulkKey(NSSCMSContentInfo *cinfo) { if (cinfo == NULL || cinfo->bulkkey == NULL) { return NULL; } return PK11_ReferenceSymKey(cinfo->bulkkey); }
void NSS_CMSContentInfo_SetBulkKey(NSSCMSContentInfo *cinfo, PK11SymKey *bulkkey) { if (cinfo == NULL) { return; } if (bulkkey == NULL) { cinfo->bulkkey = NULL; cinfo->keysize = 0; } else { cinfo->bulkkey = PK11_ReferenceSymKey(bulkkey); cinfo->keysize = PK11_GetKeyStrength(cinfo->bulkkey, &(cinfo->contentEncAlg)); } }
/* * Create a context from a key. We really should make sure we aren't using * the same key in multiple session! */ PK11Context * PK11_CreateContextBySymKey(CK_MECHANISM_TYPE type, CK_ATTRIBUTE_TYPE operation, PK11SymKey *symKey, SECItem *param) { PK11SymKey *newKey; PK11Context *context; /* if this slot doesn't support the mechanism, go to a slot that does */ newKey = pk11_ForceSlot(symKey, type, operation); if (newKey == NULL) { PK11_ReferenceSymKey(symKey); } else { symKey = newKey; } /* Context Adopts the symKey.... */ context = pk11_CreateNewContextInSlot(type, symKey->slot, operation, symKey, param); PK11_FreeSymKey(symKey); return context; }
/* * Digest a key if possible./ */ SECStatus PK11_DigestKey(PK11Context *context, PK11SymKey *key) { CK_RV crv = CKR_OK; SECStatus rv = SECSuccess; PK11SymKey *newKey = NULL; if (!context || !key) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } /* if we ran out of session, we need to restore our previously stored * state. */ if (context->slot != key->slot) { newKey = pk11_CopyToSlot(context->slot,CKM_SSL3_SHA1_MAC,CKA_SIGN,key); } else { newKey = PK11_ReferenceSymKey(key); } context->init = PR_FALSE; PK11_EnterContextMonitor(context); if (!context->ownSession) { rv = pk11_restoreContext(context,context->savedData, context->savedLength); if (rv != SECSuccess) { PK11_ExitContextMonitor(context); PK11_FreeSymKey(newKey); return rv; } } if (newKey == NULL) { crv = CKR_KEY_TYPE_INCONSISTENT; if (key->data.data) { crv=PK11_GETTAB(context->slot)->C_DigestUpdate(context->session, key->data.data,key->data.len); } } else { crv=PK11_GETTAB(context->slot)->C_DigestKey(context->session, newKey->objectID); } if (crv != CKR_OK) { PORT_SetError( PK11_MapError(crv) ); rv = SECFailure; } /* * handle session starvation case.. use our last session to multiplex */ if (!context->ownSession) { context->savedData = pk11_saveContext(context,context->savedData, &context->savedLength); if (context->savedData == NULL) rv = SECFailure; /* clear out out session for others to use */ pk11_Finalize(context); } PK11_ExitContextMonitor(context); if (newKey) PK11_FreeSymKey(newKey); return rv; }
/* * Common Helper Function do come up with a new context. */ static PK11Context *pk11_CreateNewContextInSlot(CK_MECHANISM_TYPE type, PK11SlotInfo *slot, CK_ATTRIBUTE_TYPE operation, PK11SymKey *symKey, SECItem *param) { CK_MECHANISM mech_info; PK11Context *context; SECStatus rv; PORT_Assert(slot != NULL); if (!slot || (!symKey && operation != CKA_DIGEST)) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return NULL; } context = (PK11Context *) PORT_Alloc(sizeof(PK11Context)); if (context == NULL) { return NULL; } /* now deal with the fortezza hack... the fortezza hack is an attempt * to get around the issue of the card not allowing you to do a FORTEZZA * LoadIV/Encrypt, which was added because such a combination could be * use to circumvent the key escrow system. Unfortunately SSL needs to * do this kind of operation, so in SSL we do a loadIV (to verify it), * Then GenerateIV, and through away the first 8 bytes on either side * of the connection.*/ context->fortezzaHack = PR_FALSE; if (type == CKM_SKIPJACK_CBC64) { if (symKey->origin == PK11_OriginFortezzaHack) { context->fortezzaHack = PR_TRUE; } } /* initialize the critical fields of the context */ context->operation = operation; context->key = symKey ? PK11_ReferenceSymKey(symKey) : NULL; context->slot = PK11_ReferenceSlot(slot); context->session = pk11_GetNewSession(slot,&context->ownSession); context->cx = symKey ? symKey->cx : NULL; /* get our session */ context->savedData = NULL; /* save the parameters so that some digesting stuff can do multiple * begins on a single context */ context->type = type; if (param) { if (param->len > 0) { context->param = SECITEM_DupItem(param); } else { context->param = (SECItem *)&pk11_null_params; } } else { context->param = NULL; } context->init = PR_FALSE; context->sessionLock = PZ_NewLock(nssILockPK11cxt); if ((context->param == NULL) || (context->sessionLock == NULL)) { PK11_DestroyContext(context,PR_TRUE); return NULL; } mech_info.mechanism = type; mech_info.pParameter = param->data; mech_info.ulParameterLen = param->len; PK11_EnterContextMonitor(context); rv = pk11_context_init(context,&mech_info); PK11_ExitContextMonitor(context); if (rv != SECSuccess) { PK11_DestroyContext(context,PR_TRUE); return NULL; } context->init = PR_TRUE; return context; }