SHA1Context *
SHA1_NewContext(void)
{
SHA1Context *cx;
/* no need to ZNew, SHA1_Begin will init the context */
cx = PORT_New(SHA1Context);
return cx;
}
ChaCha20Poly1305Context *
ChaCha20Poly1305_CreateContext(const unsigned char *key, unsigned int keyLen,
unsigned int tagLen)
{
ChaCha20Poly1305Context *ctx;
ctx = PORT_New(ChaCha20Poly1305Context);
if (ctx == NULL) {
return NULL;
}
if (ChaCha20Poly1305_InitContext(ctx, key, keyLen, tagLen) != SECSuccess) {
PORT_Free(ctx);
ctx = NULL;
}
return ctx;
}
SHA3Context *
SHA3_NewContext(void)
{
SHA3Context *ctx = PORT_New(SHA3Context);
return ctx;
}
AESKeyWrapContext *
AESKeyWrap_AllocateContext(void)
{
AESKeyWrapContext * cx = PORT_New(AESKeyWrapContext);
return cx;
}
/*
* pk11_getKeyFromList returns a symKey that has a session (if needSession
* was specified), or explicitly does not have a session (if needSession
* was not specified).
*/
static PK11SymKey *
pk11_getKeyFromList(PK11SlotInfo *slot, PRBool needSession) {
PK11SymKey *symKey = NULL;
PZ_Lock(slot->freeListLock);
/* own session list are symkeys with sessions that the symkey owns.
* 'most' symkeys will own their own session. */
if (needSession) {
if (slot->freeSymKeysWithSessionHead) {
symKey = slot->freeSymKeysWithSessionHead;
slot->freeSymKeysWithSessionHead = symKey->next;
slot->keyCount--;
}
}
/* if we don't need a symkey with its own session, or we couldn't find
* one on the owner list, get one from the non-owner free list. */
if (!symKey) {
if (slot->freeSymKeysHead) {
symKey = slot->freeSymKeysHead;
slot->freeSymKeysHead = symKey->next;
slot->keyCount--;
}
}
PZ_Unlock(slot->freeListLock);
if (symKey) {
symKey->next = NULL;
if (!needSession) {
return symKey;
}
/* if we are getting an owner key, make sure we have a valid session.
* session could be invalid if the token has been removed or because
* we got it from the non-owner free list */
if ((symKey->series != slot->series) ||
(symKey->session == CK_INVALID_SESSION)) {
symKey->session = pk11_GetNewSession(slot, &symKey->sessionOwner);
}
PORT_Assert(symKey->session != CK_INVALID_SESSION);
if (symKey->session != CK_INVALID_SESSION)
return symKey;
PK11_FreeSymKey(symKey);
/* if we are here, we need a session, but couldn't get one, it's
* unlikely we pk11_GetNewSession will succeed if we call it a second
* time. */
return NULL;
}
symKey = PORT_New(PK11SymKey);
if (symKey == NULL) {
return NULL;
}
symKey->next = NULL;
if (needSession) {
symKey->session = pk11_GetNewSession(slot,&symKey->sessionOwner);
PORT_Assert(symKey->session != CK_INVALID_SESSION);
if (symKey->session == CK_INVALID_SESSION) {
PK11_FreeSymKey(symKey);
symKey = NULL;
}
} else {
symKey->session = CK_INVALID_SESSION;
}
return symKey;
}
/* Generate a mechaism param from a type, and iv. */
SECItem *
PK11_ParamFromAlgid(SECAlgorithmID *algid)
{
CK_RC2_CBC_PARAMS * rc2_cbc_params = NULL;
CK_RC2_PARAMS * rc2_ecb_params = NULL;
CK_RC5_CBC_PARAMS * rc5_cbc_params = NULL;
CK_RC5_PARAMS * rc5_ecb_params = NULL;
PRArenaPool * arena = NULL;
SECItem * mech = NULL;
SECOidTag algtag;
SECStatus rv;
CK_MECHANISM_TYPE type;
/* initialize these to prevent UMRs in the ASN1 decoder. */
SECItem iv = {siBuffer, NULL, 0};
sec_rc2cbcParameter rc2 = { {siBuffer, NULL, 0}, {siBuffer, NULL, 0} };
sec_rc5cbcParameter rc5 = { {siBuffer, NULL, 0}, {siBuffer, NULL, 0},
{siBuffer, NULL, 0}, {siBuffer, NULL, 0} };
algtag = SECOID_GetAlgorithmTag(algid);
type = PK11_AlgtagToMechanism(algtag);
mech = PORT_New(SECItem);
if (mech == NULL) {
return NULL;
}
mech->type = siBuffer;
mech->data = NULL;
mech->len = 0;
arena = PORT_NewArena(1024);
if (!arena) {
goto loser;
}
/* handle the complicated cases */
switch (type) {
case CKM_RC2_ECB:
rv = SEC_ASN1DecodeItem(arena, &rc2 ,sec_rc2ecb_parameter_template,
&(algid->parameters));
if (rv != SECSuccess) {
goto loser;
}
rc2_ecb_params = PORT_New(CK_RC2_PARAMS);
if (rc2_ecb_params == NULL) {
goto loser;
}
*rc2_ecb_params = rc2_map(&rc2.rc2ParameterVersion);
mech->data = (unsigned char *) rc2_ecb_params;
mech->len = sizeof *rc2_ecb_params;
break;
case CKM_RC2_CBC:
case CKM_RC2_CBC_PAD:
rv = SEC_ASN1DecodeItem(arena, &rc2 ,sec_rc2cbc_parameter_template,
&(algid->parameters));
if (rv != SECSuccess) {
goto loser;
}
rc2_cbc_params = PORT_New(CK_RC2_CBC_PARAMS);
if (rc2_cbc_params == NULL) {
goto loser;
}
mech->data = (unsigned char *) rc2_cbc_params;
mech->len = sizeof *rc2_cbc_params;
rc2_cbc_params->ulEffectiveBits = rc2_map(&rc2.rc2ParameterVersion);
if (rc2.iv.len != sizeof rc2_cbc_params->iv) {
PORT_SetError(SEC_ERROR_INPUT_LEN);
goto loser;
}
PORT_Memcpy(rc2_cbc_params->iv, rc2.iv.data, rc2.iv.len);
break;
case CKM_RC5_ECB:
rv = SEC_ASN1DecodeItem(arena, &rc5 ,sec_rc5ecb_parameter_template,
&(algid->parameters));
if (rv != SECSuccess) {
goto loser;
}
rc5_ecb_params = PORT_New(CK_RC5_PARAMS);
if (rc5_ecb_params == NULL) {
goto loser;
}
rc5_ecb_params->ulRounds = DER_GetInteger(&rc5.rounds);
rc5_ecb_params->ulWordsize = DER_GetInteger(&rc5.blockSizeInBits)/8;
mech->data = (unsigned char *) rc5_ecb_params;
mech->len = sizeof *rc5_ecb_params;
break;
case CKM_RC5_CBC:
case CKM_RC5_CBC_PAD:
rv = SEC_ASN1DecodeItem(arena, &rc5 ,sec_rc5cbc_parameter_template,
&(algid->parameters));
if (rv != SECSuccess) {
goto loser;
}
rc5_cbc_params = (CK_RC5_CBC_PARAMS *)
PORT_Alloc(sizeof(CK_RC5_CBC_PARAMS) + rc5.iv.len);
if (rc5_cbc_params == NULL) {
goto loser;
}
mech->data = (unsigned char *) rc5_cbc_params;
mech->len = sizeof *rc5_cbc_params;
rc5_cbc_params->ulRounds = DER_GetInteger(&rc5.rounds);
rc5_cbc_params->ulWordsize = DER_GetInteger(&rc5.blockSizeInBits)/8;
rc5_cbc_params->pIv = ((CK_BYTE_PTR)rc5_cbc_params)
+ sizeof(CK_RC5_CBC_PARAMS);
rc5_cbc_params->ulIvLen = rc5.iv.len;
PORT_Memcpy(rc5_cbc_params->pIv, rc5.iv.data, rc5.iv.len);
break;
case CKM_PBE_MD2_DES_CBC:
case CKM_PBE_MD5_DES_CBC:
case CKM_NETSCAPE_PBE_SHA1_DES_CBC:
case CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC:
case CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC:
case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC:
case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC:
case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4:
case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4:
case CKM_PBE_SHA1_DES2_EDE_CBC:
case CKM_PBE_SHA1_DES3_EDE_CBC:
case CKM_PBE_SHA1_RC2_40_CBC:
case CKM_PBE_SHA1_RC2_128_CBC:
case CKM_PBE_SHA1_RC4_40:
case CKM_PBE_SHA1_RC4_128:
case CKM_PKCS5_PBKD2:
rv = pbe_PK11AlgidToParam(algid,mech);
if (rv != SECSuccess) {
goto loser;
}
break;
case CKM_RC4:
case CKM_SEED_ECB:
case CKM_CAMELLIA_ECB:
case CKM_AES_ECB:
case CKM_DES_ECB:
case CKM_DES3_ECB:
case CKM_IDEA_ECB:
case CKM_CDMF_ECB:
case CKM_CAST_ECB:
case CKM_CAST3_ECB:
case CKM_CAST5_ECB:
break;
default:
if (pk11_lookup(type)->iv == 0) {
break;
}
/* FALL THROUGH */
case CKM_SEED_CBC:
case CKM_CAMELLIA_CBC:
case CKM_AES_CBC:
case CKM_DES_CBC:
case CKM_DES3_CBC:
case CKM_IDEA_CBC:
case CKM_CDMF_CBC:
case CKM_CAST_CBC:
case CKM_CAST3_CBC:
case CKM_CAST5_CBC:
case CKM_SEED_CBC_PAD:
case CKM_CAMELLIA_CBC_PAD:
case CKM_AES_CBC_PAD:
case CKM_DES_CBC_PAD:
case CKM_DES3_CBC_PAD:
case CKM_IDEA_CBC_PAD:
case CKM_CDMF_CBC_PAD:
case CKM_CAST_CBC_PAD:
case CKM_CAST3_CBC_PAD:
case CKM_CAST5_CBC_PAD:
case CKM_SKIPJACK_CBC64:
case CKM_SKIPJACK_ECB64:
case CKM_SKIPJACK_OFB64:
case CKM_SKIPJACK_CFB64:
case CKM_SKIPJACK_CFB32:
case CKM_SKIPJACK_CFB16:
case CKM_SKIPJACK_CFB8:
case CKM_BATON_ECB128:
case CKM_BATON_ECB96:
case CKM_BATON_CBC128:
case CKM_BATON_COUNTER:
case CKM_BATON_SHUFFLE:
case CKM_JUNIPER_ECB128:
case CKM_JUNIPER_CBC128:
case CKM_JUNIPER_COUNTER:
case CKM_JUNIPER_SHUFFLE:
/* simple cases are simply octet string encoded IVs */
rv = SEC_ASN1DecodeItem(arena, &iv,
SEC_ASN1_GET(SEC_OctetStringTemplate),
&(algid->parameters));
if (rv != SECSuccess || iv.data == NULL) {
goto loser;
}
/* XXX Should be some IV length sanity check here. */
mech->data = (unsigned char*)PORT_Alloc(iv.len);
if (mech->data == NULL) {
goto loser;
}
PORT_Memcpy(mech->data, iv.data, iv.len);
mech->len = iv.len;
break;
}
PORT_FreeArena(arena, PR_FALSE);
return mech;
loser:
if (arena)
PORT_FreeArena(arena, PR_FALSE);
SECITEM_FreeItem(mech,PR_TRUE);
return NULL;
}