static void SetExts(void *object, CERTCertExtension **exts) { CERTCertificate *cert = (CERTCertificate *)object; cert->extensions = exts; DER_SetUInteger (cert->arena, &(cert->version), SEC_CERTIFICATE_VERSION_3); }
/* Callback to set extensions and adjust verison */ static void SetCrlExts(void *object, CERTCertExtension **exts) { CERTCrl *crl = (CERTCrl *)object; crl->extensions = exts; DER_SetUInteger (crl->arena, &crl->version, SEC_CRL_VERSION_2); }
static NSSLOWKEYPrivateKey * lg_mkSecretKeyRep(const CK_ATTRIBUTE *templ, CK_ULONG count, CK_KEY_TYPE key_type, SECItem *pubkey, SDB *sdbpw) { NSSLOWKEYPrivateKey *privKey = 0; PLArenaPool *arena = 0; CK_KEY_TYPE keyType; PRUint32 keyTypeStorage; SECItem keyTypeItem; CK_RV crv; SECStatus rv; static unsigned char derZero[1] = { 0 }; arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if (arena == NULL) { crv = CKR_HOST_MEMORY; goto loser; } privKey = (NSSLOWKEYPrivateKey *) PORT_ArenaZAlloc(arena, sizeof(NSSLOWKEYPrivateKey)); if (privKey == NULL) { crv = CKR_HOST_MEMORY; goto loser; } privKey->arena = arena; /* Secret keys are represented in the database as "fake" RSA keys. * The RSA key is marked as a secret key representation by setting the * public exponent field to 0, which is an invalid RSA exponent. * The other fields are set as follows: * modulus - CKA_ID value for the secret key * private exponent - CKA_VALUE (the key itself) * coefficient - CKA_KEY_TYPE, which indicates what encryption algorithm * is used for the key. * all others - set to integer 0 */ privKey->keyType = NSSLOWKEYRSAKey; /* The modulus is set to the key id of the symmetric key */ privKey->u.rsa.modulus.data = (unsigned char *)PORT_ArenaAlloc(arena, pubkey->len); if (privKey->u.rsa.modulus.data == NULL) { crv = CKR_HOST_MEMORY; goto loser; } privKey->u.rsa.modulus.len = pubkey->len; PORT_Memcpy(privKey->u.rsa.modulus.data, pubkey->data, pubkey->len); /* The public exponent is set to 0 to indicate a special key */ privKey->u.rsa.publicExponent.len = sizeof derZero; privKey->u.rsa.publicExponent.data = derZero; /* The private exponent is the actual key value */ crv = lg_PrivAttr2SecItem(arena, CKA_VALUE, templ, count, &privKey->u.rsa.privateExponent, sdbpw); if (crv != CKR_OK) goto loser; /* All other fields empty - needs testing */ privKey->u.rsa.prime1.len = sizeof derZero; privKey->u.rsa.prime1.data = derZero; privKey->u.rsa.prime2.len = sizeof derZero; privKey->u.rsa.prime2.data = derZero; privKey->u.rsa.exponent1.len = sizeof derZero; privKey->u.rsa.exponent1.data = derZero; privKey->u.rsa.exponent2.len = sizeof derZero; privKey->u.rsa.exponent2.data = derZero; /* Coeficient set to KEY_TYPE */ crv = lg_GetULongAttribute(CKA_KEY_TYPE, templ, count, &keyType); if (crv != CKR_OK) goto loser; /* on 64 bit platforms, we still want to store 32 bits of keyType (This is * safe since the PKCS #11 defines for all types are 32 bits or less). */ keyTypeStorage = (PRUint32)keyType; keyTypeStorage = PR_htonl(keyTypeStorage); keyTypeItem.data = (unsigned char *)&keyTypeStorage; keyTypeItem.len = sizeof(keyTypeStorage); rv = SECITEM_CopyItem(arena, &privKey->u.rsa.coefficient, &keyTypeItem); if (rv != SECSuccess) { crv = CKR_HOST_MEMORY; goto loser; } /* Private key version field set normally for compatibility */ rv = DER_SetUInteger(privKey->arena, &privKey->u.rsa.version, NSSLOWKEY_VERSION); if (rv != SECSuccess) { crv = CKR_HOST_MEMORY; goto loser; } loser: if (crv != CKR_OK) { PORT_FreeArena(arena, PR_FALSE); privKey = 0; } return privKey; }
/* make a private key from a verified object */ static NSSLOWKEYPrivateKey * lg_mkPrivKey(SDB *sdb, const CK_ATTRIBUTE *templ, CK_ULONG count, CK_KEY_TYPE key_type, CK_RV *crvp) { NSSLOWKEYPrivateKey *privKey; PLArenaPool *arena; CK_RV crv = CKR_OK; SECStatus rv; arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if (arena == NULL) { *crvp = CKR_HOST_MEMORY; return NULL; } privKey = (NSSLOWKEYPrivateKey *) PORT_ArenaZAlloc(arena, sizeof(NSSLOWKEYPrivateKey)); if (privKey == NULL) { PORT_FreeArena(arena, PR_FALSE); *crvp = CKR_HOST_MEMORY; return NULL; } /* in future this would be a switch on key_type */ privKey->arena = arena; switch (key_type) { case CKK_RSA: privKey->keyType = NSSLOWKEYRSAKey; crv = lg_Attribute2SSecItem(arena, CKA_MODULUS, templ, count, &privKey->u.rsa.modulus); if (crv != CKR_OK) break; crv = lg_Attribute2SSecItem(arena, CKA_PUBLIC_EXPONENT, templ, count, &privKey->u.rsa.publicExponent); if (crv != CKR_OK) break; crv = lg_PrivAttr2SSecItem(arena, CKA_PRIVATE_EXPONENT, templ, count, &privKey->u.rsa.privateExponent, sdb); if (crv != CKR_OK) break; crv = lg_PrivAttr2SSecItem(arena, CKA_PRIME_1, templ, count, &privKey->u.rsa.prime1, sdb); if (crv != CKR_OK) break; crv = lg_PrivAttr2SSecItem(arena, CKA_PRIME_2, templ, count, &privKey->u.rsa.prime2, sdb); if (crv != CKR_OK) break; crv = lg_PrivAttr2SSecItem(arena, CKA_EXPONENT_1, templ, count, &privKey->u.rsa.exponent1, sdb); if (crv != CKR_OK) break; crv = lg_PrivAttr2SSecItem(arena, CKA_EXPONENT_2, templ, count, &privKey->u.rsa.exponent2, sdb); if (crv != CKR_OK) break; crv = lg_PrivAttr2SSecItem(arena, CKA_COEFFICIENT, templ, count, &privKey->u.rsa.coefficient, sdb); if (crv != CKR_OK) break; rv = DER_SetUInteger(privKey->arena, &privKey->u.rsa.version, NSSLOWKEY_VERSION); if (rv != SECSuccess) crv = CKR_HOST_MEMORY; break; case CKK_DSA: privKey->keyType = NSSLOWKEYDSAKey; crv = lg_Attribute2SSecItem(arena, CKA_PRIME, templ, count, &privKey->u.dsa.params.prime); if (crv != CKR_OK) break; crv = lg_Attribute2SSecItem(arena, CKA_SUBPRIME, templ, count, &privKey->u.dsa.params.subPrime); if (crv != CKR_OK) break; crv = lg_Attribute2SSecItem(arena, CKA_BASE, templ, count, &privKey->u.dsa.params.base); if (crv != CKR_OK) break; crv = lg_PrivAttr2SSecItem(arena, CKA_VALUE, templ, count, &privKey->u.dsa.privateValue, sdb); if (crv != CKR_OK) break; if (lg_hasAttribute(CKA_NETSCAPE_DB, templ, count)) { crv = lg_Attribute2SSecItem(arena, CKA_NETSCAPE_DB, templ, count, &privKey->u.dsa.publicValue); /* privKey was zero'd so public value is already set to NULL, 0 * if we don't set it explicitly */ } break; case CKK_DH: privKey->keyType = NSSLOWKEYDHKey; crv = lg_Attribute2SSecItem(arena, CKA_PRIME, templ, count, &privKey->u.dh.prime); if (crv != CKR_OK) break; crv = lg_Attribute2SSecItem(arena, CKA_BASE, templ, count, &privKey->u.dh.base); if (crv != CKR_OK) break; crv = lg_PrivAttr2SSecItem(arena, CKA_VALUE, templ, count, &privKey->u.dh.privateValue, sdb); if (crv != CKR_OK) break; if (lg_hasAttribute(CKA_NETSCAPE_DB, templ, count)) { crv = lg_Attribute2SSecItem(arena, CKA_NETSCAPE_DB, templ, count, &privKey->u.dh.publicValue); /* privKey was zero'd so public value is already set to NULL, 0 * if we don't set it explicitly */ } break; #ifndef NSS_DISABLE_ECC case CKK_EC: privKey->keyType = NSSLOWKEYECKey; crv = lg_Attribute2SSecItem(arena, CKA_EC_PARAMS, templ, count, &privKey->u.ec.ecParams.DEREncoding); if (crv != CKR_OK) break; /* Fill out the rest of the ecParams structure * based on the encoded params */ if (LGEC_FillParams(arena, &privKey->u.ec.ecParams.DEREncoding, &privKey->u.ec.ecParams) != SECSuccess) { crv = CKR_DOMAIN_PARAMS_INVALID; break; } crv = lg_PrivAttr2SSecItem(arena, CKA_VALUE, templ, count, &privKey->u.ec.privateValue, sdb); if (crv != CKR_OK) break; if (lg_hasAttribute(CKA_NETSCAPE_DB, templ, count)) { crv = lg_Attribute2SSecItem(arena, CKA_NETSCAPE_DB, templ, count, &privKey->u.ec.publicValue); if (crv != CKR_OK) break; /* privKey was zero'd so public value is already set to NULL, 0 * if we don't set it explicitly */ } rv = DER_SetUInteger(privKey->arena, &privKey->u.ec.version, NSSLOWKEY_EC_PRIVATE_KEY_VERSION); if (rv != SECSuccess) crv = CKR_HOST_MEMORY; break; #endif /* NSS_DISABLE_ECC */ default: crv = CKR_KEY_TYPE_INCONSISTENT; break; } *crvp = crv; if (crv != CKR_OK) { PORT_FreeArena(arena, PR_FALSE); return NULL; } return privKey; }