search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bug 460926 A11y hierachy is broken on Ubuntu 8.10 (GNOME 2.24), r=Evan.Yan sr=roc
[wine-gecko.git] / security / nss / lib / pk11wrap / pk11pqg.c
blob3b6cf53992b60f821044e7a0e1fe08c25af0c2b5
1 /* ***** BEGIN LICENSE BLOCK *****
2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
3 *
4 * The contents of this file are subject to the Mozilla Public License Version
5 * 1.1 (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
7 * http://www.mozilla.org/MPL/
8 *
9 * Software distributed under the License is distributed on an "AS IS" basis,
10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
11 * for the specific language governing rights and limitations under the
12 * License.
13 *
14 * The Original Code is the Netscape security libraries.
15 *
16 * The Initial Developer of the Original Code is
17 * Netscape Communications Corporation.
18 * Portions created by the Initial Developer are Copyright (C) 1994-2001
19 * the Initial Developer. All Rights Reserved.
20 *
21 * Contributor(s):
22 *
23 * Alternatively, the contents of this file may be used under the terms of
24 * either the GNU General Public License Version 2 or later (the "GPL"), or
25 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
26 * in which case the provisions of the GPL or the LGPL are applicable instead
27 * of those above. If you wish to allow use of your version of this file only
28 * under the terms of either the GPL or the LGPL, and not to allow others to
29 * use your version of this file under the terms of the MPL, indicate your
30 * decision by deleting the provisions above and replace them with the notice
31 * and other provisions required by the GPL or the LGPL. If you do not delete
32 * the provisions above, a recipient may use your version of this file under
33 * the terms of any one of the MPL, the GPL or the LGPL.
34 *
35 * ***** END LICENSE BLOCK ***** */
36 /* Thse functions are stub functions which will get replaced with calls through
37 * PKCS #11.
38 */
39
40 #include "pk11func.h"
41 #include "secmod.h"
42 #include "secmodi.h"
43 #include "secmodti.h"
44 #include "pkcs11t.h"
45 #include "pk11pqg.h"
46 #include "secerr.h"
47
48
49 /* Generate PQGParams and PQGVerify structs.
50 * Length of P specified by j. Length of h will match length of P.
51 * Length of SEED in bytes specified in seedBytes.
52 * seedBbytes must be in the range [20..255] or an error will result.
53 */
54 extern SECStatus
55 PK11_PQG_ParamGenSeedLen( unsigned int j, unsigned int seedBytes,
56 PQGParams **pParams, PQGVerify **pVfy)
57 {
58 PK11SlotInfo *slot = NULL;
59 CK_ATTRIBUTE genTemplate[5];
60 CK_ATTRIBUTE *attrs = genTemplate;
61 int count = sizeof(genTemplate)/sizeof(genTemplate[0]);
62 CK_MECHANISM mechanism;
63 CK_OBJECT_HANDLE objectID = CK_INVALID_HANDLE;
64 CK_RV crv;
65 CK_ATTRIBUTE pTemplate[] = {
66 { CKA_PRIME, NULL, 0 },
67 { CKA_SUBPRIME, NULL, 0 },
68 { CKA_BASE, NULL, 0 },
69 };
70 CK_ATTRIBUTE vTemplate[] = {
71 { CKA_NETSCAPE_PQG_COUNTER, NULL, 0 },
72 { CKA_NETSCAPE_PQG_SEED, NULL, 0 },
73 { CKA_NETSCAPE_PQG_H, NULL, 0 },
74 };
75 int pTemplateCount = sizeof(pTemplate)/sizeof(pTemplate[0]);
76 int vTemplateCount = sizeof(vTemplate)/sizeof(vTemplate[0]);
77 PRArenaPool *parena = NULL;
78 PRArenaPool *varena = NULL;
79 PQGParams *params = NULL;
80 PQGVerify *verify = NULL;
81 CK_ULONG primeBits = PQG_INDEX_TO_PBITS(j);
82 CK_ULONG seedBits = seedBytes*8;
83
84 *pParams = NULL;
85 *pVfy = NULL;
86
87 if (primeBits == (CK_ULONG)-1) {
88 PORT_SetError(SEC_ERROR_INVALID_ARGS);
89 goto loser;
90 }
91 PK11_SETATTRS(attrs, CKA_PRIME_BITS,&primeBits,sizeof(primeBits)); attrs++;
92 if (seedBits != 0) {
93 PK11_SETATTRS(attrs, CKA_NETSCAPE_PQG_SEED_BITS,
94 &seedBits, sizeof(seedBits)); attrs++;
95 }
96 count = attrs - genTemplate;
97 PR_ASSERT(count <= sizeof(genTemplate)/sizeof(CK_ATTRIBUTE));
98
99 slot = PK11_GetInternalSlot();
100 if (slot == NULL) {
101 /* set error */
102 goto loser;
103 }
104
105 /* Initialize the Key Gen Mechanism */
106 mechanism.mechanism = CKM_DSA_PARAMETER_GEN;
107 mechanism.pParameter = NULL;
108 mechanism.ulParameterLen = 0;
109
110 PK11_EnterSlotMonitor(slot);
111 crv = PK11_GETTAB(slot)->C_GenerateKey(slot->session,
112 &mechanism, genTemplate, count, &objectID);
113 PK11_ExitSlotMonitor(slot);
114
115 if (crv != CKR_OK) {
116 PORT_SetError( PK11_MapError(crv) );
117 goto loser;
118 }
119
120 parena = PORT_NewArena(60);
121 if (!parena) {
122 goto loser;
123 }
124
125 crv = PK11_GetAttributes(parena, slot, objectID, pTemplate, pTemplateCount);
126 if (crv != CKR_OK) {
127 PORT_SetError( PK11_MapError(crv) );
128 goto loser;
129 }
130
131
132 params = (PQGParams *)PORT_ArenaAlloc(parena,sizeof(PQGParams));
133 if (params == NULL) {
134 goto loser;
135 }
136
137 /* fill in Params */
138 params->arena = parena;
139 params->prime.type = siUnsignedInteger;
140 params->prime.data = pTemplate[0].pValue;
141 params->prime.len = pTemplate[0].ulValueLen;
142 params->subPrime.type = siUnsignedInteger;
143 params->subPrime.data = pTemplate[1].pValue;
144 params->subPrime.len = pTemplate[1].ulValueLen;
145 params->base.type = siUnsignedInteger;
146 params->base.data = pTemplate[2].pValue;
147 params->base.len = pTemplate[2].ulValueLen;
148
149
150 varena = PORT_NewArena(60);
151 if (!varena) {
152 goto loser;
153 }
154
155 crv = PK11_GetAttributes(varena, slot, objectID, vTemplate, vTemplateCount);
156 if (crv != CKR_OK) {
157 PORT_SetError( PK11_MapError(crv) );
158 goto loser;
159 }
160
161
162 verify = (PQGVerify *)PORT_ArenaAlloc(varena,sizeof(PQGVerify));
163 if (verify == NULL) {
164 goto loser;
165 }
166 /* fill in Params */
167 verify->arena = varena;
168 verify->counter = (unsigned int)(*(CK_ULONG*)vTemplate[0].pValue);
169 verify->seed.type = siUnsignedInteger;
170 verify->seed.data = vTemplate[1].pValue;
171 verify->seed.len = vTemplate[1].ulValueLen;
172 verify->h.type = siUnsignedInteger;
173 verify->h.data = vTemplate[2].pValue;
174 verify->h.len = vTemplate[2].ulValueLen;
175
176 PK11_DestroyObject(slot,objectID);
177 PK11_FreeSlot(slot);
178
179 *pParams = params;
180 *pVfy = verify;
181
182 return SECSuccess;
183
184 loser:
185 if (objectID != CK_INVALID_HANDLE) {
186 PK11_DestroyObject(slot,objectID);
187 }
188 if (parena != NULL) {
189 PORT_FreeArena(parena,PR_FALSE);
190 }
191 if (varena != NULL) {
192 PORT_FreeArena(varena,PR_FALSE);
193 }
194 if (slot) {
195 PK11_FreeSlot(slot);
196 }
197 return SECFailure;
198 }
199
200 /* Generate PQGParams and PQGVerify structs.
201 * Length of seed and length of h both equal length of P.
202 * All lengths are specified by "j", according to the table above.
203 */
204 extern SECStatus
205 PK11_PQG_ParamGen(unsigned int j, PQGParams **pParams, PQGVerify **pVfy)
206 {
207 return PK11_PQG_ParamGenSeedLen(j, 0, pParams, pVfy);
208 }
209
210 /* Test PQGParams for validity as DSS PQG values.
211 * If vfy is non-NULL, test PQGParams to make sure they were generated
212 * using the specified seed, counter, and h values.
213 *
214 * Return value indicates whether Verification operation ran succesfully
215 * to completion, but does not indicate if PQGParams are valid or not.
216 * If return value is SECSuccess, then *pResult has these meanings:
217 * SECSuccess: PQGParams are valid.
218 * SECFailure: PQGParams are invalid.
219 */
220
221 extern SECStatus
222 PK11_PQG_VerifyParams(const PQGParams *params, const PQGVerify *vfy,
223 SECStatus *result)
224 {
225 CK_ATTRIBUTE keyTempl[] = {
226 { CKA_CLASS, NULL, 0 },
227 { CKA_KEY_TYPE, NULL, 0 },
228 { CKA_PRIME, NULL, 0 },
229 { CKA_SUBPRIME, NULL, 0 },
230 { CKA_BASE, NULL, 0 },
231 { CKA_TOKEN, NULL, 0 },
232 { CKA_NETSCAPE_PQG_COUNTER, NULL, 0 },
233 { CKA_NETSCAPE_PQG_SEED, NULL, 0 },
234 { CKA_NETSCAPE_PQG_H, NULL, 0 },
235 };
236 CK_ATTRIBUTE *attrs;
237 CK_BBOOL ckfalse = CK_FALSE;
238 CK_OBJECT_CLASS class = CKO_KG_PARAMETERS;
239 CK_KEY_TYPE keyType = CKK_DSA;
240 SECStatus rv = SECSuccess;
241 PK11SlotInfo *slot;
242 int keyCount;
243 CK_OBJECT_HANDLE objectID;
244 CK_ULONG counter;
245 CK_RV crv;
246
247 attrs = keyTempl;
248 PK11_SETATTRS(attrs, CKA_CLASS, &class, sizeof(class)); attrs++;
249 PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof(keyType)); attrs++;
250 PK11_SETATTRS(attrs, CKA_PRIME, params->prime.data,
251 params->prime.len); attrs++;
252 PK11_SETATTRS(attrs, CKA_SUBPRIME, params->subPrime.data,
253 params->subPrime.len); attrs++;
254 PK11_SETATTRS(attrs, CKA_BASE,params->base.data,params->base.len); attrs++;
255 PK11_SETATTRS(attrs, CKA_TOKEN, &ckfalse, sizeof(ckfalse)); attrs++;
256 if (vfy) {
257 counter = vfy->counter;
258 PK11_SETATTRS(attrs, CKA_NETSCAPE_PQG_COUNTER,
259 &counter, sizeof(counter)); attrs++;
260 PK11_SETATTRS(attrs, CKA_NETSCAPE_PQG_SEED,
261 vfy->seed.data, vfy->seed.len); attrs++;
262 PK11_SETATTRS(attrs, CKA_NETSCAPE_PQG_H,
263 vfy->h.data, vfy->h.len); attrs++;
264 }
265
266 keyCount = attrs - keyTempl;
267 PORT_Assert(keyCount <= sizeof(keyTempl)/sizeof(keyTempl[0]));
268
269
270 slot = PK11_GetInternalSlot();
271 if (slot == NULL) {
272 return SECFailure;
273 }
274
275 PK11_EnterSlotMonitor(slot);
276 crv = PK11_GETTAB(slot)->C_CreateObject(slot->session, keyTempl, keyCount,
277 &objectID);
278 PK11_ExitSlotMonitor(slot);
279
280 /* throw away the keys, we only wanted the return code */
281 PK11_DestroyObject(slot,objectID);
282 PK11_FreeSlot(slot);
283
284 *result = SECSuccess;
285 if (crv == CKR_ATTRIBUTE_VALUE_INVALID) {
286 *result = SECFailure;
287 } else if (crv != CKR_OK) {
288 PORT_SetError( PK11_MapError(crv) );
289 rv = SECFailure;
290 }
291 return rv;
292
293 }
294
295
296
297 /**************************************************************************
298 * Free the PQGParams struct and the things it points to. *
299 **************************************************************************/
300 extern void
301 PK11_PQG_DestroyParams(PQGParams *params) {
302 if (params == NULL)
303 return;
304 if (params->arena != NULL) {
305 PORT_FreeArena(params->arena, PR_FALSE); /* don't zero it */
306 } else {
307 SECITEM_FreeItem(&params->prime, PR_FALSE); /* don't free prime */
308 SECITEM_FreeItem(&params->subPrime, PR_FALSE); /* don't free subPrime */
309 SECITEM_FreeItem(&params->base, PR_FALSE); /* don't free base */
310 PORT_Free(params);
311 }
312 }
313
314 /**************************************************************************
315 * Free the PQGVerify struct and the things it points to. *
316 **************************************************************************/
317 extern void
318 PK11_PQG_DestroyVerify(PQGVerify *vfy) {
319 if (vfy == NULL)
320 return;
321 if (vfy->arena != NULL) {
322 PORT_FreeArena(vfy->arena, PR_FALSE); /* don't zero it */
323 } else {
324 SECITEM_FreeItem(&vfy->seed, PR_FALSE); /* don't free seed */
325 SECITEM_FreeItem(&vfy->h, PR_FALSE); /* don't free h */
326 PORT_Free(vfy);
327 }
328 }
329
330 #define PQG_DEFAULT_CHUNKSIZE 2048 /* bytes */
331
332 /**************************************************************************
333 * Return a pointer to a new PQGParams struct that is constructed from *
334 * copies of the arguments passed in. *
335 * Return NULL on failure. *
336 **************************************************************************/
337 extern PQGParams *
338 PK11_PQG_NewParams(const SECItem * prime, const SECItem * subPrime,
339 const SECItem * base) {
340 PRArenaPool *arena;
341 PQGParams *dest;
342 SECStatus status;
343
344 arena = PORT_NewArena(PQG_DEFAULT_CHUNKSIZE);
345 if (arena == NULL)
346 goto loser;
347
348 dest = (PQGParams*)PORT_ArenaZAlloc(arena, sizeof(PQGParams));
349 if (dest == NULL)
350 goto loser;
351
352 dest->arena = arena;
353
354 status = SECITEM_CopyItem(arena, &dest->prime, prime);
355 if (status != SECSuccess)
356 goto loser;
357
358 status = SECITEM_CopyItem(arena, &dest->subPrime, subPrime);
359 if (status != SECSuccess)
360 goto loser;
361
362 status = SECITEM_CopyItem(arena, &dest->base, base);
363 if (status != SECSuccess)
364 goto loser;
365
366 return dest;
367
368 loser:
369 if (arena != NULL)
370 PORT_FreeArena(arena, PR_FALSE);
371 return NULL;
372 }
373
374
375 /**************************************************************************
376 * Fills in caller's "prime" SECItem with the prime value in params.
377 * Contents can be freed by calling SECITEM_FreeItem(prime, PR_FALSE);
378 **************************************************************************/
379 extern SECStatus
380 PK11_PQG_GetPrimeFromParams(const PQGParams *params, SECItem * prime) {
381 return SECITEM_CopyItem(NULL, prime, &params->prime);
382 }
383
384
385 /**************************************************************************
386 * Fills in caller's "subPrime" SECItem with the prime value in params.
387 * Contents can be freed by calling SECITEM_FreeItem(subPrime, PR_FALSE);
388 **************************************************************************/
389 extern SECStatus
390 PK11_PQG_GetSubPrimeFromParams(const PQGParams *params, SECItem * subPrime) {
391 return SECITEM_CopyItem(NULL, subPrime, &params->subPrime);
392 }
393
394
395 /**************************************************************************
396 * Fills in caller's "base" SECItem with the base value in params.
397 * Contents can be freed by calling SECITEM_FreeItem(base, PR_FALSE);
398 **************************************************************************/
399 extern SECStatus
400 PK11_PQG_GetBaseFromParams(const PQGParams *params, SECItem *base) {
401 return SECITEM_CopyItem(NULL, base, &params->base);
402 }
403
404
405 /**************************************************************************
406 * Return a pointer to a new PQGVerify struct that is constructed from *
407 * copies of the arguments passed in. *
408 * Return NULL on failure. *
409 **************************************************************************/
410 extern PQGVerify *
411 PK11_PQG_NewVerify(unsigned int counter, const SECItem * seed,
412 const SECItem * h) {
413 PRArenaPool *arena;
414 PQGVerify * dest;
415 SECStatus status;
416
417 arena = PORT_NewArena(PQG_DEFAULT_CHUNKSIZE);
418 if (arena == NULL)
419 goto loser;
420
421 dest = (PQGVerify*)PORT_ArenaZAlloc(arena, sizeof(PQGVerify));
422 if (dest == NULL)
423 goto loser;
424
425 dest->arena = arena;
426 dest->counter = counter;
427
428 status = SECITEM_CopyItem(arena, &dest->seed, seed);
429 if (status != SECSuccess)
430 goto loser;
431
432 status = SECITEM_CopyItem(arena, &dest->h, h);
433 if (status != SECSuccess)
434 goto loser;
435
436 return dest;
437
438 loser:
439 if (arena != NULL)
440 PORT_FreeArena(arena, PR_FALSE);
441 return NULL;
442 }
443
444
445 /**************************************************************************
446 * Returns "counter" value from the PQGVerify.
447 **************************************************************************/
448 extern unsigned int
449 PK11_PQG_GetCounterFromVerify(const PQGVerify *verify) {
450 return verify->counter;
451 }
452
453 /**************************************************************************
454 * Fills in caller's "seed" SECItem with the seed value in verify.
455 * Contents can be freed by calling SECITEM_FreeItem(seed, PR_FALSE);
456 **************************************************************************/
457 extern SECStatus
458 PK11_PQG_GetSeedFromVerify(const PQGVerify *verify, SECItem *seed) {
459 return SECITEM_CopyItem(NULL, seed, &verify->seed);
460 }
461
462
463 /**************************************************************************
464 * Fills in caller's "h" SECItem with the h value in verify.
465 * Contents can be freed by calling SECITEM_FreeItem(h, PR_FALSE);
466 **************************************************************************/
467 extern SECStatus
468 PK11_PQG_GetHFromVerify(const PQGVerify *verify, SECItem * h) {
469 return SECITEM_CopyItem(NULL, h, &verify->h);
470 }
Wine Gecko package