Back to index

lightning-sunbird  0.9+nobinonly
Functions | Variables
softoken.h File Reference
#include "blapi.h"
#include "lowkeyti.h"
#include "softoknt.h"
#include "secoidt.h"
#include "pkcs11t.h"
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions

SEC_BEGIN_PROTOS SECStatus RSA_FormatBlock (SECItem *result, unsigned int modulusLen, RSA_BlockType blockType, SECItem *data)
unsigned char * RSA_FormatOneBlock (unsigned int modulusLen, RSA_BlockType blockType, SECItem *data)
SECStatus RSA_Sign (NSSLOWKEYPrivateKey *key, unsigned char *output, unsigned int *outputLen, unsigned int maxOutputLen, unsigned char *input, unsigned int inputLen)
SECStatus RSA_HashSign (SECOidTag hashOid, NSSLOWKEYPrivateKey *key, unsigned char *sig, unsigned int *sigLen, unsigned int maxLen, unsigned char *hash, unsigned int hashLen)
SECStatus RSA_CheckSign (NSSLOWKEYPublicKey *key, unsigned char *sign, unsigned int signLength, unsigned char *hash, unsigned int hashLength)
SECStatus RSA_HashCheckSign (SECOidTag hashOid, NSSLOWKEYPublicKey *key, unsigned char *sig, unsigned int sigLen, unsigned char *digest, unsigned int digestLen)
SECStatus RSA_CheckSignRecover (NSSLOWKEYPublicKey *key, unsigned char *data, unsigned int *data_len, unsigned int max_output_len, unsigned char *sign, unsigned int sign_len)
SECStatus RSA_EncryptBlock (NSSLOWKEYPublicKey *key, unsigned char *output, unsigned int *outputLen, unsigned int maxOutputLen, unsigned char *input, unsigned int inputLen)
SECStatus RSA_DecryptBlock (NSSLOWKEYPrivateKey *key, unsigned char *output, unsigned int *outputLen, unsigned int maxOutputLen, unsigned char *input, unsigned int inputLen)
SECStatus RSA_SignRaw (NSSLOWKEYPrivateKey *key, unsigned char *output, unsigned int *output_len, unsigned int maxOutputLen, unsigned char *input, unsigned int input_len)
SECStatus RSA_CheckSignRaw (NSSLOWKEYPublicKey *key, unsigned char *sign, unsigned int sign_len, unsigned char *hash, unsigned int hash_len)
SECStatus RSA_CheckSignRecoverRaw (NSSLOWKEYPublicKey *key, unsigned char *data, unsigned int *data_len, unsigned int max_output_len, unsigned char *sign, unsigned int sign_len)
SECStatus RSA_EncryptRaw (NSSLOWKEYPublicKey *key, unsigned char *output, unsigned int *output_len, unsigned int max_output_len, unsigned char *input, unsigned int input_len)
SECStatus RSA_DecryptRaw (NSSLOWKEYPrivateKey *key, unsigned char *output, unsigned int *output_len, unsigned int max_output_len, unsigned char *input, unsigned int input_len)
unsigned char * DES_PadBuffer (PRArenaPool *arena, unsigned char *inbuf, unsigned int inlen, unsigned int *outlen)
CK_RV sftk_fipsPowerUpSelfTest (void)
unsigned long sftk_MapKeySize (CK_KEY_TYPE keyType)
void sftk_LogAuditMessage (NSSAuditSeverity severity, const char *msg)
void sftk_AuditCreateObject (CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phObject, CK_RV rv)
void sftk_AuditCopyObject (CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phNewObject, CK_RV rv)
void sftk_AuditDestroyObject (CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, CK_RV rv)
void sftk_AuditGetObjectSize (CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, CK_ULONG_PTR pulSize, CK_RV rv)
void sftk_AuditGetAttributeValue (CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, CK_RV rv)
void sftk_AuditSetAttributeValue (CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, CK_RV rv)
void sftk_AuditCryptInit (const char *opName, CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey, CK_RV rv)
void sftk_AuditGenerateKey (CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phKey, CK_RV rv)
void sftk_AuditGenerateKeyPair (CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_ATTRIBUTE_PTR pPublicKeyTemplate, CK_ULONG ulPublicKeyAttributeCount, CK_ATTRIBUTE_PTR pPrivateKeyTemplate, CK_ULONG ulPrivateKeyAttributeCount, CK_OBJECT_HANDLE_PTR phPublicKey, CK_OBJECT_HANDLE_PTR phPrivateKey, CK_RV rv)
void sftk_AuditWrapKey (CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hWrappingKey, CK_OBJECT_HANDLE hKey, CK_BYTE_PTR pWrappedKey, CK_ULONG_PTR pulWrappedKeyLen, CK_RV rv)
void sftk_AuditUnwrapKey (CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hUnwrappingKey, CK_BYTE_PTR pWrappedKey, CK_ULONG ulWrappedKeyLen, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount, CK_OBJECT_HANDLE_PTR phKey, CK_RV rv)
void sftk_AuditDeriveKey (CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hBaseKey, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount, CK_OBJECT_HANDLE_PTR phKey, CK_RV rv)
void sftk_AuditDigestKey (CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, CK_RV rv)

Variables

PRBool sftk_audit_enabled
PRBool sftk_fatalError

Function Documentation

unsigned char* DES_PadBuffer ( PRArenaPool arena,
unsigned char *  inbuf,
unsigned int  inlen,
unsigned int outlen 
)

Definition at line 48 of file padbuf.c.

{
    unsigned char *outbuf;
    unsigned int   des_len;
    unsigned int   i;
    unsigned char  des_pad_len;

    /*
     * We need from 1 to DES_KEY_LENGTH bytes -- we *always* grow.
     * The extra bytes contain the value of the length of the padding:
     * if we have 2 bytes of padding, then the padding is "0x02, 0x02".
     */
    des_len = (inlen + DES_KEY_LENGTH) & ~(DES_KEY_LENGTH - 1);

    if (arena != NULL) {
       outbuf = (unsigned char*)PORT_ArenaGrow (arena, inbuf, inlen, des_len);
    } else {
       outbuf = (unsigned char*)PORT_Realloc (inbuf, des_len);
    }

    if (outbuf == NULL) {
       PORT_SetError (SEC_ERROR_NO_MEMORY);
       return NULL;
    }

    des_pad_len = des_len - inlen;
    for (i = inlen; i < des_len; i++)
       outbuf[i] = des_pad_len;

    *outlen = des_len;
    return outbuf;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus RSA_CheckSign ( NSSLOWKEYPublicKey *  key,
unsigned char *  sign,
unsigned int  signLength,
unsigned char *  hash,
unsigned int  hashLength 
)

Definition at line 498 of file rsawrapr.c.

{
    SECStatus       rv;
    unsigned int    modulus_len = nsslowkey_PublicModulusLen(key);
    unsigned int    i;
    unsigned char * buffer;

    modulus_len = nsslowkey_PublicModulusLen(key);
    if (sign_len != modulus_len) 
       goto failure;
    /*
     * 0x00 || BT || Pad || 0x00 || ActualData
     *
     * The "3" below is the first octet + the second octet + the 0x00
     * octet that always comes just before the ActualData.
     */
    if (hash_len > modulus_len - (3 + RSA_BLOCK_MIN_PAD_LEN)) 
       goto failure;
    PORT_Assert(key->keyType == NSSLOWKEYRSAKey);
    if (key->keyType != NSSLOWKEYRSAKey)
       goto failure;

    buffer = (unsigned char *)PORT_Alloc(modulus_len + 1);
    if (!buffer)
       goto failure;

    rv = RSA_PublicKeyOp(&key->u.rsa, buffer, sign);
    if (rv != SECSuccess)
       goto loser;

    /*
     * check the padding that was used
     */
    if (buffer[0] != 0 || buffer[1] != 1) 
       goto loser;
    for (i = 2; i < modulus_len - hash_len - 1; i++) {
       if (buffer[i] != 0xff) 
           goto loser;
    }
    if (buffer[i] != 0) 
       goto loser;

    /*
     * make sure we get the same results
     */
    if (PORT_Memcmp(buffer + modulus_len - hash_len, hash, hash_len) != 0)
       goto loser;

    PORT_Free(buffer);
    return SECSuccess;

loser:
    PORT_Free(buffer);
failure:
    return SECFailure;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus RSA_CheckSignRaw ( NSSLOWKEYPublicKey *  key,
unsigned char *  sign,
unsigned int  sign_len,
unsigned char *  hash,
unsigned int  hash_len 
)

Definition at line 765 of file rsawrapr.c.

{
    SECStatus       rv;
    unsigned int    modulus_len = nsslowkey_PublicModulusLen(key);
    unsigned char * buffer;

    if (sign_len != modulus_len) 
       goto failure;
    if (hash_len > modulus_len) 
       goto failure;
    PORT_Assert(key->keyType == NSSLOWKEYRSAKey);
    if (key->keyType != NSSLOWKEYRSAKey)
       goto failure;

    buffer = (unsigned char *)PORT_Alloc(modulus_len + 1);
    if (!buffer)
       goto failure;

    rv = RSA_PublicKeyOp(&key->u.rsa, buffer, sign);
    if (rv != SECSuccess)
       goto loser;

    /*
     * make sure we get the same results
     */
    /* NOTE: should we verify the leading zeros? */
    if (PORT_Memcmp(buffer + (modulus_len-hash_len), hash, hash_len) != 0)
       goto loser;

    PORT_Free(buffer);
    return SECSuccess;

loser:
    PORT_Free(buffer);
failure:
    return SECFailure;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus RSA_CheckSignRecover ( NSSLOWKEYPublicKey *  key,
unsigned char *  data,
unsigned int data_len,
unsigned int  max_output_len,
unsigned char *  sign,
unsigned int  sign_len 
)

Definition at line 561 of file rsawrapr.c.

{
    SECStatus       rv;
    unsigned int    modulus_len = nsslowkey_PublicModulusLen(key);
    unsigned int    i;
    unsigned char * buffer;

    if (sign_len != modulus_len) 
       goto failure;
    PORT_Assert(key->keyType == NSSLOWKEYRSAKey);
    if (key->keyType != NSSLOWKEYRSAKey)
       goto failure;

    buffer = (unsigned char *)PORT_Alloc(modulus_len + 1);
    if (!buffer)
       goto failure;

    rv = RSA_PublicKeyOp(&key->u.rsa, buffer, sign);
    if (rv != SECSuccess)
       goto loser;
    *data_len = 0;

    /*
     * check the padding that was used
     */
    if (buffer[0] != 0 || buffer[1] != 1) 
       goto loser;
    for (i = 2; i < modulus_len; i++) {
       if (buffer[i] == 0) {
           *data_len = modulus_len - i - 1;
           break;
       }
       if (buffer[i] != 0xff) 
           goto loser;
    }
    if (*data_len == 0) 
       goto loser;
    if (*data_len > max_output_len) 
       goto loser;

    /*
     * make sure we get the same results
     */
    PORT_Memcpy(data,buffer + modulus_len - *data_len, *data_len);

    PORT_Free(buffer);
    return SECSuccess;

loser:
    PORT_Free(buffer);
failure:
    return SECFailure;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus RSA_CheckSignRecoverRaw ( NSSLOWKEYPublicKey *  key,
unsigned char *  data,
unsigned int data_len,
unsigned int  max_output_len,
unsigned char *  sign,
unsigned int  sign_len 
)

Definition at line 809 of file rsawrapr.c.

{
    SECStatus      rv;
    unsigned int   modulus_len = nsslowkey_PublicModulusLen(key);

    if (sign_len != modulus_len) 
       goto failure;
    if (max_output_len < modulus_len) 
       goto failure;
    PORT_Assert(key->keyType == NSSLOWKEYRSAKey);
    if (key->keyType != NSSLOWKEYRSAKey)
       goto failure;

    rv = RSA_PublicKeyOp(&key->u.rsa, data, sign);
    if (rv != SECSuccess)
       goto failure;

    *data_len = modulus_len;
    return SECSuccess;

failure:
    return SECFailure;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus RSA_DecryptBlock ( NSSLOWKEYPrivateKey *  key,
unsigned char *  output,
unsigned int outputLen,
unsigned int  maxOutputLen,
unsigned char *  input,
unsigned int  inputLen 
)

Definition at line 665 of file rsawrapr.c.

{
    SECStatus       rv;
    unsigned int    modulus_len = nsslowkey_PrivateModulusLen(key);
    unsigned int    i;
    unsigned char * buffer;

    PORT_Assert(key->keyType == NSSLOWKEYRSAKey);
    if (key->keyType != NSSLOWKEYRSAKey)
       goto failure;
    if (input_len != modulus_len)
       goto failure;

    buffer = (unsigned char *)PORT_Alloc(modulus_len + 1);
    if (!buffer)
       goto failure;

    rv = RSA_PrivateKeyOp(&key->u.rsa, buffer, input);
    if (rv != SECSuccess) {
       if (PORT_GetError() == SEC_ERROR_LIBRARY_FAILURE) {
           sftk_fatalError = PR_TRUE;
       }
       goto loser;
    }

    if (buffer[0] != 0 || buffer[1] != 2) 
       goto loser;
    *output_len = 0;
    for (i = 2; i < modulus_len; i++) {
       if (buffer[i] == 0) {
           *output_len = modulus_len - i - 1;
           break;
       }
    }
    if (*output_len == 0) 
       goto loser;
    if (*output_len > max_output_len) 
       goto loser;

    PORT_Memcpy(output, buffer + modulus_len - *output_len, *output_len);

    PORT_Free(buffer);
    return SECSuccess;

loser:
    PORT_Free(buffer);
failure:
    return SECFailure;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus RSA_DecryptRaw ( NSSLOWKEYPrivateKey *  key,
unsigned char *  output,
unsigned int output_len,
unsigned int  max_output_len,
unsigned char *  input,
unsigned int  input_len 
)

Definition at line 883 of file rsawrapr.c.

{
    SECStatus     rv;
    unsigned int  modulus_len = nsslowkey_PrivateModulusLen(key);

    if (modulus_len <= 0) 
       goto failure;
    if (modulus_len > max_output_len) 
       goto failure;
    PORT_Assert(key->keyType == NSSLOWKEYRSAKey);
    if (key->keyType != NSSLOWKEYRSAKey)
       goto failure;
    if (input_len != modulus_len) 
       goto failure;

    rv = RSA_PrivateKeyOp(&key->u.rsa, output, input);
    if (rv != SECSuccess) {
       if (PORT_GetError() == SEC_ERROR_LIBRARY_FAILURE) {
           sftk_fatalError = PR_TRUE;
       }
       goto failure;
    }

    *output_len = modulus_len;
    return SECSuccess;

failure:
    return SECFailure;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus RSA_EncryptBlock ( NSSLOWKEYPublicKey *  key,
unsigned char *  output,
unsigned int outputLen,
unsigned int  maxOutputLen,
unsigned char *  input,
unsigned int  inputLen 
)

Definition at line 622 of file rsawrapr.c.

{
    SECStatus     rv;
    unsigned int  modulus_len = nsslowkey_PublicModulusLen(key);
    SECItem       formatted;
    SECItem       unformatted;

    formatted.data = NULL;
    if (max_output_len < modulus_len) 
       goto failure;
    PORT_Assert(key->keyType == NSSLOWKEYRSAKey);
    if (key->keyType != NSSLOWKEYRSAKey)
       goto failure;

    unformatted.len  = input_len;
    unformatted.data = input;
    formatted.data   = NULL;
    rv = rsa_FormatBlock(&formatted, modulus_len, RSA_BlockPublic,
                      &unformatted);
    if (rv != SECSuccess) 
       goto failure;

    rv = RSA_PublicKeyOp(&key->u.rsa, output, formatted.data);
    if (rv != SECSuccess) 
       goto failure;

    PORT_ZFree(formatted.data, modulus_len);
    *output_len = modulus_len;
    return SECSuccess;

failure:
    if (formatted.data != NULL) 
       PORT_ZFree(formatted.data, modulus_len);
    return SECFailure;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus RSA_EncryptRaw ( NSSLOWKEYPublicKey *  key,
unsigned char *  output,
unsigned int output_len,
unsigned int  max_output_len,
unsigned char *  input,
unsigned int  input_len 
)

Definition at line 841 of file rsawrapr.c.

{
    SECStatus rv;
    unsigned int  modulus_len = nsslowkey_PublicModulusLen(key);
    SECItem       formatted;
    SECItem       unformatted;

    formatted.data = NULL;
    if (max_output_len < modulus_len) 
       goto failure;
    PORT_Assert(key->keyType == NSSLOWKEYRSAKey);
    if (key->keyType != NSSLOWKEYRSAKey)
       goto failure;

    unformatted.len  = input_len;
    unformatted.data = input;
    formatted.data   = NULL;
    rv = rsa_FormatBlock(&formatted, modulus_len, RSA_BlockRaw, &unformatted);
    if (rv != SECSuccess)
       goto failure;

    rv = RSA_PublicKeyOp(&key->u.rsa, output, formatted.data);
    if (rv != SECSuccess) 
       goto failure;

    PORT_ZFree(formatted.data, modulus_len);
    *output_len = modulus_len;
    return SECSuccess;

failure:
    if (formatted.data != NULL) 
       PORT_ZFree(formatted.data, modulus_len);
    return SECFailure;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SEC_BEGIN_PROTOS SECStatus RSA_FormatBlock ( SECItem *  result,
unsigned int  modulusLen,
RSA_BlockType  blockType,
SECItem *  data 
)
unsigned char* RSA_FormatOneBlock ( unsigned int  modulusLen,
RSA_BlockType  blockType,
SECItem *  data 
)
SECStatus RSA_HashCheckSign ( SECOidTag  hashOid,
NSSLOWKEYPublicKey *  key,
unsigned char *  sig,
unsigned int  sigLen,
unsigned char *  digest,
unsigned int  digestLen 
)

Definition at line 2129 of file pkcs11c.c.

{

    SECItem it;
    SGNDigestInfo *di = NULL;
    SECStatus rv = SECSuccess;
    
    it.data = NULL;

    if (key == NULL) goto loser;

    it.len = nsslowkey_PublicModulusLen(key); 
    if (!it.len) goto loser;

    it.data = (unsigned char *) PORT_Alloc(it.len);
    if (it.data == NULL) goto loser;

    /* decrypt the block */
    rv = RSA_CheckSignRecover(key, it.data, &it.len, it.len, sig, sigLen);
    if (rv != SECSuccess) goto loser;

    di = SGN_DecodeDigestInfo(&it);
    if (di == NULL) goto loser;
    if (di->digest.len != digestLen)  goto loser; 

    /* make sure the tag is OK */
    if (SECOID_GetAlgorithmTag(&di->digestAlgorithm) != hashOid) {
       goto loser;
    }
    /* make sure the "parameters" are not too bogus. */
    if (di->digestAlgorithm.parameters.len > 2) {
       goto loser;
    }
    /* Now check the signature */
    if (PORT_Memcmp(digest, di->digest.data, di->digest.len) == 0) {
       goto done;
    }

  loser:
    PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
    rv = SECFailure;

  done:
    if (it.data != NULL) PORT_Free(it.data);
    if (di != NULL) SGN_DestroyDigestInfo(di);
    
    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus RSA_HashSign ( SECOidTag  hashOid,
NSSLOWKEYPrivateKey *  key,
unsigned char *  sig,
unsigned int sigLen,
unsigned int  maxLen,
unsigned char *  hash,
unsigned int  hashLen 
)

Definition at line 1602 of file pkcs11c.c.

{
    
    SECStatus rv = SECFailure;
    SECItem digder;
    PLArenaPool *arena = NULL;
    SGNDigestInfo *di = NULL;

    digder.data = NULL;

    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if ( !arena ) { goto loser; }
    
    /* Construct digest info */
    di = SGN_CreateDigestInfo(hashOid, hash, hashLen);
    if (!di) { goto loser; }

    /* Der encode the digest as a DigestInfo */
    rv = DER_Encode(arena, &digder, SGNDigestInfoTemplate, di);
    if (rv != SECSuccess) {
       goto loser;
    }

    /*
    ** Encrypt signature after constructing appropriate PKCS#1 signature
    ** block
    */
    rv = RSA_Sign(key,sig,sigLen,maxLen,digder.data,digder.len);

  loser:
    SGN_DestroyDigestInfo(di);
    if (arena != NULL) {
       PORT_FreeArena(arena, PR_FALSE);
    }
    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus RSA_Sign ( NSSLOWKEYPrivateKey *  key,
unsigned char *  output,
unsigned int outputLen,
unsigned int  maxOutputLen,
unsigned char *  input,
unsigned int  inputLen 
)

Definition at line 456 of file rsawrapr.c.

{
    SECStatus     rv          = SECSuccess;
    unsigned int  modulus_len = nsslowkey_PrivateModulusLen(key);
    SECItem       formatted;
    SECItem       unformatted;

    if (maxOutputLen < modulus_len) 
       return SECFailure;
    PORT_Assert(key->keyType == NSSLOWKEYRSAKey);
    if (key->keyType != NSSLOWKEYRSAKey)
       return SECFailure;

    unformatted.len  = input_len;
    unformatted.data = input;
    formatted.data   = NULL;
    rv = rsa_FormatBlock(&formatted, modulus_len, RSA_BlockPrivate,
                      &unformatted);
    if (rv != SECSuccess) 
       goto done;

    rv = RSA_PrivateKeyOpDoubleChecked(&key->u.rsa, output, formatted.data);
    if (rv != SECSuccess && PORT_GetError() == SEC_ERROR_LIBRARY_FAILURE) {
       sftk_fatalError = PR_TRUE;
    }
    *output_len = modulus_len;

    goto done;

done:
    if (formatted.data != NULL) 
       PORT_ZFree(formatted.data, modulus_len);
    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus RSA_SignRaw ( NSSLOWKEYPrivateKey *  key,
unsigned char *  output,
unsigned int output_len,
unsigned int  maxOutputLen,
unsigned char *  input,
unsigned int  input_len 
)

Definition at line 726 of file rsawrapr.c.

{
    SECStatus    rv          = SECSuccess;
    unsigned int modulus_len = nsslowkey_PrivateModulusLen(key);
    SECItem      formatted;
    SECItem      unformatted;

    if (maxOutputLen < modulus_len) 
       return SECFailure;
    PORT_Assert(key->keyType == NSSLOWKEYRSAKey);
    if (key->keyType != NSSLOWKEYRSAKey)
       return SECFailure;

    unformatted.len  = input_len;
    unformatted.data = input;
    formatted.data   = NULL;
    rv = rsa_FormatBlock(&formatted, modulus_len, RSA_BlockRaw, &unformatted);
    if (rv != SECSuccess) 
       goto done;

    rv = RSA_PrivateKeyOpDoubleChecked(&key->u.rsa, output, formatted.data);
    if (rv != SECSuccess && PORT_GetError() == SEC_ERROR_LIBRARY_FAILURE) {
       sftk_fatalError = PR_TRUE;
    }
    *output_len = modulus_len;

done:
    if (formatted.data != NULL) 
       PORT_ZFree(formatted.data, modulus_len);
    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

void sftk_AuditCopyObject ( CK_SESSION_HANDLE  hSession,
CK_OBJECT_HANDLE  hObject,
CK_ATTRIBUTE_PTR  pTemplate,
CK_ULONG  ulCount,
CK_OBJECT_HANDLE_PTR  phNewObject,
CK_RV  rv 
)

Definition at line 111 of file fipsaudt.c.

{
    char msg[256];
    char shNewObject[32];
    NSSAuditSeverity severity = (rv == CKR_OK) ?
       NSS_AUDIT_INFO : NSS_AUDIT_ERROR;

    sftk_PrintReturnedObjectHandle(shNewObject, sizeof shNewObject,
       "phNewObject", phNewObject, rv);
    PR_snprintf(msg, sizeof msg,
       "C_CopyObject(hSession=0x%08lX, hObject=0x%08lX, "
       "pTemplate=%p, ulCount=%lu, phNewObject=%p)=0x%08lX%s",
       (PRUint32)hSession, (PRUint32)hObject,
       pTemplate, (PRUint32)ulCount, phNewObject, (PRUint32)rv, shNewObject);
    sftk_LogAuditMessage(severity, msg);
}

Here is the call graph for this function:

Here is the caller graph for this function:

void sftk_AuditCreateObject ( CK_SESSION_HANDLE  hSession,
CK_ATTRIBUTE_PTR  pTemplate,
CK_ULONG  ulCount,
CK_OBJECT_HANDLE_PTR  phObject,
CK_RV  rv 
)

Definition at line 92 of file fipsaudt.c.

{
    char msg[256];
    char shObject[32];
    NSSAuditSeverity severity = (rv == CKR_OK) ?
       NSS_AUDIT_INFO : NSS_AUDIT_ERROR;

    sftk_PrintReturnedObjectHandle(shObject, sizeof shObject,
       "phObject", phObject, rv);
    PR_snprintf(msg, sizeof msg,
       "C_CreateObject(hSession=0x%08lX, pTemplate=%p, ulCount=%lu, "
       "phObject=%p)=0x%08lX%s",
       (PRUint32)hSession, pTemplate, (PRUint32)ulCount,
       phObject, (PRUint32)rv, shObject);
    sftk_LogAuditMessage(severity, msg);
}

Here is the call graph for this function:

Here is the caller graph for this function:

void sftk_AuditCryptInit ( const char *  opName,
CK_SESSION_HANDLE  hSession,
CK_MECHANISM_PTR  pMechanism,
CK_OBJECT_HANDLE  hKey,
CK_RV  rv 
)

Definition at line 191 of file fipsaudt.c.

{
    char msg[256];
    char mech[MECHANISM_BUFSIZE];
    NSSAuditSeverity severity = (rv == CKR_OK) ?
       NSS_AUDIT_INFO : NSS_AUDIT_ERROR;

    sftk_PrintMechanism(mech, sizeof mech, pMechanism);
    PR_snprintf(msg, sizeof msg,
       "C_%sInit(hSession=0x%08lX, pMechanism=%s, "
       "hKey=0x%08lX)=0x%08lX",
       opName, (PRUint32)hSession, mech,
       (PRUint32)hKey, (PRUint32)rv);
    sftk_LogAuditMessage(severity, msg);
}

Here is the call graph for this function:

Here is the caller graph for this function:

void sftk_AuditDeriveKey ( CK_SESSION_HANDLE  hSession,
CK_MECHANISM_PTR  pMechanism,
CK_OBJECT_HANDLE  hBaseKey,
CK_ATTRIBUTE_PTR  pTemplate,
CK_ULONG  ulAttributeCount,
CK_OBJECT_HANDLE_PTR  phKey,
CK_RV  rv 
)

Definition at line 301 of file fipsaudt.c.

{
    char msg[512];
    char mech[MECHANISM_BUFSIZE];
    char shKey[32];
    char sTlsKeys[128];
    NSSAuditSeverity severity = (rv == CKR_OK) ?
       NSS_AUDIT_INFO : NSS_AUDIT_ERROR;

    sftk_PrintMechanism(mech, sizeof mech, pMechanism);
    sftk_PrintReturnedObjectHandle(shKey, sizeof shKey, "phKey", phKey, rv);
    if ((rv == CKR_OK) &&
       (pMechanism->mechanism == CKM_TLS_KEY_AND_MAC_DERIVE)) {
       CK_SSL3_KEY_MAT_PARAMS *param =
           (CK_SSL3_KEY_MAT_PARAMS *)pMechanism->pParameter;
       CK_SSL3_KEY_MAT_OUT *keymat = param->pReturnedKeyMaterial;
       PR_snprintf(sTlsKeys, sizeof sTlsKeys,
           " hClientMacSecret=0x%08lX hServerMacSecret=0x%08lX"
           " hClientKey=0x%08lX hServerKey=0x%08lX",
           (PRUint32)keymat->hClientMacSecret,
           (PRUint32)keymat->hServerMacSecret,
           (PRUint32)keymat->hClientKey,
           (PRUint32)keymat->hServerKey);
    } else {
       sTlsKeys[0] = '\0';
    }
    PR_snprintf(msg, sizeof msg,
       "C_DeriveKey(hSession=0x%08lX, pMechanism=%s, "
       "hBaseKey=0x%08lX, pTemplate=%p, ulAttributeCount=%lu, "
       "phKey=%p)=0x%08lX%s%s",
       (PRUint32)hSession, mech,
       (PRUint32)hBaseKey, pTemplate,(PRUint32)ulAttributeCount,
       phKey, (PRUint32)rv, shKey, sTlsKeys);
    sftk_LogAuditMessage(severity, msg);
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 131 of file fipsaudt.c.

{
    char msg[256];
    NSSAuditSeverity severity = (rv == CKR_OK) ?
       NSS_AUDIT_INFO : NSS_AUDIT_ERROR;

    PR_snprintf(msg, sizeof msg,
       "C_DestroyObject(hSession=0x%08lX, hObject=0x%08lX)=0x%08lX",
       (PRUint32)hSession, (PRUint32)hObject, (PRUint32)rv);
    sftk_LogAuditMessage(severity, msg);
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 340 of file fipsaudt.c.

{
    char msg[256];
    NSSAuditSeverity severity = (rv == CKR_OK) ?
       NSS_AUDIT_INFO : NSS_AUDIT_ERROR;

    PR_snprintf(msg, sizeof msg,
       "C_DigestKey(hSession=0x%08lX, hKey=0x%08lX)=0x%08lX",
       (PRUint32)hSession, (PRUint32)hKey, (PRUint32)rv);
    sftk_LogAuditMessage(severity, msg);
}

Here is the call graph for this function:

Here is the caller graph for this function:

void sftk_AuditGenerateKey ( CK_SESSION_HANDLE  hSession,
CK_MECHANISM_PTR  pMechanism,
CK_ATTRIBUTE_PTR  pTemplate,
CK_ULONG  ulCount,
CK_OBJECT_HANDLE_PTR  phKey,
CK_RV  rv 
)

Definition at line 208 of file fipsaudt.c.

{
    char msg[256];
    char mech[MECHANISM_BUFSIZE];
    char shKey[32];
    NSSAuditSeverity severity = (rv == CKR_OK) ?
       NSS_AUDIT_INFO : NSS_AUDIT_ERROR;

    sftk_PrintMechanism(mech, sizeof mech, pMechanism);
    sftk_PrintReturnedObjectHandle(shKey, sizeof shKey, "phKey", phKey, rv);
    PR_snprintf(msg, sizeof msg,
       "C_GenerateKey(hSession=0x%08lX, pMechanism=%s, "
       "pTemplate=%p, ulCount=%lu, phKey=%p)=0x%08lX%s",
       (PRUint32)hSession, mech,
       pTemplate, (PRUint32)ulCount, phKey, (PRUint32)rv, shKey);
    sftk_LogAuditMessage(severity, msg);
}

Here is the call graph for this function:

Here is the caller graph for this function:

void sftk_AuditGenerateKeyPair ( CK_SESSION_HANDLE  hSession,
CK_MECHANISM_PTR  pMechanism,
CK_ATTRIBUTE_PTR  pPublicKeyTemplate,
CK_ULONG  ulPublicKeyAttributeCount,
CK_ATTRIBUTE_PTR  pPrivateKeyTemplate,
CK_ULONG  ulPrivateKeyAttributeCount,
CK_OBJECT_HANDLE_PTR  phPublicKey,
CK_OBJECT_HANDLE_PTR  phPrivateKey,
CK_RV  rv 
)

Definition at line 228 of file fipsaudt.c.

{
    char msg[512];
    char mech[MECHANISM_BUFSIZE];
    char shPublicKey[32];
    char shPrivateKey[32];
    NSSAuditSeverity severity = (rv == CKR_OK) ?
       NSS_AUDIT_INFO : NSS_AUDIT_ERROR;

    sftk_PrintMechanism(mech, sizeof mech, pMechanism);
    sftk_PrintReturnedObjectHandle(shPublicKey, sizeof shPublicKey,
       "phPublicKey", phPublicKey, rv);
    sftk_PrintReturnedObjectHandle(shPrivateKey, sizeof shPrivateKey,
       "phPrivateKey", phPrivateKey, rv);
    PR_snprintf(msg, sizeof msg,
       "C_GenerateKeyPair(hSession=0x%08lX, pMechanism=%s, "
       "pPublicKeyTemplate=%p, ulPublicKeyAttributeCount=%lu, "
       "pPrivateKeyTemplate=%p, ulPrivateKeyAttributeCount=%lu, "
       "phPublicKey=%p, phPrivateKey=%p)=0x%08lX%s%s",
       (PRUint32)hSession, mech,
       pPublicKeyTemplate, (PRUint32)ulPublicKeyAttributeCount,
       pPrivateKeyTemplate, (PRUint32)ulPrivateKeyAttributeCount,
       phPublicKey, phPrivateKey, (PRUint32)rv, shPublicKey, shPrivateKey);
    sftk_LogAuditMessage(severity, msg);
}

Here is the call graph for this function:

Here is the caller graph for this function:

void sftk_AuditGetAttributeValue ( CK_SESSION_HANDLE  hSession,
CK_OBJECT_HANDLE  hObject,
CK_ATTRIBUTE_PTR  pTemplate,
CK_ULONG  ulCount,
CK_RV  rv 
)

Definition at line 159 of file fipsaudt.c.

{
    char msg[256];
    NSSAuditSeverity severity = (rv == CKR_OK) ?
       NSS_AUDIT_INFO : NSS_AUDIT_ERROR;

    PR_snprintf(msg, sizeof msg,
       "C_GetAttributeValue(hSession=0x%08lX, hObject=0x%08lX, "
       "pTemplate=%p, ulCount=%lu)=0x%08lX",
       (PRUint32)hSession, (PRUint32)hObject,
       pTemplate, (PRUint32)ulCount, (PRUint32)rv);
    sftk_LogAuditMessage(severity, msg);
}

Here is the call graph for this function:

Here is the caller graph for this function:

void sftk_AuditGetObjectSize ( CK_SESSION_HANDLE  hSession,
CK_OBJECT_HANDLE  hObject,
CK_ULONG_PTR  pulSize,
CK_RV  rv 
)

Definition at line 144 of file fipsaudt.c.

{
    char msg[256];
    NSSAuditSeverity severity = (rv == CKR_OK) ?
       NSS_AUDIT_INFO : NSS_AUDIT_ERROR;

    PR_snprintf(msg, sizeof msg,
       "C_GetObjectSize(hSession=0x%08lX, hObject=0x%08lX, "
       "pulSize=%p)=0x%08lX",
       (PRUint32)hSession, (PRUint32)hObject,
       pulSize, (PRUint32)rv);
    sftk_LogAuditMessage(severity, msg);
}

Here is the call graph for this function:

Here is the caller graph for this function:

void sftk_AuditSetAttributeValue ( CK_SESSION_HANDLE  hSession,
CK_OBJECT_HANDLE  hObject,
CK_ATTRIBUTE_PTR  pTemplate,
CK_ULONG  ulCount,
CK_RV  rv 
)

Definition at line 175 of file fipsaudt.c.

{
    char msg[256];
    NSSAuditSeverity severity = (rv == CKR_OK) ?
       NSS_AUDIT_INFO : NSS_AUDIT_ERROR;

    PR_snprintf(msg, sizeof msg,
       "C_SetAttributeValue(hSession=0x%08lX, hObject=0x%08lX, "
       "pTemplate=%p, ulCount=%lu)=0x%08lX",
       (PRUint32)hSession, (PRUint32)hObject,
       pTemplate, (PRUint32)ulCount, (PRUint32)rv);
    sftk_LogAuditMessage(severity, msg);
}

Here is the call graph for this function:

Here is the caller graph for this function:

void sftk_AuditUnwrapKey ( CK_SESSION_HANDLE  hSession,
CK_MECHANISM_PTR  pMechanism,
CK_OBJECT_HANDLE  hUnwrappingKey,
CK_BYTE_PTR  pWrappedKey,
CK_ULONG  ulWrappedKeyLen,
CK_ATTRIBUTE_PTR  pTemplate,
CK_ULONG  ulAttributeCount,
CK_OBJECT_HANDLE_PTR  phKey,
CK_RV  rv 
)

Definition at line 277 of file fipsaudt.c.

{
    char msg[256];
    char mech[MECHANISM_BUFSIZE];
    char shKey[32];
    NSSAuditSeverity severity = (rv == CKR_OK) ?
       NSS_AUDIT_INFO : NSS_AUDIT_ERROR;

    sftk_PrintMechanism(mech, sizeof mech, pMechanism);
    sftk_PrintReturnedObjectHandle(shKey, sizeof shKey, "phKey", phKey, rv);
    PR_snprintf(msg, sizeof msg,
       "C_UnwrapKey(hSession=0x%08lX, pMechanism=%s, "
       "hUnwrappingKey=0x%08lX, pWrappedKey=%p, ulWrappedKeyLen=%lu, "
       "pTemplate=%p, ulAttributeCount=%lu, phKey=%p)=0x%08lX%s",
       (PRUint32)hSession, mech,
       (PRUint32)hUnwrappingKey, pWrappedKey, (PRUint32)ulWrappedKeyLen,
       pTemplate, (PRUint32)ulAttributeCount, phKey, (PRUint32)rv, shKey);
    sftk_LogAuditMessage(severity, msg);
}

Here is the call graph for this function:

Here is the caller graph for this function:

void sftk_AuditWrapKey ( CK_SESSION_HANDLE  hSession,
CK_MECHANISM_PTR  pMechanism,
CK_OBJECT_HANDLE  hWrappingKey,
CK_OBJECT_HANDLE  hKey,
CK_BYTE_PTR  pWrappedKey,
CK_ULONG_PTR  pulWrappedKeyLen,
CK_RV  rv 
)

Definition at line 258 of file fipsaudt.c.

{
    char msg[256];
    char mech[MECHANISM_BUFSIZE];
    NSSAuditSeverity severity = (rv == CKR_OK) ?
       NSS_AUDIT_INFO : NSS_AUDIT_ERROR;

    sftk_PrintMechanism(mech, sizeof mech, pMechanism);
    PR_snprintf(msg, sizeof msg,
       "C_WrapKey(hSession=0x%08lX, pMechanism=%s, hWrappingKey=0x%08lX, "
       "hKey=0x%08lX, pWrappedKey=%p, pulWrappedKeyLen=%p)=0x%08lX",
       (PRUint32)hSession, mech, (PRUint32)hWrappingKey,
       (PRUint32)hKey, pWrappedKey, pulWrappedKeyLen, (PRUint32)rv);
    sftk_LogAuditMessage(severity, msg);
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 1893 of file fipstest.c.

{
    CK_RV rv;

    /* RC2 Power-Up SelfTest(s). */
    rv = sftk_fips_RC2_PowerUpSelfTest();

    if( rv != CKR_OK )
        return rv;

    /* RC4 Power-Up SelfTest(s). */
    rv = sftk_fips_RC4_PowerUpSelfTest();

    if( rv != CKR_OK )
        return rv;

    /* DES Power-Up SelfTest(s). */
    rv = sftk_fips_DES_PowerUpSelfTest();

    if( rv != CKR_OK )
        return rv;

    /* DES3 Power-Up SelfTest(s). */
    rv = sftk_fips_DES3_PowerUpSelfTest();

    if( rv != CKR_OK )
        return rv;
 
    /* AES Power-Up SelfTest(s) for 128-bit key. */
    rv = sftk_fips_AES_PowerUpSelfTest(FIPS_AES_128_KEY_SIZE);

    if( rv != CKR_OK )
        return rv;

    /* AES Power-Up SelfTest(s) for 192-bit key. */
    rv = sftk_fips_AES_PowerUpSelfTest(FIPS_AES_192_KEY_SIZE);

    if( rv != CKR_OK )
        return rv;

    /* AES Power-Up SelfTest(s) for 256-bit key. */
    rv = sftk_fips_AES_PowerUpSelfTest(FIPS_AES_256_KEY_SIZE);

    if( rv != CKR_OK )
        return rv;

    /* MD2 Power-Up SelfTest(s). */
    rv = sftk_fips_MD2_PowerUpSelfTest();

    if( rv != CKR_OK )
        return rv;

    /* MD5 Power-Up SelfTest(s). */
    rv = sftk_fips_MD5_PowerUpSelfTest();

    if( rv != CKR_OK )
        return rv;

    /* SHA-X Power-Up SelfTest(s). */
    rv = sftk_fips_SHA_PowerUpSelfTest();

    if( rv != CKR_OK )
        return rv;

    /* HMAC SHA-X Power-Up SelfTest(s). */
    rv = sftk_fips_HMAC_PowerUpSelfTest();
 
    if( rv != CKR_OK )
        return rv;

    /* RSA Power-Up SelfTest(s). */
    rv = sftk_fips_RSA_PowerUpSelfTest();

    if( rv != CKR_OK )
        return rv;

    /* DSA Power-Up SelfTest(s). */
    rv = sftk_fips_DSA_PowerUpSelfTest();

    if( rv != CKR_OK )
        return rv;

    /* RNG Power-Up SelfTest(s). */
    rv = sftk_fips_RNG_PowerUpSelfTest();

    if( rv != CKR_OK )
        return rv;
    
#ifdef NSS_ENABLE_ECC
    /* ECDSA Power-Up SelfTest(s). */
    rv = sftk_fips_ECDSA_PowerUpSelfTest();

    if( rv != CKR_OK )
        return rv;
#endif

    /* Software/Firmware Integrity Test. */
    rv = sftk_fipsSoftwareIntegrityTest();

    if( rv != CKR_OK )
        return rv;

    /* Passed Power-Up SelfTest(s). */
    return( CKR_OK );
}

Here is the call graph for this function:

Here is the caller graph for this function:

void sftk_LogAuditMessage ( NSSAuditSeverity  severity,
const char *  msg 
)

Definition at line 348 of file fipstokn.c.

{
#ifdef NSS_AUDIT_WITH_SYSLOG
    int level;

    switch (severity) {
    case NSS_AUDIT_ERROR:
       level = LOG_ERR;
       break;
    case NSS_AUDIT_WARNING:
       level = LOG_WARNING;
       break;
    default:
       level = LOG_INFO;
       break;
    }
    /* timestamp is provided by syslog in the message header */
    syslog(level | LOG_USER /* facility */,
          "NSS " SOFTOKEN_LIB_NAME "[pid=%d uid=%d]: %s",
          (int)getpid(), (int)getuid(), msg);
#ifdef LINUX
    if (pthread_once(&libaudit_once_control, libaudit_init) != 0) {
       return;
    }
    if (libaudit_handle) {
       int audit_fd;
       int result = (severity != NSS_AUDIT_ERROR); /* 1=success; 0=failed */
       char *message = PR_smprintf("NSS " SOFTOKEN_LIB_NAME ": %s", msg);
       if (!message) {
           return;
       }
       audit_fd = audit_open_func();
       if (audit_fd < 0) {
           PR_smprintf_free(message);
           return;
       }
       if (audit_log_user_message_func) {
           audit_log_user_message_func(audit_fd, AUDIT_USER, message,
                                   NULL, NULL, NULL, result);
       } else {
           audit_send_user_message_func(audit_fd, AUDIT_USER, message);
       }
       audit_close_func(audit_fd);
       PR_smprintf_free(message);
    }
#endif /* LINUX */
#ifdef SOLARIS
    {
        int rd;
        char *message = PR_smprintf("NSS " SOFTOKEN_LIB_NAME ": %s", msg);

        if (!message) {
            return;
        }

        /* open the record descriptor */
        if ((rd = au_open()) == -1) {
            PR_smprintf_free(message);
            return;
        }

        /* write the audit tokens to the audit record */
        if (au_write(rd, au_to_text(message))) {
            (void)au_close(rd, AU_TO_NO_WRITE, AUE_FIPS_AUDIT);
            PR_smprintf_free(message);
            return;
        }

        /* close the record and send it to the audit trail */
        (void)au_close(rd, AU_TO_WRITE, AUE_FIPS_AUDIT);

        PR_smprintf_free(message);
    }
#endif /* SOLARIS */
#else
    /* do nothing */
#endif
}

Here is the call graph for this function:

Here is the caller graph for this function:

unsigned long sftk_MapKeySize ( CK_KEY_TYPE  keyType)

Definition at line 4626 of file pkcs11c.c.

{
    switch (keyType) {
    case CKK_CDMF:
       return 8;
    case CKK_DES:
       return 8;
    case CKK_DES2:
       return 16;
    case CKK_DES3:
       return 24;
    /* IDEA and CAST need to be added */
    default:
       break;
    }
    return 0;
}

Here is the caller graph for this function:


Variable Documentation

Definition at line 331 of file fipstokn.c.

Definition at line 128 of file fipstokn.c.