Back to index

lightning-sunbird  0.9+nobinonly
Classes | Typedefs | Enumerations | Functions
lowpbe.h File Reference
#include "plarena.h"
#include "secitem.h"
#include "seccomon.h"
#include "secoidt.h"
#include "hasht.h"
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Classes

struct  NSSPKCS5PBEParameterStr

Typedefs

typedef SECItem *(* SEC_PKCS5GetPBEPassword )(void *arg)
typedef struct NSSPKCS5PBEParameterStr

Enumerations

enum  PBEBitGenID {
  pbeBitGenIDNull = 0, pbeBitGenCipherKey = 0x01, pbeBitGenCipherIV = 0x02, pbeBitGenIntegrityKey = 0x03,
  pbeBitGenIDNull = 0, pbeBitGenCipherKey = 0x01, pbeBitGenCipherIV = 0x02, pbeBitGenIntegrityKey = 0x03,
  pbeBitGenIDNull = 0, pbeBitGenCipherKey = 0x01, pbeBitGenCipherIV = 0x02, pbeBitGenIntegrityKey = 0x03,
  pbeBitGenIDNull = 0, pbeBitGenCipherKey = 0x01, pbeBitGenCipherIV = 0x02, pbeBitGenIntegrityKey = 0x03
}
enum  NSSPKCS5PBEType {
  NSSPKCS5_PBKDF1 = 0, NSSPKCS5_PBKDF2 = 1, NSSPKCS5_PKCS12_V2 = 2, NSSPKCS5_PBKDF1 = 0,
  NSSPKCS5_PBKDF2 = 1, NSSPKCS5_PKCS12_V2 = 2
}

Functions

SEC_BEGIN_PROTOS SECAlgorithmID * nsspkcs5_CreateAlgorithmID (PRArenaPool *arena, SECOidTag algorithm, NSSPKCS5PBEParameter *pbe)
NSSPKCS5PBEParameter * nsspkcs5_AlgidToParam (SECAlgorithmID *algid)
NSSPKCS5PBEParameter * nsspkcs5_NewParam (SECOidTag alg, SECItem *salt, int iterator)
SECItem * nsspkcs5_CipherData (NSSPKCS5PBEParameter *, SECItem *pwitem, SECItem *src, PRBool encrypt, PRBool *update)
SECItem * nsspkcs5_ComputeKeyAndIV (NSSPKCS5PBEParameter *, SECItem *pwitem, SECItem *iv, PRBool faulty3DES)
void nsspkcs5_DestroyPBEParameter (NSSPKCS5PBEParameter *param)

Class Documentation

struct NSSPKCS5PBEParameterStr

Definition at line 64 of file lowpbe.h.

Collaboration diagram for NSSPKCS5PBEParameterStr:
Class Members
SECOidTag encAlg
HASH_HashType hashType
PRBool is2KeyDES
int iter
SECItem iteration
int ivLen
PBEBitGenID keyID
int keyLen
NSSPKCS5PBEType pbeType
PRArenaPool * poolp
SECItem salt

Typedef Documentation

typedef struct NSSPKCS5PBEParameterStr

Definition at line 62 of file lowpbe.h.

typedef SECItem*(* SEC_PKCS5GetPBEPassword)(void *arg)

Definition at line 46 of file lowpbe.h.


Enumeration Type Documentation

Enumerator:
NSSPKCS5_PBKDF1 
NSSPKCS5_PBKDF2 
NSSPKCS5_PKCS12_V2 
NSSPKCS5_PBKDF1 
NSSPKCS5_PBKDF2 
NSSPKCS5_PKCS12_V2 

Definition at line 56 of file lowpbe.h.

Enumerator:
pbeBitGenIDNull 
pbeBitGenCipherKey 
pbeBitGenCipherIV 
pbeBitGenIntegrityKey 
pbeBitGenIDNull 
pbeBitGenCipherKey 
pbeBitGenCipherIV 
pbeBitGenIntegrityKey 
pbeBitGenIDNull 
pbeBitGenCipherKey 
pbeBitGenCipherIV 
pbeBitGenIntegrityKey 
pbeBitGenIDNull 
pbeBitGenCipherKey 
pbeBitGenCipherIV 
pbeBitGenIntegrityKey 

Definition at line 49 of file lowpbe.h.


Function Documentation

NSSPKCS5PBEParameter* nsspkcs5_AlgidToParam ( SECAlgorithmID *  algid)

Definition at line 773 of file lowpbe.c.

{
    NSSPKCS5PBEParameter *pbe_param = NULL;
    SECOidTag algorithm;
    SECStatus rv = SECFailure;

    if (algid == NULL) {
       return NULL;
    }

    algorithm = SECOID_GetAlgorithmTag(algid);
    if (algorithm == SEC_OID_UNKNOWN) {
       goto loser;
    }

    pbe_param = nsspkcs5_NewParam(algorithm, NULL, 1);
    if (pbe_param == NULL) {
       goto loser;
    }

    /* decode parameter */
    rv = SECFailure;
    switch (pbe_param->pbeType) {
    case NSSPKCS5_PBKDF1:
       rv = SEC_ASN1DecodeItem(pbe_param->poolp, pbe_param, 
           NSSPKCS5PBEParameterTemplate, &algid->parameters);
       break;
    case NSSPKCS5_PKCS12_V2:
       rv = SEC_ASN1DecodeItem(pbe_param->poolp, pbe_param, 
              NSSPKCS5PKCS12V2PBEParameterTemplate, &algid->parameters);
       break;
    case NSSPKCS5_PBKDF2:
       break;
    }

loser:
    if (rv == SECSuccess) {
       pbe_param->iter = DER_GetInteger(&pbe_param->iteration);
    } else {
       nsspkcs5_DestroyPBEParameter(pbe_param);
       pbe_param = NULL;
    }

    return pbe_param;
}
SECItem* nsspkcs5_CipherData ( NSSPKCS5PBEParameter *  ,
SECItem *  pwitem,
SECItem *  src,
PRBool  encrypt,
PRBool update 
)

Definition at line 1040 of file lowpbe.c.

{
    SECItem *key = NULL, iv;
    SECItem *dest = NULL;
    PRBool tripleDES = PR_TRUE;
    pkcs5_crypto_func cryptof;

    iv.data = NULL;

    if (update) { 
        *update = PR_FALSE;
    }

    if ((pwitem == NULL) || (src == NULL)) {
       return NULL;
    }

    /* get key, and iv */
    key = nsspkcs5_ComputeKeyAndIV(pbe_param, pwitem, &iv, PR_FALSE);
    if(key == NULL) {
       return NULL;
    }

    switch(pbe_param->encAlg) {
    case SEC_OID_DES_EDE3_CBC:
       cryptof = sec_pkcs5_des;
       tripleDES = PR_TRUE;
       break;
    case SEC_OID_DES_CBC:
       cryptof = sec_pkcs5_des;
       tripleDES = PR_FALSE;
       break;
    case SEC_OID_RC2_CBC:
       cryptof = sec_pkcs5_rc2;
       break;
    case SEC_OID_RC4:
       cryptof = sec_pkcs5_rc4;
       break;
    default:
       cryptof = NULL;
       break;
    }

    if (cryptof == NULL) {
       goto loser;
    }

    dest = (*cryptof)(key, &iv, src, tripleDES, encrypt);
    /* 
     * it's possible for some keys and keydb's to claim to
     * be triple des when they're really des. In this case
     * we simply try des. If des works we set the update flag
     * so the key db knows it needs to update all it's entries.
     *  The case can only happen on decrypted of a 
     *  SEC_OID_DES_EDE3_CBD.
     */
    if ((dest == NULL) && (encrypt == PR_FALSE) && 
                            (pbe_param->encAlg == SEC_OID_DES_EDE3_CBC)) {
       dest = (*cryptof)(key, &iv, src, PR_FALSE, encrypt);
       if (update && (dest != NULL)) *update = PR_TRUE;
    }

loser:
    if (key != NULL) {
       SECITEM_ZfreeItem(key, PR_TRUE);
    }
    if (iv.data != NULL) {
       SECITEM_ZfreeItem(&iv, PR_FALSE);
    }

    return dest;
}
SECItem* nsspkcs5_ComputeKeyAndIV ( NSSPKCS5PBEParameter *  ,
SECItem *  pwitem,
SECItem *  iv,
PRBool  faulty3DES 
)

Definition at line 567 of file lowpbe.c.

{
    SECItem *hash = NULL, *key = NULL;
    const SECHashObject *hashObj;
    PRBool getIV = PR_FALSE;

    if((pbe_param == NULL) || (pwitem == NULL)) {
       return NULL;
    }

    key = SECITEM_AllocItem(NULL,NULL,pbe_param->keyLen);
    if (key == NULL) {
       return NULL;
    }

    if ((pbe_param->ivLen) && (iv->data == NULL)) {
       getIV = PR_TRUE;
       iv->data = (unsigned char *)PORT_Alloc(pbe_param->ivLen);
       if (iv->data == NULL) {
           goto loser;
       }
       iv->len = pbe_param->ivLen;
    }

    hashObj = HASH_GetRawHashObject(pbe_param->hashType);
    switch (pbe_param->pbeType) {
    case NSSPKCS5_PBKDF1:
       hash = nsspkcs5_PBKDF1Extended(hashObj,pbe_param,pwitem,faulty3DES);
       if (hash == NULL) {
           goto loser;
       }
       PORT_Assert(hash->len >= key->len+iv->len);
       if (getIV) {
           PORT_Memcpy(iv->data, hash->data+(hash->len - iv->len),iv->len);
       }
       break;
#ifdef PBKDF2
    case NSSPKCS5_PBKDF2:
       hash = nsspkcs5_PBKDF2(hashObj,pbe_param,pwitem);
       PORT_Assert(!getIV);
       break;
#endif
    case NSSPKCS5_PKCS12_V2:
       if (getIV) {
           hash = nsspkcs5_PKCS12PBE(hashObj,pbe_param,pwitem,
                                          pbeBitGenCipherIV,iv->len);
           if (hash == NULL) {
              goto loser;
           }
           PORT_Memcpy(iv->data,hash->data,iv->len);
           SECITEM_ZfreeItem(hash,PR_TRUE);
           hash = NULL;
       }
       hash = nsspkcs5_PKCS12PBE(hashObj,pbe_param,pwitem,
                                          pbe_param->keyID,key->len);
    default:
       break;
    }

    if (hash == NULL) {
       goto loser;
    }

    if (pbe_param->is2KeyDES) {
       PORT_Memcpy(key->data, hash->data, (key->len * 2) / 3);
       PORT_Memcpy(&(key->data[(key->len  * 2) / 3]), key->data,
                  key->len / 3);
    } else {
       PORT_Memcpy(key->data, hash->data, key->len);
    }

    SECITEM_ZfreeItem(hash, PR_TRUE);
    return key;

loser:
    if (getIV && iv->data) {
       PORT_ZFree(iv->data,iv->len);
       iv->data = NULL;
    }

    SECITEM_ZfreeItem(key, PR_TRUE);
    return NULL;
}
SEC_BEGIN_PROTOS SECAlgorithmID* nsspkcs5_CreateAlgorithmID ( PRArenaPool arena,
SECOidTag  algorithm,
NSSPKCS5PBEParameter *  pbe 
)

Definition at line 1123 of file lowpbe.c.

{
    SECAlgorithmID *algid, *ret_algid = NULL;
    SECItem der_param;
    SECStatus rv = SECFailure;
    void *dummy = NULL;

    if (arena == NULL) {
       return NULL;
    }

    der_param.data = NULL;
    der_param.len = 0;

    /* generate the algorithm id */
    algid = (SECAlgorithmID *)PORT_ArenaZAlloc(arena, sizeof(SECAlgorithmID));
    if (algid == NULL) {
       goto loser;
    }

    if (pbe_param->iteration.data == NULL) {
       dummy = SEC_ASN1EncodeInteger(pbe_param->poolp,&pbe_param->iteration,
                                                        pbe_param->iter);
       if (dummy == NULL) {
           goto loser;
       }
    }
    switch (pbe_param->pbeType) {
    case NSSPKCS5_PBKDF1:
       dummy = SEC_ASN1EncodeItem(arena, &der_param, pbe_param,
                                   NSSPKCS5PBEParameterTemplate);
       break;
    case NSSPKCS5_PKCS12_V2:
       dummy = SEC_ASN1EncodeItem(arena, &der_param, pbe_param,
                                   NSSPKCS5PKCS12V2PBEParameterTemplate);
       break;
    default:
       break;
    }

    if (dummy == NULL) {
       goto loser;
    }
       
    rv = SECOID_SetAlgorithmID(arena, algid, algorithm, &der_param);
    if (rv != SECSuccess) {
       goto loser;
    }

    ret_algid = (SECAlgorithmID *)PORT_ZAlloc(sizeof(SECAlgorithmID));
    if (ret_algid == NULL) {
       goto loser;
    }

    rv = SECOID_CopyAlgorithmID(NULL, ret_algid, algid);
    if (rv != SECSuccess) {
       SECOID_DestroyAlgorithmID(ret_algid, PR_TRUE);
       ret_algid = NULL;
    }

loser: 

    return ret_algid;
}
void nsspkcs5_DestroyPBEParameter ( NSSPKCS5PBEParameter *  param)

Definition at line 824 of file lowpbe.c.

{
    if (pbe_param != NULL) {
       PORT_FreeArena(pbe_param->poolp, PR_FALSE);
    }
}
NSSPKCS5PBEParameter* nsspkcs5_NewParam ( SECOidTag  alg,
SECItem *  salt,
int  iterator 
)

Definition at line 728 of file lowpbe.c.

{
    PRArenaPool *arena = NULL;
    NSSPKCS5PBEParameter *pbe_param = NULL;
    SECStatus rv = SECFailure;

    arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
    if (arena == NULL)
       return NULL;

    /* allocate memory for the parameter */
    pbe_param = (NSSPKCS5PBEParameter *)PORT_ArenaZAlloc(arena, 
       sizeof(NSSPKCS5PBEParameter));

    if (pbe_param == NULL) {
       goto loser;
    }

    pbe_param->poolp = arena;

    rv = nsspkcs5_FillInParam(alg, pbe_param);
    if (rv != SECSuccess) {
       goto loser;
    }

    pbe_param->iter = iterator;
    if (salt) {
       rv = SECITEM_CopyItem(arena,&pbe_param->salt,salt);
    }

    /* default key gen */
    pbe_param->keyID = pbeBitGenCipherKey;

loser:
    if (rv != SECSuccess) {
       PORT_FreeArena(arena, PR_TRUE);
       pbe_param = NULL;
    }

    return pbe_param;
}