The Tor Browser: security/nss/lib/pk11wrap/pk11skey.c@6474c204b198 (annotated)

security/nss/lib/pk11wrap/pk11skey.c@6474c204b198 (annotated)

security/nss/lib/pk11wrap/pk11skey.c

Wed, 31 Dec 2014 06:09:35 +0100

author: Michael Schloh von Bennewitz <michael@schloh.com>
date: Wed, 31 Dec 2014 06:09:35 +0100
changeset 0: 6474c204b198
permissions: -rw-r--r--

Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.

 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 /*
  * This file implements the Symkey wrapper and the PKCS context
  * Interfaces.
  */
 #include "seccomon.h"
 #include "secmod.h"
 #include "nssilock.h"
 #include "secmodi.h"
 #include "secmodti.h"
 #include "pkcs11.h"
 #include "pk11func.h"
 #include "secitem.h"
 #include "secoid.h"
 #include "secerr.h"
 #include "hasht.h"
 static void
 pk11_EnterKeyMonitor(PK11SymKey *symKey) {
     if (!symKey->sessionOwner || !(symKey->slot->isThreadSafe))
 	PK11_EnterSlotMonitor(symKey->slot);
 }
 static void
 pk11_ExitKeyMonitor(PK11SymKey *symKey) {
     if (!symKey->sessionOwner || !(symKey->slot->isThreadSafe))
     	PK11_ExitSlotMonitor(symKey->slot);
 }
 /*
  * pk11_getKeyFromList returns a symKey that has a session (if needSession
  * was specified), or explicitly does not have a session (if needSession
  * was not specified).
  */
 static PK11SymKey *
 pk11_getKeyFromList(PK11SlotInfo *slot, PRBool needSession) {
     PK11SymKey *symKey = NULL;
     PZ_Lock(slot->freeListLock);
     /* own session list are symkeys with sessions that the symkey owns.
      * 'most' symkeys will own their own session. */
     if (needSession) {
 	if (slot->freeSymKeysWithSessionHead) {
     	    symKey = slot->freeSymKeysWithSessionHead;
 	    slot->freeSymKeysWithSessionHead = symKey->next;
 	    slot->keyCount--;
 	}
     }
     /* if we don't need a symkey with its own session, or we couldn't find
      * one on the owner list, get one from the non-owner free list. */
     if (!symKey) {
 	if (slot->freeSymKeysHead) {
     	    symKey = slot->freeSymKeysHead;
 	    slot->freeSymKeysHead = symKey->next;
 	    slot->keyCount--;
 	}
     }
     PZ_Unlock(slot->freeListLock);
     if (symKey) {
 	symKey->next = NULL;
 	if (!needSession) {
 	    return symKey;
 	}
 	/* if we are getting an owner key, make sure we have a valid session.
          * session could be invalid if the token has been removed or because
          * we got it from the non-owner free list */
 	if ((symKey->series != slot->series) ||
 			 (symKey->session == CK_INVALID_SESSION)) {
 	    symKey->session = pk11_GetNewSession(slot, &symKey->sessionOwner);
 	}
 	PORT_Assert(symKey->session != CK_INVALID_SESSION);
 	if (symKey->session != CK_INVALID_SESSION)
 	    return symKey;
 	PK11_FreeSymKey(symKey);
 	/* if we are here, we need a session, but couldn't get one, it's
 	 * unlikely we pk11_GetNewSession will succeed if we call it a second
 	 * time. */
 	return NULL;
     }
     symKey = PORT_New(PK11SymKey);
     if (symKey == NULL) {
 	return NULL;
     }
     symKey->next = NULL;
     if (needSession) {
 	symKey->session = pk11_GetNewSession(slot,&symKey->sessionOwner);
 	PORT_Assert(symKey->session != CK_INVALID_SESSION);
         if (symKey->session == CK_INVALID_SESSION) {
 	    PK11_FreeSymKey(symKey);
 	    symKey = NULL;
 	}
     } else {
 	symKey->session = CK_INVALID_SESSION;
     }
     return symKey;
 }
 /* Caller MUST hold slot->freeListLock (or ref count == 0?) !! */
 void
 PK11_CleanKeyList(PK11SlotInfo *slot)
 {
     PK11SymKey *symKey = NULL;
     while (slot->freeSymKeysWithSessionHead) {
     	symKey = slot->freeSymKeysWithSessionHead;
 	slot->freeSymKeysWithSessionHead = symKey->next;
 	pk11_CloseSession(slot, symKey->session, symKey->sessionOwner);
 	PORT_Free(symKey);
     }
     while (slot->freeSymKeysHead) {
     	symKey = slot->freeSymKeysHead;
 	slot->freeSymKeysHead = symKey->next;
 	pk11_CloseSession(slot, symKey->session, symKey->sessionOwner);
 	PORT_Free(symKey);
     }
     return;
 }
 /*
  * create a symetric key:
  *      Slot is the slot to create the key in.
  *      type is the mechanism type
  *      owner is does this symKey structure own it's object handle (rare
  *        that this is false).
  *      needSession means the returned symKey will return with a valid session
  *        allocated already.
  */
 static PK11SymKey *
 pk11_CreateSymKey(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
 		  PRBool owner, PRBool needSession, void *wincx)
 {
     PK11SymKey *symKey = pk11_getKeyFromList(slot, needSession);
     if (symKey == NULL) {
 	return NULL;
     }
     /* if needSession was specified, make sure we have a valid session.
      * callers which specify needSession as false should do their own
      * check of the session before returning the symKey */
     if (needSession && symKey->session == CK_INVALID_SESSION) {
     	PK11_FreeSymKey(symKey);
 	PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
 	return NULL;
     }
     symKey->type = type;
     symKey->data.type = siBuffer;
     symKey->data.data = NULL;
     symKey->data.len = 0;
     symKey->owner = owner;
     symKey->objectID = CK_INVALID_HANDLE;
     symKey->slot = slot;
     symKey->series = slot->series;
     symKey->cx = wincx;
     symKey->size = 0;
     symKey->refCount = 1;
     symKey->origin = PK11_OriginNULL;
     symKey->parent = NULL;
     symKey->freeFunc = NULL;
     symKey->userData = NULL;
     PK11_ReferenceSlot(slot);
     return symKey;
 }
 /*
  * destroy a symetric key
  */
 void
 PK11_FreeSymKey(PK11SymKey *symKey)
 {
     PK11SlotInfo *slot;
     PRBool freeit = PR_TRUE;
     if (PR_ATOMIC_DECREMENT(&symKey->refCount) == 0) {
 	PK11SymKey *parent = symKey->parent;
 	symKey->parent = NULL;
 	if ((symKey->owner) && symKey->objectID != CK_INVALID_HANDLE) {
 	    pk11_EnterKeyMonitor(symKey);
 	    (void) PK11_GETTAB(symKey->slot)->
 		C_DestroyObject(symKey->session, symKey->objectID);
 	    pk11_ExitKeyMonitor(symKey);
 	}
 	if (symKey->data.data) {
 	    PORT_Memset(symKey->data.data, 0, symKey->data.len);
 	    PORT_Free(symKey->data.data);
 	}
 	/* free any existing data */
 	if (symKey->userData && symKey->freeFunc) {
 	    (*symKey->freeFunc)(symKey->userData);
 	}
         slot = symKey->slot;
         PZ_Lock(slot->freeListLock);
 	if (slot->keyCount < slot->maxKeyCount) {
 	    /*
              * freeSymkeysWithSessionHead contain a list of reusable
 	     *  SymKey structures with valid sessions.
 	     *    sessionOwner must be true.
              *    session must be valid.
              * freeSymKeysHead contain a list of SymKey structures without
              *  valid session.
              *    session must be CK_INVALID_SESSION.
 	     *    though sessionOwner is false, callers should not depend on
 	     *    this fact.
 	     */
 	    if (symKey->sessionOwner) {
 		PORT_Assert (symKey->session != CK_INVALID_SESSION);
 		symKey->next = slot->freeSymKeysWithSessionHead;
 		slot->freeSymKeysWithSessionHead = symKey;
 	    } else {
 		symKey->session = CK_INVALID_SESSION;
 		symKey->next = slot->freeSymKeysHead;
 		slot->freeSymKeysHead = symKey;
 	    }
 	    slot->keyCount++;
 	    symKey->slot = NULL;
 	    freeit = PR_FALSE;
         }
 	PZ_Unlock(slot->freeListLock);
         if (freeit) {
 	    pk11_CloseSession(symKey->slot, symKey->session,
 							symKey->sessionOwner);
 	    PORT_Free(symKey);
 	}
 	PK11_FreeSlot(slot);
 	if (parent) {
 	    PK11_FreeSymKey(parent);
 	}
     }
 }
 PK11SymKey *
 PK11_ReferenceSymKey(PK11SymKey *symKey)
 {
     PR_ATOMIC_INCREMENT(&symKey->refCount);
     return symKey;
 }
 /*
  * Accessors
  */
 CK_MECHANISM_TYPE
 PK11_GetMechanism(PK11SymKey *symKey)
 {
     return symKey->type;
 }
 /*
  * return the slot associated with a symetric key
  */
 PK11SlotInfo *
 PK11_GetSlotFromKey(PK11SymKey *symKey)
 {
     return PK11_ReferenceSlot(symKey->slot);
 }
 CK_KEY_TYPE PK11_GetSymKeyType(PK11SymKey *symKey)
 {
     return PK11_GetKeyType(symKey->type,symKey->size);
 }
 PK11SymKey *
 PK11_GetNextSymKey(PK11SymKey *symKey)
 {
     return symKey ? symKey->next : NULL;
 }
 char *
 PK11_GetSymKeyNickname(PK11SymKey *symKey)
 {
     return PK11_GetObjectNickname(symKey->slot,symKey->objectID);
 }
 SECStatus
 PK11_SetSymKeyNickname(PK11SymKey *symKey, const char *nickname)
 {
     return PK11_SetObjectNickname(symKey->slot,symKey->objectID,nickname);
 }
 void *
 PK11_GetSymKeyUserData(PK11SymKey *symKey)
 {
     return symKey->userData;
 }
 void
 PK11_SetSymKeyUserData(PK11SymKey *symKey, void *userData,
                                               PK11FreeDataFunc freeFunc)
 {
     /* free any existing data */
     if (symKey->userData && symKey->freeFunc) {
 	(*symKey->freeFunc)(symKey->userData);
     }
     symKey->userData = userData;
     symKey->freeFunc = freeFunc;
     return;
 }
 /*
  * turn key handle into an appropriate key object
  */
 PK11SymKey *
 PK11_SymKeyFromHandle(PK11SlotInfo *slot, PK11SymKey *parent, PK11Origin origin,
     CK_MECHANISM_TYPE type, CK_OBJECT_HANDLE keyID, PRBool owner, void *wincx)
 {
     PK11SymKey *symKey;
     PRBool needSession = !(owner && parent);
     if (keyID == CK_INVALID_HANDLE) {
 	return NULL;
     }
     symKey = pk11_CreateSymKey(slot, type, owner, needSession, wincx);
     if (symKey == NULL) {
 	return NULL;
     }
     symKey->objectID = keyID;
     symKey->origin = origin;
     /* adopt the parent's session */
     /* This is only used by SSL. What we really want here is a session
      * structure with a ref count so  the session goes away only after all the
      * keys do. */
     if (!needSession) {
 	symKey->sessionOwner = PR_FALSE;
 	symKey->session = parent->session;
 	symKey->parent = PK11_ReferenceSymKey(parent);
         /* This is the only case where pk11_CreateSymKey does not explicitly
 	 * check symKey->session. We need to assert here to make sure.
 	 * the session isn't invalid. */
 	PORT_Assert(parent->session != CK_INVALID_SESSION);
 	if (parent->session == CK_INVALID_SESSION) {
 	    PK11_FreeSymKey(symKey);
 	    PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
 	    return NULL;
 	}
     }
     return symKey;
 }
 /*
  * turn key handle into an appropriate key object
  */
 PK11SymKey *
 PK11_GetWrapKey(PK11SlotInfo *slot, int wrap, CK_MECHANISM_TYPE type,
 						    int series, void *wincx)
 {
     PK11SymKey *symKey = NULL;
     if (slot->series != series) return NULL;
     if (slot->refKeys[wrap] == CK_INVALID_HANDLE) return NULL;
     if (type == CKM_INVALID_MECHANISM) type = slot->wrapMechanism;
     symKey = PK11_SymKeyFromHandle(slot, NULL, PK11_OriginDerive,
 		 slot->wrapMechanism, slot->refKeys[wrap], PR_FALSE, wincx);
     return symKey;
 }
 /*
  * This function is not thread-safe because it sets wrapKey->sessionOwner
  * without using a lock or atomic routine.  It can only be called when
  * only one thread has a reference to wrapKey.
  */
 void
 PK11_SetWrapKey(PK11SlotInfo *slot, int wrap, PK11SymKey *wrapKey)
 {
     /* save the handle and mechanism for the wrapping key */
     /* mark the key and session as not owned by us to they don't get freed
      * when the key goes way... that lets us reuse the key later */
     slot->refKeys[wrap] = wrapKey->objectID;
     wrapKey->owner = PR_FALSE;
     wrapKey->sessionOwner = PR_FALSE;
     slot->wrapMechanism = wrapKey->type;
 }
 /*
  * figure out if a key is still valid or if it is stale.
  */
 PRBool
 PK11_VerifyKeyOK(PK11SymKey *key) {
     if (!PK11_IsPresent(key->slot)) {
 	return PR_FALSE;
     }
     return (PRBool)(key->series == key->slot->series);
 }
 static PK11SymKey *
 pk11_ImportSymKeyWithTempl(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
                   PK11Origin origin, PRBool isToken, CK_ATTRIBUTE *keyTemplate,
 		  unsigned int templateCount, SECItem *key, void *wincx)
 {
     PK11SymKey *    symKey;
     SECStatus	    rv;
     symKey = pk11_CreateSymKey(slot, type, !isToken, PR_TRUE, wincx);
     if (symKey == NULL) {
 	return NULL;
     }
     symKey->size = key->len;
     PK11_SETATTRS(&keyTemplate[templateCount], CKA_VALUE, key->data, key->len);
     templateCount++;
     if (SECITEM_CopyItem(NULL,&symKey->data,key) != SECSuccess) {
 	PK11_FreeSymKey(symKey);
 	return NULL;
     }
     symKey->origin = origin;
     /* import the keys */
     rv = PK11_CreateNewObject(slot, symKey->session, keyTemplate,
 		 	templateCount, isToken, &symKey->objectID);
     if ( rv != SECSuccess) {
 	PK11_FreeSymKey(symKey);
 	return NULL;
     }
     return symKey;
 }
 /*
  * turn key bits into an appropriate key object
  */
 PK11SymKey *
 PK11_ImportSymKey(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
      PK11Origin origin, CK_ATTRIBUTE_TYPE operation, SECItem *key,void *wincx)
 {
     PK11SymKey *    symKey;
     unsigned int    templateCount = 0;
     CK_OBJECT_CLASS keyClass 	= CKO_SECRET_KEY;
     CK_KEY_TYPE     keyType 	= CKK_GENERIC_SECRET;
     CK_BBOOL        cktrue 	= CK_TRUE; /* sigh */
     CK_ATTRIBUTE    keyTemplate[5];
     CK_ATTRIBUTE *  attrs 	= keyTemplate;
     PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, sizeof(keyClass) ); attrs++;
     PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof(keyType) ); attrs++;
     PK11_SETATTRS(attrs, operation, &cktrue, 1); attrs++;
     templateCount = attrs - keyTemplate;
     PR_ASSERT(templateCount+1 <= sizeof(keyTemplate)/sizeof(CK_ATTRIBUTE));
     keyType = PK11_GetKeyType(type,key->len);
     symKey = pk11_ImportSymKeyWithTempl(slot, type, origin, PR_FALSE,
 				keyTemplate, templateCount, key, wincx);
     return symKey;
 }
 /*
  * turn key bits into an appropriate key object
  */
 PK11SymKey *
 PK11_ImportSymKeyWithFlags(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
      PK11Origin origin, CK_ATTRIBUTE_TYPE operation, SECItem *key,
      CK_FLAGS flags, PRBool isPerm, void *wincx)
 {
     PK11SymKey *    symKey;
     unsigned int    templateCount = 0;
     CK_OBJECT_CLASS keyClass 	= CKO_SECRET_KEY;
     CK_KEY_TYPE     keyType 	= CKK_GENERIC_SECRET;
     CK_BBOOL        cktrue 	= CK_TRUE; /* sigh */
     CK_ATTRIBUTE    keyTemplate[MAX_TEMPL_ATTRS];
     CK_ATTRIBUTE *  attrs 	= keyTemplate;
     PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, sizeof(keyClass) ); attrs++;
     PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof(keyType) ); attrs++;
     if (isPerm) {
 	PK11_SETATTRS(attrs, CKA_TOKEN, &cktrue, sizeof(cktrue) ); attrs++;
 	/* sigh some tokens think CKA_PRIVATE = false is a reasonable
 	 * default for secret keys */
 	PK11_SETATTRS(attrs, CKA_PRIVATE, &cktrue, sizeof(cktrue) ); attrs++;
     }
     attrs += pk11_OpFlagsToAttributes(flags, attrs, &cktrue);
     if ((operation != CKA_FLAGS_ONLY) &&
     	 !pk11_FindAttrInTemplate(keyTemplate, attrs-keyTemplate, operation)) {
         PK11_SETATTRS(attrs, operation, &cktrue, sizeof(cktrue)); attrs++;
     }
     templateCount = attrs - keyTemplate;
     PR_ASSERT(templateCount+1 <= sizeof(keyTemplate)/sizeof(CK_ATTRIBUTE));
     keyType = PK11_GetKeyType(type,key->len);
     symKey = pk11_ImportSymKeyWithTempl(slot, type, origin, isPerm,
 				 keyTemplate, templateCount, key, wincx);
     if (symKey && isPerm) {
 	symKey->owner = PR_FALSE;
     }
     return symKey;
 }
 PK11SymKey *
 PK11_FindFixedKey(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, SECItem *keyID,
 								void *wincx)
 {
     CK_ATTRIBUTE findTemp[4];
     CK_ATTRIBUTE *attrs;
     CK_BBOOL ckTrue = CK_TRUE;
     CK_OBJECT_CLASS keyclass = CKO_SECRET_KEY;
     int tsize = 0;
     CK_OBJECT_HANDLE key_id;
     attrs = findTemp;
     PK11_SETATTRS(attrs, CKA_CLASS, &keyclass, sizeof(keyclass)); attrs++;
     PK11_SETATTRS(attrs, CKA_TOKEN, &ckTrue, sizeof(ckTrue)); attrs++;
     if (keyID) {
         PK11_SETATTRS(attrs, CKA_ID, keyID->data, keyID->len); attrs++;
     }
     tsize = attrs - findTemp;
     PORT_Assert(tsize <= sizeof(findTemp)/sizeof(CK_ATTRIBUTE));
     key_id = pk11_FindObjectByTemplate(slot,findTemp,tsize);
     if (key_id == CK_INVALID_HANDLE) {
 	return NULL;
     }
     return PK11_SymKeyFromHandle(slot, NULL, PK11_OriginDerive, type, key_id,
 		 				PR_FALSE, wincx);
 }
 PK11SymKey *
 PK11_ListFixedKeysInSlot(PK11SlotInfo *slot, char *nickname, void *wincx)
 {
     CK_ATTRIBUTE findTemp[4];
     CK_ATTRIBUTE *attrs;
     CK_BBOOL ckTrue = CK_TRUE;
     CK_OBJECT_CLASS keyclass = CKO_SECRET_KEY;
     int tsize = 0;
     int objCount = 0;
     CK_OBJECT_HANDLE *key_ids;
     PK11SymKey *nextKey = NULL;
     PK11SymKey *topKey = NULL;
     int i,len;
     attrs = findTemp;
     PK11_SETATTRS(attrs, CKA_CLASS, &keyclass, sizeof(keyclass)); attrs++;
     PK11_SETATTRS(attrs, CKA_TOKEN, &ckTrue, sizeof(ckTrue)); attrs++;
     if (nickname) {
 	len = PORT_Strlen(nickname);
 	PK11_SETATTRS(attrs, CKA_LABEL, nickname, len); attrs++;
     }
     tsize = attrs - findTemp;
     PORT_Assert(tsize <= sizeof(findTemp)/sizeof(CK_ATTRIBUTE));
     key_ids = pk11_FindObjectsByTemplate(slot,findTemp,tsize,&objCount);
     if (key_ids == NULL) {
 	return NULL;
     }
     for (i=0; i < objCount ; i++) {
 	SECItem typeData;
 	CK_KEY_TYPE type = CKK_GENERIC_SECRET;
         SECStatus rv = PK11_ReadAttribute(slot, key_ids[i],
 						CKA_KEY_TYPE, NULL, &typeData);
 	if (rv == SECSuccess) {
 	    if (typeData.len == sizeof(CK_KEY_TYPE)) {
 	    	type = *(CK_KEY_TYPE *)typeData.data;
 	    }
 	    PORT_Free(typeData.data);
 	}
 	nextKey = PK11_SymKeyFromHandle(slot, NULL, PK11_OriginDerive,
 		PK11_GetKeyMechanism(type), key_ids[i], PR_FALSE, wincx);
 	if (nextKey) {
 	    nextKey->next = topKey;
 	    topKey = nextKey;
 	}
    }
    PORT_Free(key_ids);
    return topKey;
 }
 void *
 PK11_GetWindow(PK11SymKey *key)
 {
    return key->cx;
 }
 /*
  * extract a symetric key value. NOTE: if the key is sensitive, we will
  * not be able to do this operation. This function is used to move
  * keys from one token to another */
 SECStatus
 PK11_ExtractKeyValue(PK11SymKey *symKey)
 {
     SECStatus rv;
     if (symKey->data.data != NULL) {
 	if (symKey->size == 0) {
 	   symKey->size = symKey->data.len;
 	}
 	return SECSuccess;
     }
     if (symKey->slot == NULL) {
 	PORT_SetError( SEC_ERROR_INVALID_KEY );
 	return SECFailure;
     }
     rv = PK11_ReadAttribute(symKey->slot,symKey->objectID,CKA_VALUE,NULL,
 				&symKey->data);
     if (rv == SECSuccess) {
 	symKey->size = symKey->data.len;
     }
     return rv;
 }
 SECStatus
 PK11_DeleteTokenSymKey(PK11SymKey *symKey)
 {
     if (!PK11_IsPermObject(symKey->slot, symKey->objectID)) {
 	return SECFailure;
     }
     PK11_DestroyTokenObject(symKey->slot,symKey->objectID);
     symKey->objectID = CK_INVALID_HANDLE;
     return SECSuccess;
 }
 SECItem *
 PK11_GetKeyData(PK11SymKey *symKey)
 {
     return &symKey->data;
 }
 /* This symbol is exported for backward compatibility. */
 SECItem *
 __PK11_GetKeyData(PK11SymKey *symKey)
 {
     return PK11_GetKeyData(symKey);
 }
 /*
  * PKCS #11 key Types with predefined length
  */
 unsigned int
 pk11_GetPredefinedKeyLength(CK_KEY_TYPE keyType)
 {
     int length = 0;
     switch (keyType) {
       case CKK_DES: length = 8; break;
       case CKK_DES2: length = 16; break;
       case CKK_DES3: length = 24; break;
       case CKK_SKIPJACK: length = 10; break;
       case CKK_BATON: length = 20; break;
       case CKK_JUNIPER: length = 20; break;
       default: break;
     }
     return length;
 }
 /* return the keylength if possible.  '0' if not */
 unsigned int
 PK11_GetKeyLength(PK11SymKey *key)
 {
     CK_KEY_TYPE keyType;
     if (key->size != 0) return key->size;
     /* First try to figure out the key length from its type */
     keyType = PK11_ReadULongAttribute(key->slot,key->objectID,CKA_KEY_TYPE);
     key->size = pk11_GetPredefinedKeyLength(keyType);
     if ((keyType == CKK_GENERIC_SECRET) &&
 	(key->type == CKM_SSL3_PRE_MASTER_KEY_GEN))  {
 	key->size=48;
     }
    if( key->size != 0 ) return key->size;
    if (key->data.data == NULL) {
 	PK11_ExtractKeyValue(key);
    }
    /* key is probably secret. Look up its length */
    /*  this is new PKCS #11 version 2.0 functionality. */
    if (key->size == 0) {
 	CK_ULONG keyLength;
 	keyLength = PK11_ReadULongAttribute(key->slot,key->objectID,CKA_VALUE_LEN);
 	if (keyLength != CK_UNAVAILABLE_INFORMATION) {
 	    key->size = (unsigned int)keyLength;
 	}
     }
    return key->size;
 }
 /* return the strength of a key. This is different from length in that
  * 1) it returns the size in bits, and 2) it returns only the secret portions
  * of the key minus any checksums or parity.
  */
 unsigned int
 PK11_GetKeyStrength(PK11SymKey *key, SECAlgorithmID *algid)
 {
      int size=0;
      CK_MECHANISM_TYPE mechanism= CKM_INVALID_MECHANISM; /* RC2 only */
      SECItem *param = NULL; /* RC2 only */
      CK_RC2_CBC_PARAMS *rc2_params = NULL; /* RC2 ONLY */
      unsigned int effectiveBits = 0; /* RC2 ONLY */
      switch (PK11_GetKeyType(key->type,0)) {
      case CKK_CDMF:
 	return 40;
      case CKK_DES:
 	return 56;
      case CKK_DES3:
      case CKK_DES2:
 	size = PK11_GetKeyLength(key);
 	if (size == 16) {
 	   /* double des */
 	   return 112; /* 16*7 */
 	}
 	return 168;
     /*
      * RC2 has is different than other ciphers in that it allows the user
      * to deprecating keysize while still requiring all the bits for the
      * original key. The info
      * on what the effective key strength is in the parameter for the key.
      * In S/MIME this parameter is stored in the DER encoded algid. In Our
      * other uses of RC2, effectiveBits == keyBits, so this code functions
      * correctly without an algid.
      */
     case CKK_RC2:
 	/* if no algid was provided, fall through to default */
         if (!algid) {
 	    break;
 	}
 	/* verify that the algid is for RC2 */
 	mechanism = PK11_AlgtagToMechanism(SECOID_GetAlgorithmTag(algid));
 	if ((mechanism != CKM_RC2_CBC) && (mechanism != CKM_RC2_ECB)) {
 	    break;
 	}
 	/* now get effective bits from the algorithm ID. */
 	param = PK11_ParamFromAlgid(algid);
 	/* if we couldn't get memory just use key length */
 	if (param == NULL) {
 	    break;
 	}
 	rc2_params = (CK_RC2_CBC_PARAMS *) param->data;
 	/* paranoia... shouldn't happen */
 	PORT_Assert(param->data != NULL);
 	if (param->data == NULL) {
 	    SECITEM_FreeItem(param,PR_TRUE);
 	    break;
 	}
 	effectiveBits = (unsigned int)rc2_params->ulEffectiveBits;
 	SECITEM_FreeItem(param,PR_TRUE);
 	param = NULL; rc2_params=NULL; /* paranoia */
 	/* we have effective bits, is and allocated memory is free, now
 	 * we need to return the smaller of effective bits and keysize */
 	size = PK11_GetKeyLength(key);
 	if ((unsigned int)size*8 > effectiveBits) {
 	    return effectiveBits;
 	}
 	return size*8; /* the actual key is smaller, the strength can't be
 			* greater than the actual key size */
     default:
 	break;
     }
     return PK11_GetKeyLength(key) * 8;
 }
 /*
  * The next three utilities are to deal with the fact that a given operation
  * may be a multi-slot affair. This creates a new key object that is copied
  * into the new slot.
  */
 PK11SymKey *
 pk11_CopyToSlotPerm(PK11SlotInfo *slot,CK_MECHANISM_TYPE type,
 	 	CK_ATTRIBUTE_TYPE operation, CK_FLAGS flags,
 		PRBool isPerm, PK11SymKey *symKey)
 {
     SECStatus rv;
     PK11SymKey *newKey = NULL;
     /* Extract the raw key data if possible */
     if (symKey->data.data == NULL) {
 	rv = PK11_ExtractKeyValue(symKey);
 	/* KEY is sensitive, we're try key exchanging it. */
 	if (rv != SECSuccess) {
 	    return pk11_KeyExchange(slot, type, operation,
 						flags, isPerm, symKey);
 	}
     }
     newKey = PK11_ImportSymKeyWithFlags(slot,  type, symKey->origin,
 	operation, &symKey->data, flags, isPerm, symKey->cx);
     if (newKey == NULL) {
 	newKey = pk11_KeyExchange(slot, type, operation, flags, isPerm, symKey);
     }
     return newKey;
 }
 PK11SymKey *
 pk11_CopyToSlot(PK11SlotInfo *slot,CK_MECHANISM_TYPE type,
 	CK_ATTRIBUTE_TYPE operation, PK11SymKey *symKey)
 {
    return pk11_CopyToSlotPerm(slot, type, operation, 0, PR_FALSE, symKey);
 }
 /*
  * Make sure the slot we are in is the correct slot for the operation
  * by verifying that it supports all of the specified mechanism types.
  */
 PK11SymKey *
 pk11_ForceSlotMultiple(PK11SymKey *symKey, CK_MECHANISM_TYPE *type,
 			int mechCount, CK_ATTRIBUTE_TYPE operation)
 {
     PK11SlotInfo *slot = symKey->slot;
     PK11SymKey *newKey = NULL;
     PRBool needToCopy = PR_FALSE;
     int i;
     if (slot == NULL) {
 	needToCopy = PR_TRUE;
     } else {
 	i = 0;
 	while ((i < mechCount) && (needToCopy == PR_FALSE)) {
 	    if (!PK11_DoesMechanism(slot,type[i])) {
 		needToCopy = PR_TRUE;
 	    }
 	    i++;
 	}
     }
     if (needToCopy == PR_TRUE) {
 	slot = PK11_GetBestSlotMultiple(type,mechCount,symKey->cx);
 	if (slot == NULL) {
 	    PORT_SetError( SEC_ERROR_NO_MODULE );
 	    return NULL;
 	}
 	newKey = pk11_CopyToSlot(slot, type[0], operation, symKey);
 	PK11_FreeSlot(slot);
     }
     return newKey;
 }
 /*
  * Make sure the slot we are in is the correct slot for the operation
  */
 PK11SymKey *
 pk11_ForceSlot(PK11SymKey *symKey,CK_MECHANISM_TYPE type,
 						CK_ATTRIBUTE_TYPE operation)
 {
     return pk11_ForceSlotMultiple(symKey, &type, 1, operation);
 }
 PK11SymKey *
 PK11_MoveSymKey(PK11SlotInfo *slot, CK_ATTRIBUTE_TYPE operation,
 			CK_FLAGS flags, PRBool  perm, PK11SymKey *symKey)
 {
     if (symKey->slot == slot) {
 	if (perm) {
 	   return PK11_ConvertSessionSymKeyToTokenSymKey(symKey,symKey->cx);
 	} else {
 	   return PK11_ReferenceSymKey(symKey);
 	}
     }
     return pk11_CopyToSlotPerm(slot, symKey->type,
 					operation, flags, perm, symKey);
 }
 /*
  * Use the token to generate a key.
  *
  * keySize must be 'zero' for fixed key length algorithms. A nonzero
  *  keySize causes the CKA_VALUE_LEN attribute to be added to the template
  *  for the key. Most PKCS #11 modules fail if you specify the CKA_VALUE_LEN
  *  attribute for keys with fixed length. The exception is DES2. If you
  *  select a CKM_DES3_CBC mechanism, this code will not add the CKA_VALUE_LEN
  *  parameter and use the key size to determine which underlying DES keygen
  *  function to use (CKM_DES2_KEY_GEN or CKM_DES3_KEY_GEN).
  *
  * keyType must be -1 for most algorithms. Some PBE algorthims cannot
  *  determine the correct key type from the mechanism or the parameters,
  *  so key type must be specified. Other PKCS #11 mechanisms may do so in
  *  the future. Currently there is no need to export this publically.
  *  Keep it private until there is a need in case we need to expand the
  *  keygen parameters again...
  *
  * CK_FLAGS flags: key operation flags
  * PK11AttrFlags attrFlags: PK11_ATTR_XXX key attribute flags
  */
 PK11SymKey *
 pk11_TokenKeyGenWithFlagsAndKeyType(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
     SECItem *param, CK_KEY_TYPE keyType, int keySize, SECItem *keyid,
     CK_FLAGS opFlags, PK11AttrFlags attrFlags, void *wincx)
 {
     PK11SymKey *symKey;
     CK_ATTRIBUTE genTemplate[MAX_TEMPL_ATTRS];
     CK_ATTRIBUTE *attrs = genTemplate;
     int count = sizeof(genTemplate)/sizeof(genTemplate[0]);
     CK_MECHANISM_TYPE keyGenType;
     CK_BBOOL cktrue = CK_TRUE;
     CK_BBOOL ckfalse = CK_FALSE;
     CK_ULONG ck_key_size;       /* only used for variable-length keys */
     if (pk11_BadAttrFlags(attrFlags)) {
 	PORT_SetError( SEC_ERROR_INVALID_ARGS );
 	return NULL;
     }
     if ((keySize != 0) && (type != CKM_DES3_CBC) &&
 		(type !=CKM_DES3_CBC_PAD) && (type != CKM_DES3_ECB)) {
         ck_key_size = keySize; /* Convert to PK11 type */
         PK11_SETATTRS(attrs, CKA_VALUE_LEN, &ck_key_size, sizeof(ck_key_size));
 							attrs++;
     }
     if (keyType != -1) {
         PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof(CK_KEY_TYPE));
 							attrs++;
     }
     /* Include key id value if provided */
     if (keyid) {
         PK11_SETATTRS(attrs, CKA_ID, keyid->data, keyid->len); attrs++;
     }
     attrs += pk11_AttrFlagsToAttributes(attrFlags, attrs, &cktrue, &ckfalse);
     attrs += pk11_OpFlagsToAttributes(opFlags, attrs, &cktrue);
     count = attrs - genTemplate;
     PR_ASSERT(count <= sizeof(genTemplate)/sizeof(CK_ATTRIBUTE));
     keyGenType = PK11_GetKeyGenWithSize(type, keySize);
     if (keyGenType == CKM_FAKE_RANDOM) {
         PORT_SetError( SEC_ERROR_NO_MODULE );
         return NULL;
     }
     symKey = PK11_KeyGenWithTemplate(slot, type, keyGenType,
                                      param, genTemplate, count, wincx);
     if (symKey != NULL) {
         symKey->size = keySize;
     }
     return symKey;
 }
 /*
  * Use the token to generate a key.  - Public
  *
  * keySize must be 'zero' for fixed key length algorithms. A nonzero
  *  keySize causes the CKA_VALUE_LEN attribute to be added to the template
  *  for the key. Most PKCS #11 modules fail if you specify the CKA_VALUE_LEN
  *  attribute for keys with fixed length. The exception is DES2. If you
  *  select a CKM_DES3_CBC mechanism, this code will not add the CKA_VALUE_LEN
  *  parameter and use the key size to determine which underlying DES keygen
  *  function to use (CKM_DES2_KEY_GEN or CKM_DES3_KEY_GEN).
  *
  * CK_FLAGS flags: key operation flags
  * PK11AttrFlags attrFlags: PK11_ATTR_XXX key attribute flags
  */
 PK11SymKey *
 PK11_TokenKeyGenWithFlags(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
     SECItem *param, int keySize, SECItem *keyid, CK_FLAGS opFlags,
     PK11AttrFlags attrFlags, void *wincx)
 {
     return pk11_TokenKeyGenWithFlagsAndKeyType(slot, type, param, -1, keySize,
 	keyid, opFlags, attrFlags, wincx);
 }
 /*
  * Use the token to generate a key. keySize must be 'zero' for fixed key
  * length algorithms. A nonzero keySize causes the CKA_VALUE_LEN attribute
  * to be added to the template for the key. PKCS #11 modules fail if you
  * specify the CKA_VALUE_LEN attribute for keys with fixed length.
  * NOTE: this means to generate a DES2 key from this interface you must
  * specify CKM_DES2_KEY_GEN as the mechanism directly; specifying
  * CKM_DES3_CBC as the mechanism and 16 as keySize currently doesn't work.
  */
 PK11SymKey *
 PK11_TokenKeyGen(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, SECItem *param,
     int keySize, SECItem *keyid, PRBool isToken, void *wincx)
 {
     PK11SymKey *symKey;
     PRBool weird = PR_FALSE;   /* hack for fortezza */
     CK_FLAGS opFlags = CKF_SIGN;
     PK11AttrFlags attrFlags = 0;
     if ((keySize == -1) && (type == CKM_SKIPJACK_CBC64)) {
 	weird = PR_TRUE;
 	keySize = 0;
     }
     opFlags |= weird ? CKF_DECRYPT : CKF_ENCRYPT;
     if (isToken) {
 	attrFlags |= (PK11_ATTR_TOKEN | PK11_ATTR_PRIVATE);
     }
     symKey = pk11_TokenKeyGenWithFlagsAndKeyType(slot, type, param,
 			-1, keySize, keyid, opFlags, attrFlags, wincx);
     if (symKey && weird) {
 	PK11_SetFortezzaHack(symKey);
     }
     return symKey;
 }
 PK11SymKey *
 PK11_KeyGen(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, SECItem *param,
 						int keySize, void *wincx)
 {
     return PK11_TokenKeyGen(slot, type, param, keySize, 0, PR_FALSE, wincx);
 }
 PK11SymKey *
 PK11_KeyGenWithTemplate(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
                         CK_MECHANISM_TYPE keyGenType,
                         SECItem *param, CK_ATTRIBUTE * attrs,
                         unsigned int attrsCount, void *wincx)
 {
     PK11SymKey *symKey;
     CK_SESSION_HANDLE session;
     CK_MECHANISM mechanism;
     CK_RV crv;
     PRBool isToken = CK_FALSE;
     CK_ULONG keySize = 0;
     unsigned i;
     /* Extract the template's CKA_VALUE_LEN into keySize and CKA_TOKEN into
        isToken. */
     for (i = 0; i < attrsCount; ++i) {
         switch (attrs[i].type) {
             case CKA_VALUE_LEN:
                 if (attrs[i].pValue == NULL ||
                     attrs[i].ulValueLen != sizeof(CK_ULONG)) {
                     PORT_SetError(PK11_MapError(CKR_TEMPLATE_INCONSISTENT));
                     return NULL;
                 }
                 keySize = * (CK_ULONG *) attrs[i].pValue;
                 break;
             case CKA_TOKEN:
                 if (attrs[i].pValue == NULL ||
                     attrs[i].ulValueLen != sizeof(CK_BBOOL)) {
                     PORT_SetError(PK11_MapError(CKR_TEMPLATE_INCONSISTENT));
                     return NULL;
                 }
                 isToken = (*(CK_BBOOL*)attrs[i].pValue) ? PR_TRUE : PR_FALSE;
                 break;
         }
     }
     /* find a slot to generate the key into */
     /* Only do slot management if this is not a token key */
     if (!isToken && (slot == NULL || !PK11_DoesMechanism(slot,type))) {
         PK11SlotInfo *bestSlot = PK11_GetBestSlot(type,wincx);
         if (bestSlot == NULL) {
             PORT_SetError( SEC_ERROR_NO_MODULE );
             return NULL;
         }
         symKey = pk11_CreateSymKey(bestSlot, type, !isToken, PR_TRUE, wincx);
         PK11_FreeSlot(bestSlot);
     } else {
         symKey = pk11_CreateSymKey(slot, type, !isToken, PR_TRUE, wincx);
     }
     if (symKey == NULL) return NULL;
     symKey->size = keySize;
     symKey->origin = PK11_OriginGenerated;
     /* Set the parameters for the key gen if provided */
     mechanism.mechanism = keyGenType;
     mechanism.pParameter = NULL;
     mechanism.ulParameterLen = 0;
     if (param) {
         mechanism.pParameter = param->data;
         mechanism.ulParameterLen = param->len;
     }
     /* Get session and perform locking */
     if (isToken) {
         PK11_Authenticate(symKey->slot,PR_TRUE,wincx);
         /* Should always be original slot */
         session = PK11_GetRWSession(symKey->slot);
         symKey->owner = PR_FALSE;
     } else {
         session = symKey->session;
         if (session != CK_INVALID_SESSION)
             pk11_EnterKeyMonitor(symKey);
     }
     if (session == CK_INVALID_SESSION) {
         PK11_FreeSymKey(symKey);
         PORT_SetError(SEC_ERROR_BAD_DATA);
         return NULL;
     }
     crv = PK11_GETTAB(symKey->slot)->C_GenerateKey(session,
 			 &mechanism, attrs, attrsCount, &symKey->objectID);
     /* Release lock and session */
     if (isToken) {
         PK11_RestoreROSession(symKey->slot, session);
     } else {
         pk11_ExitKeyMonitor(symKey);
     }
     if (crv != CKR_OK) {
         PK11_FreeSymKey(symKey);
         PORT_SetError( PK11_MapError(crv) );
         return NULL;
     }
     return symKey;
 }
 /* --- */
 PK11SymKey *
 PK11_GenDES3TokenKey(PK11SlotInfo *slot, SECItem *keyid, void *cx)
 {
   return PK11_TokenKeyGen(slot, CKM_DES3_CBC, 0, 0, keyid, PR_TRUE, cx);
 }
 PK11SymKey*
 PK11_ConvertSessionSymKeyToTokenSymKey(PK11SymKey *symk, void *wincx)
 {
     PK11SlotInfo* slot = symk->slot;
     CK_ATTRIBUTE template[1];
     CK_ATTRIBUTE *attrs = template;
     CK_BBOOL cktrue = CK_TRUE;
     CK_RV crv;
     CK_OBJECT_HANDLE newKeyID;
     CK_SESSION_HANDLE rwsession;
     PK11_SETATTRS(attrs, CKA_TOKEN, &cktrue, sizeof(cktrue)); attrs++;
     PK11_Authenticate(slot, PR_TRUE, wincx);
     rwsession = PK11_GetRWSession(slot);
     if (rwsession == CK_INVALID_SESSION) {
 	PORT_SetError(SEC_ERROR_BAD_DATA);
 	return NULL;
     }
     crv = PK11_GETTAB(slot)->C_CopyObject(rwsession, symk->objectID,
         template, 1, &newKeyID);
     PK11_RestoreROSession(slot, rwsession);
     if (crv != CKR_OK) {
         PORT_SetError( PK11_MapError(crv) );
         return NULL;
     }
     return PK11_SymKeyFromHandle(slot, NULL /*parent*/, symk->origin,
         symk->type, newKeyID, PR_FALSE /*owner*/, NULL /*wincx*/);
 }
 /*
  * This function does a straight public key wrap (which only RSA can do).
  * Use PK11_PubGenKey and PK11_WrapSymKey to implement the FORTEZZA and
  * Diffie-Hellman Ciphers. */
 SECStatus
 PK11_PubWrapSymKey(CK_MECHANISM_TYPE type, SECKEYPublicKey *pubKey,
 				PK11SymKey *symKey, SECItem *wrappedKey)
 {
     PK11SlotInfo *slot;
     CK_ULONG len =  wrappedKey->len;
     PK11SymKey *newKey = NULL;
     CK_OBJECT_HANDLE id;
     CK_MECHANISM mechanism;
     PRBool owner = PR_TRUE;
     CK_SESSION_HANDLE session;
     CK_RV crv;
     if (symKey == NULL) {
 	PORT_SetError( SEC_ERROR_INVALID_ARGS );
 	return SECFailure;
     }
     /* if this slot doesn't support the mechanism, go to a slot that does */
     newKey = pk11_ForceSlot(symKey,type,CKA_ENCRYPT);
     if (newKey != NULL) {
 	symKey = newKey;
     }
     if (symKey->slot == NULL) {
 	PORT_SetError( SEC_ERROR_NO_MODULE );
 	return SECFailure;
     }
     slot = symKey->slot;
     mechanism.mechanism = pk11_mapWrapKeyType(pubKey->keyType);
     mechanism.pParameter = NULL;
     mechanism.ulParameterLen = 0;
     id = PK11_ImportPublicKey(slot,pubKey,PR_FALSE);
     if (id == CK_INVALID_HANDLE) {
 	if (newKey) {
 	    PK11_FreeSymKey(newKey);
 	}
 	return SECFailure;   /* Error code has been set. */
     }
     session = pk11_GetNewSession(slot,&owner);
     if (!owner || !(slot->isThreadSafe)) PK11_EnterSlotMonitor(slot);
     crv = PK11_GETTAB(slot)->C_WrapKey(session,&mechanism,
 		id,symKey->objectID,wrappedKey->data,&len);
     if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot);
     pk11_CloseSession(slot,session,owner);
     if (newKey) {
 	PK11_FreeSymKey(newKey);
     }
     if (crv != CKR_OK) {
 	PORT_SetError( PK11_MapError(crv) );
 	return SECFailure;
     }
     wrappedKey->len = len;
     return SECSuccess;
 }
 /*
  * this little function uses the Encrypt function to wrap a key, just in
  * case we have problems with the wrap implementation for a token.
  */
 static SECStatus
 pk11_HandWrap(PK11SymKey *wrappingKey, SECItem *param, CK_MECHANISM_TYPE type,
 			 SECItem *inKey, SECItem *outKey)
 {
     PK11SlotInfo *slot;
     CK_ULONG len;
     SECItem *data;
     CK_MECHANISM mech;
     PRBool owner = PR_TRUE;
     CK_SESSION_HANDLE session;
     CK_RV crv;
     slot = wrappingKey->slot;
     /* use NULL IV's for wrapping */
     mech.mechanism = type;
     if (param) {
 	mech.pParameter = param->data;
 	mech.ulParameterLen = param->len;
     } else {
 	mech.pParameter = NULL;
 	mech.ulParameterLen = 0;
     }
     session = pk11_GetNewSession(slot,&owner);
     if (!owner || !(slot->isThreadSafe)) PK11_EnterSlotMonitor(slot);
     crv = PK11_GETTAB(slot)->C_EncryptInit(session,&mech,
 							wrappingKey->objectID);
     if (crv != CKR_OK) {
         if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot);
         pk11_CloseSession(slot,session,owner);
 	PORT_SetError( PK11_MapError(crv) );
 	return SECFailure;
     }
     /* keys are almost always aligned, but if we get this far,
      * we've gone above and beyond anyway... */
     data = PK11_BlockData(inKey,PK11_GetBlockSize(type,param));
     if (data == NULL) {
         if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot);
         pk11_CloseSession(slot,session,owner);
 	PORT_SetError(SEC_ERROR_NO_MEMORY);
 	return SECFailure;
     }
     len = outKey->len;
     crv = PK11_GETTAB(slot)->C_Encrypt(session,data->data,data->len,
 							   outKey->data, &len);
     if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot);
     pk11_CloseSession(slot,session,owner);
     SECITEM_FreeItem(data,PR_TRUE);
     outKey->len = len;
     if (crv != CKR_OK) {
 	PORT_SetError( PK11_MapError(crv) );
 	return SECFailure;
     }
     return SECSuccess;
 }
 /*
  * This function does a symetric based wrap.
  */
 SECStatus
 PK11_WrapSymKey(CK_MECHANISM_TYPE type, SECItem *param,
 	PK11SymKey *wrappingKey, PK11SymKey *symKey, SECItem *wrappedKey)
 {
     PK11SlotInfo *slot;
     CK_ULONG len = wrappedKey->len;
     PK11SymKey *newKey = NULL;
     SECItem *param_save = NULL;
     CK_MECHANISM mechanism;
     PRBool owner = PR_TRUE;
     CK_SESSION_HANDLE session;
     CK_RV crv;
     SECStatus rv;
     /* if this slot doesn't support the mechanism, go to a slot that does */
     /* Force symKey and wrappingKey into the same slot */
     if ((wrappingKey->slot == NULL) || (symKey->slot != wrappingKey->slot)) {
 	/* first try copying the wrapping Key to the symKey slot */
 	if (symKey->slot && PK11_DoesMechanism(symKey->slot,type)) {
 	    newKey = pk11_CopyToSlot(symKey->slot,type,CKA_WRAP,wrappingKey);
 	}
 	/* Nope, try it the other way */
 	if (newKey == NULL) {
 	    if (wrappingKey->slot) {
 	        newKey = pk11_CopyToSlot(wrappingKey->slot,
 					symKey->type, CKA_ENCRYPT, symKey);
 	    }
 	    /* just not playing... one last thing, can we get symKey's data?
 	     * If it's possible, we it should already be in the
 	     * symKey->data.data pointer because pk11_CopyToSlot would have
 	     * tried to put it there. */
 	    if (newKey == NULL) {
 		/* Can't get symKey's data: Game Over */
 		if (symKey->data.data == NULL) {
 		    PORT_SetError( SEC_ERROR_NO_MODULE );
 		    return SECFailure;
 		}
 		if (param == NULL) {
 		    param_save = param = PK11_ParamFromIV(type,NULL);
 		}
 		rv = pk11_HandWrap(wrappingKey, param, type,
 						&symKey->data,wrappedKey);
 		if (param_save) SECITEM_FreeItem(param_save,PR_TRUE);
 		return rv;
 	    }
 	    /* we successfully moved the sym Key */
 	    symKey = newKey;
 	} else {
 	    /* we successfully moved the wrapping Key */
 	    wrappingKey = newKey;
 	}
     }
     /* at this point both keys are in the same token */
     slot = wrappingKey->slot;
     mechanism.mechanism = type;
     /* use NULL IV's for wrapping */
     if (param == NULL) {
     	param_save = param = PK11_ParamFromIV(type,NULL);
     }
     if (param) {
 	mechanism.pParameter = param->data;
 	mechanism.ulParameterLen = param->len;
     } else {
 	mechanism.pParameter = NULL;
 	mechanism.ulParameterLen = 0;
     }
     len = wrappedKey->len;
     session = pk11_GetNewSession(slot,&owner);
     if (!owner || !(slot->isThreadSafe)) PK11_EnterSlotMonitor(slot);
     crv = PK11_GETTAB(slot)->C_WrapKey(session, &mechanism,
 		 wrappingKey->objectID, symKey->objectID,
 						wrappedKey->data, &len);
     if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot);
     pk11_CloseSession(slot,session,owner);
     rv = SECSuccess;
     if (crv != CKR_OK) {
 	/* can't wrap it? try hand wrapping it... */
 	do {
 	    if (symKey->data.data == NULL) {
 		rv = PK11_ExtractKeyValue(symKey);
 		if (rv != SECSuccess) break;
 	    }
 	    rv = pk11_HandWrap(wrappingKey, param, type, &symKey->data,
 								 wrappedKey);
 	} while (PR_FALSE);
     } else {
         wrappedKey->len = len;
     }
     if (newKey) PK11_FreeSymKey(newKey);
     if (param_save) SECITEM_FreeItem(param_save,PR_TRUE);
     return rv;
 }
 /*
  * This Generates a new key based on a symetricKey
  */
 PK11SymKey *
 PK11_Derive( PK11SymKey *baseKey, CK_MECHANISM_TYPE derive, SECItem *param,
              CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation,
 	     int keySize)
 {
     return PK11_DeriveWithTemplate(baseKey, derive, param, target, operation,
 				   keySize, NULL, 0, PR_FALSE);
 }
 PK11SymKey *
 PK11_DeriveWithFlags( PK11SymKey *baseKey, CK_MECHANISM_TYPE derive,
 	SECItem *param, CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation,
 	int keySize, CK_FLAGS flags)
 {
     CK_BBOOL        ckTrue	= CK_TRUE;
     CK_ATTRIBUTE    keyTemplate[MAX_TEMPL_ATTRS];
     unsigned int    templateCount;
     templateCount = pk11_OpFlagsToAttributes(flags, keyTemplate, &ckTrue);
     return PK11_DeriveWithTemplate(baseKey, derive, param, target, operation,
 		  keySize, keyTemplate, templateCount, PR_FALSE);
 }
 PK11SymKey *
 PK11_DeriveWithFlagsPerm( PK11SymKey *baseKey, CK_MECHANISM_TYPE derive,
 	SECItem *param, CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation,
 	int keySize, CK_FLAGS flags, PRBool isPerm)
 {
     CK_BBOOL        cktrue	= CK_TRUE;
     CK_ATTRIBUTE    keyTemplate[MAX_TEMPL_ATTRS];
     CK_ATTRIBUTE    *attrs;
     unsigned int    templateCount = 0;
     attrs = keyTemplate;
     if (isPerm) {
         PK11_SETATTRS(attrs, CKA_TOKEN,  &cktrue, sizeof(CK_BBOOL)); attrs++;
     }
     templateCount = attrs - keyTemplate;
     templateCount += pk11_OpFlagsToAttributes(flags, attrs, &cktrue);
     return PK11_DeriveWithTemplate(baseKey, derive, param, target, operation,
 				   keySize, keyTemplate, templateCount, isPerm);
 }
 PK11SymKey *
 PK11_DeriveWithTemplate( PK11SymKey *baseKey, CK_MECHANISM_TYPE derive,
 	SECItem *param, CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation,
 	int keySize, CK_ATTRIBUTE *userAttr, unsigned int numAttrs,
 							 PRBool isPerm)
 {
     PK11SlotInfo *  slot	= baseKey->slot;
     PK11SymKey *    symKey;
     PK11SymKey *    newBaseKey	= NULL;
     CK_BBOOL        cktrue	= CK_TRUE;
     CK_OBJECT_CLASS keyClass	= CKO_SECRET_KEY;
     CK_KEY_TYPE     keyType	= CKK_GENERIC_SECRET;
     CK_ULONG        valueLen	= 0;
     CK_MECHANISM    mechanism;
     CK_RV           crv;
 #define MAX_ADD_ATTRS 4
     CK_ATTRIBUTE    keyTemplate[MAX_TEMPL_ATTRS + MAX_ADD_ATTRS];
 #undef MAX_ADD_ATTRS
     CK_ATTRIBUTE *  attrs	= keyTemplate;
     CK_SESSION_HANDLE session;
     unsigned int    templateCount;
     if (numAttrs > MAX_TEMPL_ATTRS) {
     	PORT_SetError(SEC_ERROR_INVALID_ARGS);
 	return NULL;
     }
     /* first copy caller attributes in. */
     for (templateCount = 0; templateCount < numAttrs; ++templateCount) {
     	*attrs++ = *userAttr++;
     }
     /* We only add the following attributes to the template if the caller
     ** didn't already supply them.
     */
     if (!pk11_FindAttrInTemplate(keyTemplate, numAttrs, CKA_CLASS)) {
 	PK11_SETATTRS(attrs, CKA_CLASS,     &keyClass, sizeof keyClass);
 	attrs++;
     }
     if (!pk11_FindAttrInTemplate(keyTemplate, numAttrs, CKA_KEY_TYPE)) {
 	keyType = PK11_GetKeyType(target, keySize);
 	PK11_SETATTRS(attrs, CKA_KEY_TYPE,  &keyType,  sizeof keyType );
 	attrs++;
     }
     if (keySize > 0 &&
     	  !pk11_FindAttrInTemplate(keyTemplate, numAttrs, CKA_VALUE_LEN)) {
 	valueLen = (CK_ULONG)keySize;
 	PK11_SETATTRS(attrs, CKA_VALUE_LEN, &valueLen, sizeof valueLen);
 	attrs++;
     }
     if ((operation != CKA_FLAGS_ONLY) &&
 	  !pk11_FindAttrInTemplate(keyTemplate, numAttrs, operation)) {
 	PK11_SETATTRS(attrs, operation, &cktrue, sizeof cktrue); attrs++;
     }
     templateCount = attrs - keyTemplate;
     PR_ASSERT(templateCount <= sizeof(keyTemplate)/sizeof(CK_ATTRIBUTE));
     /* move the key to a slot that can do the function */
     if (!PK11_DoesMechanism(slot,derive)) {
 	/* get a new base key & slot */
 	PK11SlotInfo *newSlot = PK11_GetBestSlot(derive, baseKey->cx);
 	if (newSlot == NULL) return NULL;
         newBaseKey = pk11_CopyToSlot (newSlot, derive, CKA_DERIVE,
 				     baseKey);
 	PK11_FreeSlot(newSlot);
 	if (newBaseKey == NULL)
 	    return NULL;
 	baseKey = newBaseKey;
 	slot = baseKey->slot;
     }
     /* get our key Structure */
     symKey = pk11_CreateSymKey(slot, target, !isPerm, PR_TRUE, baseKey->cx);
     if (symKey == NULL) {
 	return NULL;
     }
     symKey->size = keySize;
     mechanism.mechanism = derive;
     if (param) {
 	mechanism.pParameter = param->data;
 	mechanism.ulParameterLen = param->len;
     } else {
 	mechanism.pParameter = NULL;
 	mechanism.ulParameterLen = 0;
     }
     symKey->origin=PK11_OriginDerive;
     if (isPerm) {
 	session =  PK11_GetRWSession(slot);
     } else {
         pk11_EnterKeyMonitor(symKey);
 	session = symKey->session;
     }
     if (session == CK_INVALID_SESSION) {
 	if (!isPerm)
 	    pk11_ExitKeyMonitor(symKey);
 	crv = CKR_SESSION_HANDLE_INVALID;
     } else {
 	crv = PK11_GETTAB(slot)->C_DeriveKey(session, &mechanism,
 	     baseKey->objectID, keyTemplate, templateCount, &symKey->objectID);
 	if (isPerm) {
 	    PK11_RestoreROSession(slot, session);
 	} else {
 	    pk11_ExitKeyMonitor(symKey);
 	}
     }
     if (newBaseKey)
     	PK11_FreeSymKey(newBaseKey);
     if (crv != CKR_OK) {
 	PK11_FreeSymKey(symKey);
 	return NULL;
     }
     return symKey;
 }
 /* Create a new key by concatenating base and data
  */
 static PK11SymKey *pk11_ConcatenateBaseAndData(PK11SymKey *base,
 	CK_BYTE *data, CK_ULONG dataLen, CK_MECHANISM_TYPE target,
 	CK_ATTRIBUTE_TYPE operation)
 {
     CK_KEY_DERIVATION_STRING_DATA mechParams;
     SECItem param;
     if (base == NULL) {
 	PORT_SetError( SEC_ERROR_INVALID_ARGS );
 	return NULL;
     }
     mechParams.pData = data;
     mechParams.ulLen = dataLen;
     param.data = (unsigned char *)&mechParams;
     param.len = sizeof(CK_KEY_DERIVATION_STRING_DATA);
     return PK11_Derive(base, CKM_CONCATENATE_BASE_AND_DATA,
 				&param, target, operation, 0);
 }
 /* Create a new key by concatenating base and key
  */
 static PK11SymKey *pk11_ConcatenateBaseAndKey(PK11SymKey *base,
 			PK11SymKey *key, CK_MECHANISM_TYPE target,
 			CK_ATTRIBUTE_TYPE operation, CK_ULONG keySize)
 {
     SECItem param;
     if ((base == NULL) || (key == NULL)) {
 	PORT_SetError( SEC_ERROR_INVALID_ARGS );
 	return NULL;
     }
     param.data = (unsigned char *)&(key->objectID);
     param.len = sizeof(CK_OBJECT_HANDLE);
     return PK11_Derive(base, CKM_CONCATENATE_BASE_AND_KEY,
 				&param, target, operation, keySize);
 }
 /* Create a new key whose value is the hash of tobehashed.
  * type is the mechanism for the derived key.
  */
 static PK11SymKey *pk11_HashKeyDerivation(PK11SymKey *toBeHashed,
 	CK_MECHANISM_TYPE hashMechanism, CK_MECHANISM_TYPE target,
 	CK_ATTRIBUTE_TYPE operation, CK_ULONG keySize)
 {
     return PK11_Derive(toBeHashed, hashMechanism, NULL, target, operation, keySize);
 }
 /* This function implements the ANSI X9.63 key derivation function
  */
 static PK11SymKey *pk11_ANSIX963Derive(PK11SymKey *sharedSecret,
 		CK_EC_KDF_TYPE kdf, SECItem *sharedData,
 		CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation,
 		CK_ULONG keySize)
 {
     CK_KEY_TYPE keyType;
     CK_MECHANISM_TYPE hashMechanism, mechanismArray[4];
     CK_ULONG derivedKeySize, HashLen, counter, maxCounter, bufferLen;
     CK_ULONG SharedInfoLen;
     CK_BYTE *buffer = NULL;
     PK11SymKey *toBeHashed, *hashOutput;
     PK11SymKey *newSharedSecret = NULL;
     PK11SymKey *oldIntermediateResult, *intermediateResult = NULL;
     if (sharedSecret == NULL) {
 	PORT_SetError( SEC_ERROR_INVALID_ARGS );
 	return NULL;
     }
     switch (kdf) {
     case CKD_SHA1_KDF:
 	HashLen = SHA1_LENGTH;
 	hashMechanism = CKM_SHA1_KEY_DERIVATION;
 	break;
     case CKD_SHA224_KDF:
 	HashLen = SHA224_LENGTH;
 	hashMechanism = CKM_SHA224_KEY_DERIVATION;
 	break;
     case CKD_SHA256_KDF:
 	HashLen = SHA256_LENGTH;
 	hashMechanism = CKM_SHA256_KEY_DERIVATION;
 	break;
     case CKD_SHA384_KDF:
 	HashLen = SHA384_LENGTH;
 	hashMechanism = CKM_SHA384_KEY_DERIVATION;
 	break;
     case CKD_SHA512_KDF:
 	HashLen = SHA512_LENGTH;
 	hashMechanism = CKM_SHA512_KEY_DERIVATION;
 	break;
     default:
 	PORT_SetError( SEC_ERROR_INVALID_ARGS );
 	return NULL;
     }
     derivedKeySize = keySize;
     if (derivedKeySize == 0) {
 	keyType = PK11_GetKeyType(target,keySize);
 	derivedKeySize = pk11_GetPredefinedKeyLength(keyType);
 	if (derivedKeySize == 0) {
 	    derivedKeySize = HashLen;
 	}
     }
     /* Check that key_len isn't too long.  The maximum key length could be
      * greatly increased if the code below did not limit the 4-byte counter
      * to a maximum value of 255. */
     if (derivedKeySize > 254 * HashLen) {
 	PORT_SetError( SEC_ERROR_INVALID_ARGS );
 	return NULL;
     }
     maxCounter = derivedKeySize / HashLen;
     if (derivedKeySize > maxCounter * HashLen)
 	maxCounter++;
     if ((sharedData == NULL) || (sharedData->data == NULL))
 	SharedInfoLen = 0;
     else
 	SharedInfoLen = sharedData->len;
     bufferLen = SharedInfoLen + 4;
     /* Populate buffer with Counter || sharedData
      * where Counter is 0x00000001. */
     buffer = (unsigned char *)PORT_Alloc(bufferLen);
     if (buffer == NULL) {
 	PORT_SetError(SEC_ERROR_NO_MEMORY);
 	return NULL;
     }
     buffer[0] = 0;
     buffer[1] = 0;
     buffer[2] = 0;
     buffer[3] = 1;
     if (SharedInfoLen > 0) {
 	PORT_Memcpy(&buffer[4], sharedData->data, SharedInfoLen);
     }
     /* Look for a slot that supports the mechanisms needed
      * to implement the ANSI X9.63 KDF as well as the
      * target mechanism.
      */
     mechanismArray[0] = CKM_CONCATENATE_BASE_AND_DATA;
     mechanismArray[1] = hashMechanism;
     mechanismArray[2] = CKM_CONCATENATE_BASE_AND_KEY;
     mechanismArray[3] = target;
     newSharedSecret = pk11_ForceSlotMultiple(sharedSecret,
 					 mechanismArray, 4, operation);
     if (newSharedSecret != NULL) {
 	sharedSecret = newSharedSecret;
     }
     for(counter=1; counter <= maxCounter; counter++) {
 	/* Concatenate shared_secret and buffer */
 	toBeHashed = pk11_ConcatenateBaseAndData(sharedSecret, buffer,
 					bufferLen, hashMechanism, operation);
 	if (toBeHashed == NULL) {
 	    goto loser;
 	}
 	/* Hash value */
 	if (maxCounter == 1) {
 	    /* In this case the length of the key to be derived is
 	     * less than or equal to the length of the hash output.
 	     * So, the output of the hash operation will be the
 	     * dervied key. */
 	    hashOutput = pk11_HashKeyDerivation(toBeHashed, hashMechanism,
 						target, operation, keySize);
 	} else {
 	    /* In this case, the output of the hash operation will be
 	     * concatenated with other data to create the derived key. */
 	    hashOutput = pk11_HashKeyDerivation(toBeHashed, hashMechanism,
 				CKM_CONCATENATE_BASE_AND_KEY, operation, 0);
 	}
 	PK11_FreeSymKey(toBeHashed);
 	if (hashOutput == NULL) {
 	    goto loser;
 	}
 	/* Append result to intermediate result, if necessary */
 	oldIntermediateResult = intermediateResult;
 	if (oldIntermediateResult == NULL) {
 	    intermediateResult = hashOutput;
 	} else {
 	    if (counter == maxCounter) {
 		/* This is the final concatenation, and so the output
 		 * will be the derived key. */
 		intermediateResult =
 		    pk11_ConcatenateBaseAndKey(oldIntermediateResult,
 				hashOutput, target, operation, keySize);
 	    } else {
 		/* The output of this concatenation will be concatenated
 		 * with other data to create the derived key. */
 		intermediateResult =
 		    pk11_ConcatenateBaseAndKey(oldIntermediateResult,
 				hashOutput, CKM_CONCATENATE_BASE_AND_KEY,
 				operation, 0);
 	    }
 	    PK11_FreeSymKey(hashOutput);
 	    PK11_FreeSymKey(oldIntermediateResult);
 	    if (intermediateResult == NULL) {
 		goto loser;
 	    }
 	}
 	/* Increment counter (assumes maxCounter < 255) */
 	buffer[3]++;
     }
     PORT_ZFree(buffer, bufferLen);
     if (newSharedSecret != NULL)
 	PK11_FreeSymKey(newSharedSecret);
     return intermediateResult;
 loser:
     if (buffer != NULL)
 	PORT_ZFree(buffer, bufferLen);
     if (newSharedSecret != NULL)
 	PK11_FreeSymKey(newSharedSecret);
     if (intermediateResult != NULL)
 	PK11_FreeSymKey(intermediateResult);
     return NULL;
 }
 /*
  * This Generates a wrapping key based on a privateKey, publicKey, and two
  * random numbers. For Mail usage RandomB should be NULL. In the Sender's
  * case RandomA is generate, outherwize it is passed.
  */
 static unsigned char *rb_email = NULL;
 PK11SymKey *
 PK11_PubDerive(SECKEYPrivateKey *privKey, SECKEYPublicKey *pubKey,
    PRBool isSender, SECItem *randomA, SECItem *randomB,
     CK_MECHANISM_TYPE derive, CK_MECHANISM_TYPE target,
 			CK_ATTRIBUTE_TYPE operation, int keySize,void *wincx)
 {
     PK11SlotInfo *slot = privKey->pkcs11Slot;
     CK_MECHANISM mechanism;
     PK11SymKey *symKey;
     CK_RV crv;
     if (rb_email == NULL) {
 	rb_email = PORT_ZAlloc(128);
 	if (rb_email == NULL) {
 	    return NULL;
 	}
 	rb_email[127] = 1;
     }
     /* get our key Structure */
     symKey = pk11_CreateSymKey(slot, target, PR_TRUE, PR_TRUE, wincx);
     if (symKey == NULL) {
 	return NULL;
     }
     symKey->origin = PK11_OriginDerive;
     switch (privKey->keyType) {
     case rsaKey:
     case nullKey:
 	PORT_SetError(SEC_ERROR_BAD_KEY);
 	break;
     case dsaKey:
     case keaKey:
     case fortezzaKey:
 	{
 	    CK_KEA_DERIVE_PARAMS param;
 	    param.isSender = (CK_BBOOL) isSender;
 	    param.ulRandomLen = randomA->len;
 	    param.pRandomA = randomA->data;
 	    param.pRandomB = rb_email;
 	    if (randomB)
 		 param.pRandomB = randomB->data;
 	    if (pubKey->keyType == fortezzaKey) {
 		param.ulPublicDataLen = pubKey->u.fortezza.KEAKey.len;
 		param.pPublicData = pubKey->u.fortezza.KEAKey.data;
 	    } else {
 		/* assert type == keaKey */
 		/* XXX change to match key key types */
 		param.ulPublicDataLen = pubKey->u.fortezza.KEAKey.len;
 		param.pPublicData = pubKey->u.fortezza.KEAKey.data;
 	    }
 	    mechanism.mechanism = derive;
 	    mechanism.pParameter = &param;
 	    mechanism.ulParameterLen = sizeof(param);
 	    /* get a new symKey structure */
 	    pk11_EnterKeyMonitor(symKey);
 	    crv=PK11_GETTAB(slot)->C_DeriveKey(symKey->session, &mechanism,
 			privKey->pkcs11ID, NULL, 0, &symKey->objectID);
 	    pk11_ExitKeyMonitor(symKey);
 	    if (crv == CKR_OK) return symKey;
 	    PORT_SetError( PK11_MapError(crv) );
 	}
 	break;
     case dhKey:
 	{
 	    CK_BBOOL cktrue = CK_TRUE;
 	    CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY;
 	    CK_KEY_TYPE keyType = CKK_GENERIC_SECRET;
 	    CK_ULONG key_size = 0;
 	    CK_ATTRIBUTE keyTemplate[4];
 	    int templateCount;
 	    CK_ATTRIBUTE *attrs = keyTemplate;
 	    if (pubKey->keyType != dhKey) {
 		PORT_SetError(SEC_ERROR_BAD_KEY);
 		break;
 	    }
 	    PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, sizeof(keyClass));
 	    attrs++;
 	    PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof(keyType));
 	    attrs++;
 	    PK11_SETATTRS(attrs, operation, &cktrue, 1); attrs++;
 	    PK11_SETATTRS(attrs, CKA_VALUE_LEN, &key_size, sizeof(key_size));
 	    attrs++;
 	    templateCount =  attrs - keyTemplate;
 	    PR_ASSERT(templateCount <= sizeof(keyTemplate)/sizeof(CK_ATTRIBUTE));
 	    keyType = PK11_GetKeyType(target,keySize);
 	    key_size = keySize;
 	    symKey->size = keySize;
 	    if (key_size == 0) templateCount--;
 	    mechanism.mechanism = derive;
 	    /* we can undefine these when we define diffie-helman keys */
 	    mechanism.pParameter = pubKey->u.dh.publicValue.data;
 	    mechanism.ulParameterLen = pubKey->u.dh.publicValue.len;
 	    pk11_EnterKeyMonitor(symKey);
 	    crv = PK11_GETTAB(slot)->C_DeriveKey(symKey->session, &mechanism,
 	     privKey->pkcs11ID, keyTemplate, templateCount, &symKey->objectID);
 	    pk11_ExitKeyMonitor(symKey);
 	    if (crv == CKR_OK) return symKey;
 	    PORT_SetError( PK11_MapError(crv) );
 	}
 	break;
     case ecKey:
         {
 	    CK_BBOOL cktrue = CK_TRUE;
 	    CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY;
 	    CK_KEY_TYPE keyType = CKK_GENERIC_SECRET;
 	    CK_ULONG key_size = 0;
 	    CK_ATTRIBUTE keyTemplate[4];
 	    int templateCount;
 	    CK_ATTRIBUTE *attrs = keyTemplate;
 	    CK_ECDH1_DERIVE_PARAMS *mechParams = NULL;
 	    if (pubKey->keyType != ecKey) {
 		PORT_SetError(SEC_ERROR_BAD_KEY);
 		break;
 	    }
 	    PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, sizeof(keyClass));
 	    attrs++;
 	    PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof(keyType));
 	    attrs++;
 	    PK11_SETATTRS(attrs, operation, &cktrue, 1); attrs++;
 	    PK11_SETATTRS(attrs, CKA_VALUE_LEN, &key_size, sizeof(key_size));
 	    attrs++;
 	    templateCount =  attrs - keyTemplate;
 	    PR_ASSERT(templateCount <= sizeof(keyTemplate)/sizeof(CK_ATTRIBUTE));
 	    keyType = PK11_GetKeyType(target,keySize);
 	    key_size = keySize;
 	    if (key_size == 0) {
 		if ((key_size = pk11_GetPredefinedKeyLength(keyType))) {
 		    templateCount --;
 		} else {
 		    /* sigh, some tokens can't figure this out and require
 		     * CKA_VALUE_LEN to be set */
 		    key_size = SHA1_LENGTH;
 		}
 	    }
 	    symKey->size = key_size;
 	    mechParams = PORT_ZNew(CK_ECDH1_DERIVE_PARAMS);
 	    mechParams->kdf = CKD_SHA1_KDF;
 	    mechParams->ulSharedDataLen = 0;
 	    mechParams->pSharedData = NULL;
 	    mechParams->ulPublicDataLen =  pubKey->u.ec.publicValue.len;
 	    mechParams->pPublicData =  pubKey->u.ec.publicValue.data;
 	    mechanism.mechanism = derive;
 	    mechanism.pParameter = mechParams;
 	    mechanism.ulParameterLen = sizeof(CK_ECDH1_DERIVE_PARAMS);
 	    pk11_EnterKeyMonitor(symKey);
 	    crv = PK11_GETTAB(slot)->C_DeriveKey(symKey->session,
 		&mechanism, privKey->pkcs11ID, keyTemplate,
 		templateCount, &symKey->objectID);
 	    pk11_ExitKeyMonitor(symKey);
 	    /* old PKCS #11 spec was ambiguous on what needed to be passed,
 	     * try this again with and encoded public key */
 	    if (crv != CKR_OK) {
 		SECItem *pubValue = SEC_ASN1EncodeItem(NULL, NULL,
 			&pubKey->u.ec.publicValue,
 			SEC_ASN1_GET(SEC_OctetStringTemplate));
 		if (pubValue == NULL) {
 	    	    PORT_ZFree(mechParams, sizeof(CK_ECDH1_DERIVE_PARAMS));
 		    break;
 		}
 		mechParams->ulPublicDataLen =  pubValue->len;
 		mechParams->pPublicData =  pubValue->data;
 		pk11_EnterKeyMonitor(symKey);
 		crv = PK11_GETTAB(slot)->C_DeriveKey(symKey->session,
 		    &mechanism, privKey->pkcs11ID, keyTemplate,
 		    templateCount, &symKey->objectID);
 		pk11_ExitKeyMonitor(symKey);
 		SECITEM_FreeItem(pubValue,PR_TRUE);
 	    }
 	    PORT_ZFree(mechParams, sizeof(CK_ECDH1_DERIVE_PARAMS));
 	    if (crv == CKR_OK) return symKey;
 	    PORT_SetError( PK11_MapError(crv) );
 	}
    }
    PK11_FreeSymKey(symKey);
    return NULL;
 }
 /* Returns the size of the public key, or 0 if there
  * is an error. */
 static CK_ULONG
 pk11_ECPubKeySize(SECItem *publicValue)
 {
     if (publicValue->data[0] == 0x04) {
 	/* key encoded in uncompressed form */
 	return((publicValue->len - 1)/2);
     } else if ( (publicValue->data[0] == 0x02) ||
 		(publicValue->data[0] == 0x03)) {
 	/* key encoded in compressed form */
 	return(publicValue->len - 1);
     }
     /* key encoding not recognized */
     return(0);
 }
 static PK11SymKey *
 pk11_PubDeriveECKeyWithKDF(
 		    SECKEYPrivateKey *privKey, SECKEYPublicKey *pubKey,
 		    PRBool isSender, SECItem *randomA, SECItem *randomB,
 		    CK_MECHANISM_TYPE derive, CK_MECHANISM_TYPE target,
 		    CK_ATTRIBUTE_TYPE operation, int keySize,
 		    CK_ULONG kdf, SECItem *sharedData, void *wincx)
 {
     PK11SlotInfo           *slot            = privKey->pkcs11Slot;
     PK11SymKey             *symKey;
     PK11SymKey             *SharedSecret;
     CK_MECHANISM            mechanism;
     CK_RV                   crv;
     CK_BBOOL                cktrue          = CK_TRUE;
     CK_OBJECT_CLASS         keyClass        = CKO_SECRET_KEY;
     CK_KEY_TYPE             keyType         = CKK_GENERIC_SECRET;
     CK_ULONG                key_size        = 0;
     CK_ATTRIBUTE            keyTemplate[4];
     int                     templateCount;
     CK_ATTRIBUTE           *attrs           = keyTemplate;
     CK_ECDH1_DERIVE_PARAMS *mechParams      = NULL;
     if (pubKey->keyType != ecKey) {
 	PORT_SetError(SEC_ERROR_BAD_KEY);
 	return NULL;
     }
     if ((kdf != CKD_NULL) && (kdf != CKD_SHA1_KDF) &&
 	(kdf != CKD_SHA224_KDF) && (kdf != CKD_SHA256_KDF) &&
 	(kdf != CKD_SHA384_KDF) && (kdf != CKD_SHA512_KDF)) {
 	PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
 	return NULL;
     }
     /* get our key Structure */
     symKey = pk11_CreateSymKey(slot, target, PR_TRUE, PR_TRUE, wincx);
     if (symKey == NULL) {
 	return NULL;
     }
     symKey->origin = PK11_OriginDerive;
     PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, sizeof(keyClass));     attrs++;
     PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof(keyType));    attrs++;
     PK11_SETATTRS(attrs, operation, &cktrue, 1);                      attrs++;
     PK11_SETATTRS(attrs, CKA_VALUE_LEN, &key_size, sizeof(key_size)); attrs++;
     templateCount =  attrs - keyTemplate;
     PR_ASSERT(templateCount <= sizeof(keyTemplate)/sizeof(CK_ATTRIBUTE));
     keyType = PK11_GetKeyType(target,keySize);
     key_size = keySize;
     if (key_size == 0) {
 	if ((key_size = pk11_GetPredefinedKeyLength(keyType))) {
 	    templateCount --;
 	} else {
 	    /* sigh, some tokens can't figure this out and require
 	     * CKA_VALUE_LEN to be set */
 	    switch (kdf) {
 	    case CKD_NULL:
 		key_size = pk11_ECPubKeySize(&pubKey->u.ec.publicValue);
 		if (key_size == 0) {
 		    PK11_FreeSymKey(symKey);
 		    return NULL;
 		}
 		break;
 	    case CKD_SHA1_KDF:
 		key_size = SHA1_LENGTH;
 		break;
 	    case CKD_SHA224_KDF:
 		key_size = SHA224_LENGTH;
 		break;
 	    case CKD_SHA256_KDF:
 		key_size = SHA256_LENGTH;
 		break;
 	    case CKD_SHA384_KDF:
 		key_size = SHA384_LENGTH;
 		break;
 	    case CKD_SHA512_KDF:
 		key_size = SHA512_LENGTH;
 		break;
 	    default:
 		PORT_Assert(!"Invalid CKD");
 		PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
 		return NULL;
 	    }
 	}
     }
     symKey->size = key_size;
     mechParams = PORT_ZNew(CK_ECDH1_DERIVE_PARAMS);
     if (!mechParams) {
 	PK11_FreeSymKey(symKey);
 	return NULL;
     }
     mechParams->kdf = kdf;
     if (sharedData == NULL) {
 	mechParams->ulSharedDataLen = 0;
 	mechParams->pSharedData     = NULL;
     } else {
 	mechParams->ulSharedDataLen = sharedData->len;
 	mechParams->pSharedData     = sharedData->data;
     }
     mechParams->ulPublicDataLen =  pubKey->u.ec.publicValue.len;
     mechParams->pPublicData =  pubKey->u.ec.publicValue.data;
     mechanism.mechanism      = derive;
     mechanism.pParameter     = mechParams;
     mechanism.ulParameterLen = sizeof(CK_ECDH1_DERIVE_PARAMS);
     pk11_EnterKeyMonitor(symKey);
     crv = PK11_GETTAB(slot)->C_DeriveKey(symKey->session, &mechanism,
     	privKey->pkcs11ID, keyTemplate, templateCount, &symKey->objectID);
     pk11_ExitKeyMonitor(symKey);
     /* old PKCS #11 spec was ambiguous on what needed to be passed,
      * try this again with an encoded public key */
     if (crv != CKR_OK) {
 	SECItem *pubValue = SEC_ASN1EncodeItem(NULL, NULL,
 		&pubKey->u.ec.publicValue,
 		SEC_ASN1_GET(SEC_OctetStringTemplate));
 	if (pubValue == NULL) {
 	    goto loser;
 	}
 	mechParams->ulPublicDataLen =  pubValue->len;
 	mechParams->pPublicData =  pubValue->data;
 	pk11_EnterKeyMonitor(symKey);
 	crv = PK11_GETTAB(slot)->C_DeriveKey(symKey->session,
 	    &mechanism, privKey->pkcs11ID, keyTemplate,
 	    templateCount, &symKey->objectID);
 	pk11_ExitKeyMonitor(symKey);
 	if ((crv != CKR_OK) && (kdf != CKD_NULL)) {
 	    /* Some PKCS #11 libraries cannot perform the key derivation
 	     * function. So, try calling C_DeriveKey with CKD_NULL and then
 	     * performing the KDF separately.
 	     */
 	    CK_ULONG derivedKeySize = key_size;
 	    keyType = CKK_GENERIC_SECRET;
 	    key_size = pk11_ECPubKeySize(&pubKey->u.ec.publicValue);
 	    if (key_size == 0) {
 		SECITEM_FreeItem(pubValue,PR_TRUE);
 		goto loser;
 	    }
 	    SharedSecret = symKey;
 	    SharedSecret->size = key_size;
 	    mechParams->kdf             = CKD_NULL;
 	    mechParams->ulSharedDataLen = 0;
 	    mechParams->pSharedData     = NULL;
 	    mechParams->ulPublicDataLen = pubKey->u.ec.publicValue.len;
 	    mechParams->pPublicData     = pubKey->u.ec.publicValue.data;
 	    pk11_EnterKeyMonitor(SharedSecret);
 	    crv = PK11_GETTAB(slot)->C_DeriveKey(SharedSecret->session,
 			    &mechanism, privKey->pkcs11ID, keyTemplate,
 			    templateCount, &SharedSecret->objectID);
 	    pk11_ExitKeyMonitor(SharedSecret);
 	    if (crv != CKR_OK) {
 		/* old PKCS #11 spec was ambiguous on what needed to be passed,
 		 * try this one final time with an encoded public key */
 		mechParams->ulPublicDataLen =  pubValue->len;
 		mechParams->pPublicData     =  pubValue->data;
 		pk11_EnterKeyMonitor(SharedSecret);
 		crv = PK11_GETTAB(slot)->C_DeriveKey(SharedSecret->session,
 				&mechanism, privKey->pkcs11ID, keyTemplate,
 				templateCount, &SharedSecret->objectID);
 		pk11_ExitKeyMonitor(SharedSecret);
 	    }
 	    /* Perform KDF. */
 	    if (crv == CKR_OK) {
 		    symKey = pk11_ANSIX963Derive(SharedSecret, kdf,
 					sharedData, target, operation,
 					derivedKeySize);
 		    PK11_FreeSymKey(SharedSecret);
 		    if (symKey == NULL) {
 			SECITEM_FreeItem(pubValue,PR_TRUE);
 			PORT_ZFree(mechParams, sizeof(CK_ECDH1_DERIVE_PARAMS));
 			return NULL;
 		    }
 	    }
 	}
 	SECITEM_FreeItem(pubValue,PR_TRUE);
     }
 loser:
     PORT_ZFree(mechParams, sizeof(CK_ECDH1_DERIVE_PARAMS));
     if (crv != CKR_OK) {
 	PK11_FreeSymKey(symKey);
 	symKey = NULL;
 	PORT_SetError( PK11_MapError(crv) );
     }
     return symKey;
 }
 PK11SymKey *
 PK11_PubDeriveWithKDF(SECKEYPrivateKey *privKey, SECKEYPublicKey *pubKey,
 		      PRBool isSender, SECItem *randomA, SECItem *randomB,
 		      CK_MECHANISM_TYPE derive, CK_MECHANISM_TYPE target,
 		      CK_ATTRIBUTE_TYPE operation, int keySize,
 		      CK_ULONG kdf, SECItem *sharedData, void *wincx)
 {
     switch (privKey->keyType) {
     case rsaKey:
     case nullKey:
     case dsaKey:
     case keaKey:
     case fortezzaKey:
     case dhKey:
 	return PK11_PubDerive(privKey, pubKey, isSender, randomA, randomB,
 		derive, target, operation, keySize, wincx);
     case ecKey:
 	return pk11_PubDeriveECKeyWithKDF( privKey, pubKey, isSender,
 		randomA, randomB, derive, target, operation, keySize,
 		kdf, sharedData, wincx);
     default:
         PORT_SetError(SEC_ERROR_BAD_KEY);
         break;
     }
     return NULL;
 }
 /*
  * this little function uses the Decrypt function to unwrap a key, just in
  * case we are having problem with unwrap. NOTE: The key size may
  * not be preserved properly for some algorithms!
  */
 static PK11SymKey *
 pk11_HandUnwrap(PK11SlotInfo *slot, CK_OBJECT_HANDLE wrappingKey,
                 CK_MECHANISM *mech, SECItem *inKey, CK_MECHANISM_TYPE target,
 		CK_ATTRIBUTE *keyTemplate, unsigned int templateCount,
 		int key_size, void * wincx, CK_RV *crvp, PRBool isPerm)
 {
     CK_ULONG len;
     SECItem outKey;
     PK11SymKey *symKey;
     CK_RV crv;
     PRBool owner = PR_TRUE;
     CK_SESSION_HANDLE session;
     /* remove any VALUE_LEN parameters */
     if (keyTemplate[templateCount-1].type == CKA_VALUE_LEN) {
         templateCount--;
     }
     /* keys are almost always aligned, but if we get this far,
      * we've gone above and beyond anyway... */
     outKey.data = (unsigned char*)PORT_Alloc(inKey->len);
     if (outKey.data == NULL) {
 	PORT_SetError( SEC_ERROR_NO_MEMORY );
 	if (crvp) *crvp = CKR_HOST_MEMORY;
 	return NULL;
     }
     len = inKey->len;
     /* use NULL IV's for wrapping */
     session = pk11_GetNewSession(slot,&owner);
     if (!owner || !(slot->isThreadSafe)) PK11_EnterSlotMonitor(slot);
     crv = PK11_GETTAB(slot)->C_DecryptInit(session,mech,wrappingKey);
     if (crv != CKR_OK) {
 	if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot);
 	pk11_CloseSession(slot,session,owner);
 	PORT_Free(outKey.data);
 	PORT_SetError( PK11_MapError(crv) );
 	if (crvp) *crvp =crv;
 	return NULL;
     }
     crv = PK11_GETTAB(slot)->C_Decrypt(session,inKey->data,inKey->len,
 							   outKey.data, &len);
     if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot);
     pk11_CloseSession(slot,session,owner);
     if (crv != CKR_OK) {
 	PORT_Free(outKey.data);
 	PORT_SetError( PK11_MapError(crv) );
 	if (crvp) *crvp =crv;
 	return NULL;
     }
     outKey.len = (key_size == 0) ? len : key_size;
     outKey.type = siBuffer;
     if (PK11_DoesMechanism(slot,target)) {
 	symKey = pk11_ImportSymKeyWithTempl(slot, target, PK11_OriginUnwrap,
 	                                    isPerm, keyTemplate,
 					    templateCount, &outKey, wincx);
     } else {
 	slot = PK11_GetBestSlot(target,wincx);
 	if (slot == NULL) {
 	    PORT_SetError( SEC_ERROR_NO_MODULE );
 	    PORT_Free(outKey.data);
 	    if (crvp) *crvp = CKR_DEVICE_ERROR;
 	    return NULL;
 	}
 	symKey = pk11_ImportSymKeyWithTempl(slot, target, PK11_OriginUnwrap,
 	                                    isPerm, keyTemplate,
 					    templateCount, &outKey, wincx);
 	PK11_FreeSlot(slot);
     }
     PORT_Free(outKey.data);
     if (crvp) *crvp = symKey? CKR_OK : CKR_DEVICE_ERROR;
     return symKey;
 }
 /*
  * The wrap/unwrap function is pretty much the same for private and
  * public keys. It's just getting the Object ID and slot right. This is
  * the combined unwrap function.
  */
 static PK11SymKey *
 pk11_AnyUnwrapKey(PK11SlotInfo *slot, CK_OBJECT_HANDLE wrappingKey,
     CK_MECHANISM_TYPE wrapType, SECItem *param, SECItem *wrappedKey,
     CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, int keySize,
     void *wincx, CK_ATTRIBUTE *userAttr, unsigned int numAttrs, PRBool isPerm)
 {
     PK11SymKey *    symKey;
     SECItem *       param_free	= NULL;
     CK_BBOOL        cktrue	= CK_TRUE;
     CK_OBJECT_CLASS keyClass	= CKO_SECRET_KEY;
     CK_KEY_TYPE     keyType	= CKK_GENERIC_SECRET;
     CK_ULONG        valueLen	= 0;
     CK_MECHANISM    mechanism;
     CK_SESSION_HANDLE rwsession;
     CK_RV           crv;
     CK_MECHANISM_INFO mechanism_info;
 #define MAX_ADD_ATTRS 4
     CK_ATTRIBUTE    keyTemplate[MAX_TEMPL_ATTRS + MAX_ADD_ATTRS];
 #undef MAX_ADD_ATTRS
     CK_ATTRIBUTE *  attrs	= keyTemplate;
     unsigned int    templateCount;
     if (numAttrs > MAX_TEMPL_ATTRS) {
     	PORT_SetError(SEC_ERROR_INVALID_ARGS);
 	return NULL;
     }
     /* first copy caller attributes in. */
     for (templateCount = 0; templateCount < numAttrs; ++templateCount) {
     	*attrs++ = *userAttr++;
     }
     /* We only add the following attributes to the template if the caller
     ** didn't already supply them.
     */
     if (!pk11_FindAttrInTemplate(keyTemplate, numAttrs, CKA_CLASS)) {
 	PK11_SETATTRS(attrs, CKA_CLASS,     &keyClass, sizeof keyClass);
 	attrs++;
     }
     if (!pk11_FindAttrInTemplate(keyTemplate, numAttrs, CKA_KEY_TYPE)) {
 	keyType = PK11_GetKeyType(target, keySize);
 	PK11_SETATTRS(attrs, CKA_KEY_TYPE,  &keyType,  sizeof keyType );
 	attrs++;
     }
     if ((operation != CKA_FLAGS_ONLY) &&
 	  !pk11_FindAttrInTemplate(keyTemplate, numAttrs, operation)) {
 	PK11_SETATTRS(attrs, operation, &cktrue, 1); attrs++;
     }
     /*
      * must be last in case we need to use this template to import the key
      */
     if (keySize > 0 &&
     	  !pk11_FindAttrInTemplate(keyTemplate, numAttrs, CKA_VALUE_LEN)) {
 	valueLen = (CK_ULONG)keySize;
 	PK11_SETATTRS(attrs, CKA_VALUE_LEN, &valueLen, sizeof valueLen);
 	attrs++;
     }
     templateCount = attrs - keyTemplate;
     PR_ASSERT(templateCount <= sizeof(keyTemplate)/sizeof(CK_ATTRIBUTE));
     /* find out if we can do wrap directly. Because the RSA case if *very*
      * common, cache the results for it. */
     if ((wrapType == CKM_RSA_PKCS) && (slot->hasRSAInfo)) {
 	mechanism_info.flags = slot->RSAInfoFlags;
     } else {
 	if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot);
 	crv = PK11_GETTAB(slot)->C_GetMechanismInfo(slot->slotID,wrapType,
 				 &mechanism_info);
     	if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);
     	if (crv != CKR_OK) {
 	     mechanism_info.flags = 0;
     	}
         if (wrapType == CKM_RSA_PKCS) {
 	    slot->RSAInfoFlags = mechanism_info.flags;
 	    slot->hasRSAInfo = PR_TRUE;
 	}
     }
     /* initialize the mechanism structure */
     mechanism.mechanism = wrapType;
     /* use NULL IV's for wrapping */
     if (param == NULL)
 	param = param_free = PK11_ParamFromIV(wrapType,NULL);
     if (param) {
 	mechanism.pParameter = param->data;
 	mechanism.ulParameterLen = param->len;
     } else {
 	mechanism.pParameter = NULL;
 	mechanism.ulParameterLen = 0;
     }
     if ((mechanism_info.flags & CKF_DECRYPT)
 				&& !PK11_DoesMechanism(slot,target)) {
 	symKey = pk11_HandUnwrap(slot, wrappingKey, &mechanism, wrappedKey,
 	                         target, keyTemplate, templateCount, keySize,
 				 wincx, &crv, isPerm);
 	if (symKey) {
 	    if (param_free) SECITEM_FreeItem(param_free,PR_TRUE);
 	    return symKey;
 	}
 	/*
 	 * if the RSA OP simply failed, don't try to unwrap again
 	 * with this module.
 	 */
 	if (crv == CKR_DEVICE_ERROR){
 	    if (param_free) SECITEM_FreeItem(param_free,PR_TRUE);
 	    return NULL;
 	}
 	/* fall through, maybe they incorrectly set CKF_DECRYPT */
     }
     /* get our key Structure */
     symKey = pk11_CreateSymKey(slot, target, !isPerm, PR_TRUE, wincx);
     if (symKey == NULL) {
 	if (param_free) SECITEM_FreeItem(param_free,PR_TRUE);
 	return NULL;
     }
     symKey->size = keySize;
     symKey->origin = PK11_OriginUnwrap;
     if (isPerm) {
 	rwsession = PK11_GetRWSession(slot);
     } else {
         pk11_EnterKeyMonitor(symKey);
 	rwsession = symKey->session;
     }
     PORT_Assert(rwsession != CK_INVALID_SESSION);
     if (rwsession == CK_INVALID_SESSION)
     	crv = CKR_SESSION_HANDLE_INVALID;
     else
 	crv = PK11_GETTAB(slot)->C_UnwrapKey(rwsession,&mechanism,wrappingKey,
 		wrappedKey->data, wrappedKey->len, keyTemplate, templateCount,
 							  &symKey->objectID);
     if (isPerm) {
 	if (rwsession != CK_INVALID_SESSION)
 	    PK11_RestoreROSession(slot, rwsession);
     } else {
         pk11_ExitKeyMonitor(symKey);
     }
     if (param_free) SECITEM_FreeItem(param_free,PR_TRUE);
     if (crv != CKR_OK) {
 	PK11_FreeSymKey(symKey);
 	symKey = NULL;
 	if (crv != CKR_DEVICE_ERROR) {
 	    /* try hand Unwrapping */
 	    symKey = pk11_HandUnwrap(slot, wrappingKey, &mechanism, wrappedKey,
 				     target, keyTemplate, templateCount,
 				     keySize, wincx, NULL, isPerm);
 	}
    }
    return symKey;
 }
 /* use a symetric key to unwrap another symetric key */
 PK11SymKey *
 PK11_UnwrapSymKey( PK11SymKey *wrappingKey, CK_MECHANISM_TYPE wrapType,
                    SECItem *param, SECItem *wrappedKey,
 		   CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation,
 		   int keySize)
 {
     return pk11_AnyUnwrapKey(wrappingKey->slot, wrappingKey->objectID,
 		    wrapType, param, wrappedKey, target, operation, keySize,
 		    wrappingKey->cx, NULL, 0, PR_FALSE);
 }
 /* use a symetric key to unwrap another symetric key */
 PK11SymKey *
 PK11_UnwrapSymKeyWithFlags(PK11SymKey *wrappingKey, CK_MECHANISM_TYPE wrapType,
                    SECItem *param, SECItem *wrappedKey,
 		   CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation,
 		   int keySize, CK_FLAGS flags)
 {
     CK_BBOOL        ckTrue	= CK_TRUE;
     CK_ATTRIBUTE    keyTemplate[MAX_TEMPL_ATTRS];
     unsigned int    templateCount;
     templateCount = pk11_OpFlagsToAttributes(flags, keyTemplate, &ckTrue);
     return pk11_AnyUnwrapKey(wrappingKey->slot, wrappingKey->objectID,
 		    wrapType, param, wrappedKey, target, operation, keySize,
 		    wrappingKey->cx, keyTemplate, templateCount, PR_FALSE);
 }
 PK11SymKey *
 PK11_UnwrapSymKeyWithFlagsPerm(PK11SymKey *wrappingKey,
 		   CK_MECHANISM_TYPE wrapType,
                    SECItem *param, SECItem *wrappedKey,
 		   CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation,
 		   int keySize, CK_FLAGS flags, PRBool isPerm)
 {
     CK_BBOOL        cktrue	= CK_TRUE;
     CK_ATTRIBUTE    keyTemplate[MAX_TEMPL_ATTRS];
     CK_ATTRIBUTE    *attrs;
     unsigned int    templateCount;
     attrs = keyTemplate;
     if (isPerm) {
         PK11_SETATTRS(attrs, CKA_TOKEN,  &cktrue, sizeof(CK_BBOOL)); attrs++;
     }
     templateCount = attrs-keyTemplate;
     templateCount += pk11_OpFlagsToAttributes(flags, attrs, &cktrue);
     return pk11_AnyUnwrapKey(wrappingKey->slot, wrappingKey->objectID,
 		    wrapType, param, wrappedKey, target, operation, keySize,
 		    wrappingKey->cx, keyTemplate, templateCount, isPerm);
 }
 /* unwrap a symetric key with a private key. */
 PK11SymKey *
 PK11_PubUnwrapSymKey(SECKEYPrivateKey *wrappingKey, SECItem *wrappedKey,
 	  CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, int keySize)
 {
     CK_MECHANISM_TYPE wrapType = pk11_mapWrapKeyType(wrappingKey->keyType);
     PK11SlotInfo    *slot = wrappingKey->pkcs11Slot;
     if (SECKEY_HAS_ATTRIBUTE_SET(wrappingKey,CKA_PRIVATE)) {
 	PK11_HandlePasswordCheck(slot,wrappingKey->wincx);
     }
     return pk11_AnyUnwrapKey(slot, wrappingKey->pkcs11ID,
 	wrapType, NULL, wrappedKey, target, operation, keySize,
 	wrappingKey->wincx, NULL, 0, PR_FALSE);
 }
 /* unwrap a symetric key with a private key. */
 PK11SymKey *
 PK11_PubUnwrapSymKeyWithFlags(SECKEYPrivateKey *wrappingKey,
 	  SECItem *wrappedKey, CK_MECHANISM_TYPE target,
 	  CK_ATTRIBUTE_TYPE operation, int keySize, CK_FLAGS flags)
 {
     CK_MECHANISM_TYPE wrapType = pk11_mapWrapKeyType(wrappingKey->keyType);
     CK_BBOOL        ckTrue	= CK_TRUE;
     CK_ATTRIBUTE    keyTemplate[MAX_TEMPL_ATTRS];
     unsigned int    templateCount;
     PK11SlotInfo    *slot = wrappingKey->pkcs11Slot;
     templateCount = pk11_OpFlagsToAttributes(flags, keyTemplate, &ckTrue);
     if (SECKEY_HAS_ATTRIBUTE_SET(wrappingKey,CKA_PRIVATE)) {
 	PK11_HandlePasswordCheck(slot,wrappingKey->wincx);
     }
     return pk11_AnyUnwrapKey(slot, wrappingKey->pkcs11ID,
 	wrapType, NULL, wrappedKey, target, operation, keySize,
 	wrappingKey->wincx, keyTemplate, templateCount, PR_FALSE);
 }
 PK11SymKey *
 PK11_PubUnwrapSymKeyWithFlagsPerm(SECKEYPrivateKey *wrappingKey,
 	  SECItem *wrappedKey, CK_MECHANISM_TYPE target,
 	  CK_ATTRIBUTE_TYPE operation, int keySize,
 	  CK_FLAGS flags, PRBool isPerm)
 {
     CK_MECHANISM_TYPE wrapType = pk11_mapWrapKeyType(wrappingKey->keyType);
     CK_BBOOL        cktrue	= CK_TRUE;
     CK_ATTRIBUTE    keyTemplate[MAX_TEMPL_ATTRS];
     CK_ATTRIBUTE    *attrs;
     unsigned int    templateCount;
     PK11SlotInfo    *slot = wrappingKey->pkcs11Slot;
     attrs = keyTemplate;
     if (isPerm) {
         PK11_SETATTRS(attrs, CKA_TOKEN,  &cktrue, sizeof(CK_BBOOL)); attrs++;
     }
     templateCount = attrs-keyTemplate;
     templateCount += pk11_OpFlagsToAttributes(flags, attrs, &cktrue);
     if (SECKEY_HAS_ATTRIBUTE_SET(wrappingKey,CKA_PRIVATE)) {
 	PK11_HandlePasswordCheck(slot,wrappingKey->wincx);
     }
     return pk11_AnyUnwrapKey(slot, wrappingKey->pkcs11ID,
 	wrapType, NULL, wrappedKey, target, operation, keySize,
 	wrappingKey->wincx, keyTemplate, templateCount, isPerm);
 }
 PK11SymKey*
 PK11_CopySymKeyForSigning(PK11SymKey *originalKey, CK_MECHANISM_TYPE mech)
 {
     CK_RV crv;
     CK_ATTRIBUTE setTemplate;
     CK_BBOOL ckTrue = CK_TRUE;
     PK11SlotInfo *slot = originalKey->slot;
     /* first just try to set this key up for signing */
     PK11_SETATTRS(&setTemplate, CKA_SIGN, &ckTrue, sizeof(ckTrue));
     pk11_EnterKeyMonitor(originalKey);
     crv = PK11_GETTAB(slot)-> C_SetAttributeValue(originalKey->session,
 				originalKey->objectID, &setTemplate, 1);
     pk11_ExitKeyMonitor(originalKey);
     if (crv == CKR_OK) {
 	return PK11_ReferenceSymKey(originalKey);
     }
     /* nope, doesn't like it, use the pk11 copy object command */
     return pk11_CopyToSlot(slot, mech, CKA_SIGN, originalKey);
 }
 void
 PK11_SetFortezzaHack(PK11SymKey *symKey) {
    symKey->origin = PK11_OriginFortezzaHack;
 }
 /*
  * This is required to allow FORTEZZA_NULL and FORTEZZA_RC4
  * working. This function simply gets a valid IV for the keys.
  */
 SECStatus
 PK11_GenerateFortezzaIV(PK11SymKey *symKey,unsigned char *iv,int len)
 {
     CK_MECHANISM mech_info;
     CK_ULONG count = 0;
     CK_RV crv;
     SECStatus rv = SECFailure;
     mech_info.mechanism = CKM_SKIPJACK_CBC64;
     mech_info.pParameter = iv;
     mech_info.ulParameterLen = len;
     /* generate the IV for fortezza */
     PK11_EnterSlotMonitor(symKey->slot);
     crv=PK11_GETTAB(symKey->slot)->C_EncryptInit(symKey->slot->session,
 				&mech_info, symKey->objectID);
     if (crv == CKR_OK) {
 	PK11_GETTAB(symKey->slot)->C_EncryptFinal(symKey->slot->session,
 								NULL, &count);
 	rv = SECSuccess;
     }
     PK11_ExitSlotMonitor(symKey->slot);
     return rv;
 }
 CK_OBJECT_HANDLE
 PK11_GetSymKeyHandle(PK11SymKey *symKey)
 {
     return symKey->objectID;
 }

The Tor Browser / annotate

security/nss/lib/pk11wrap/pk11skey.c@6474c204b198 (annotated)

security/nss/lib/pk11wrap/pk11skey.c