The Tor Browser: comparison security/nss/lib/pk11wrap/pk11sdr.c

--1:000000000000
+:ba66e6e050b7
+/* This Source Code Form is subject to the terms of the Mozilla Public
+* License, v. 2.0. If a copy of the MPL was not distributed with this
+* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include "seccomon.h"
+#include "secoid.h"
+#include "secasn1.h"
+#include "pkcs11.h"
+#include "pk11func.h"
+#include "pk11sdr.h"
+/*
+* Data structure and template for encoding the result of an SDR operation
+*  This is temporary.  It should include the algorithm ID of the encryption mechanism
+*/
+struct SDRResult
+{
+SECItem keyid;
+SECAlgorithmID alg;
+SECItem data;
+};
+typedef struct SDRResult SDRResult;
+SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
+static SEC_ASN1Template template[] = {
+{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof (SDRResult) },
+{ SEC_ASN1_OCTET_STRING, offsetof(SDRResult, keyid) },
+{ SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(SDRResult, alg),
+SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+{ SEC_ASN1_OCTET_STRING, offsetof(SDRResult, data) },
+{ 0 }
+};
+static unsigned char keyID[] = {
+0xF8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
+};
+static SECItem keyIDItem = {
+0,
+keyID,
+sizeof keyID
+};
+/* local utility function for padding an incoming data block
+* to the mechanism block size.
+*/
+static SECStatus
+padBlock(SECItem *data, int blockSize, SECItem *result)
+{
+SECStatus rv = SECSuccess;
+int padLength;
+unsigned int i;
+result->data = 0;
+result->len = 0;
+/* This algorithm always adds to the block (to indicate the number
+* of pad bytes).  So allocate a block large enough.
+*/
+padLength = blockSize - (data->len % blockSize);
+result->len = data->len + padLength;
+result->data = (unsigned char *)PORT_Alloc(result->len);
+/* Copy the data */
+PORT_Memcpy(result->data, data->data, data->len);
+/* Add the pad values */
+for(i = data->len; i < result->len; i++)
+result->data[i] = (unsigned char)padLength;
+return rv;
+}
+static SECStatus
+unpadBlock(SECItem *data, int blockSize, SECItem *result)
+{
+SECStatus rv = SECSuccess;
+int padLength;
+unsigned int i;
+result->data = 0;
+result->len = 0;
+/* Remove the padding from the end if the input data */
+if (data->len == 0 || data->len % blockSize  != 0) { rv = SECFailure; goto loser; }
+padLength = data->data[data->len-1];
+if (padLength > blockSize) { rv = SECFailure; goto loser; }
+/* verify padding */
+for (i=data->len - padLength; i < data->len; i++) {
+if (data->data[i] != padLength) {
+	rv = SECFailure;
+	goto loser;
+}
+}
+result->len = data->len - padLength;
+result->data = (unsigned char *)PORT_Alloc(result->len);
+if (!result->data) { rv = SECFailure; goto loser; }
+PORT_Memcpy(result->data, data->data, result->len);
+if (padLength < 2) {
+return SECWouldBlock;
+}
+loser:
+return rv;
+}
+static PRLock *pk11sdrLock = NULL;
+void
+pk11sdr_Init (void)
+{
+pk11sdrLock = PR_NewLock();
+}
+void
+pk11sdr_Shutdown(void)
+{
+if (pk11sdrLock) {
+	PR_DestroyLock(pk11sdrLock);
+	pk11sdrLock = NULL;
+}
+}
+/*
+* PK11SDR_Encrypt
+*  Encrypt a block of data using the symmetric key identified.  The result
+*  is an ASN.1 (DER) encoded block of keyid, params and data.
+*/
+SECStatus
+PK11SDR_Encrypt(SECItem *keyid, SECItem *data, SECItem *result, void *cx)
+{
+SECStatus rv = SECSuccess;
+PK11SlotInfo *slot = 0;
+PK11SymKey *key = 0;
+SECItem *params = 0;
+PK11Context *ctx = 0;
+CK_MECHANISM_TYPE type;
+SDRResult sdrResult;
+SECItem paddedData;
+SECItem *pKeyID;
+PLArenaPool *arena = 0;
+/* Initialize */
+paddedData.len = 0;
+paddedData.data = 0;
+arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
+if (!arena) { rv = SECFailure; goto loser; }
+/* 1. Locate the requested keyid, or the default key (which has a keyid)
+* 2. Create an encryption context
+* 3. Encrypt
+* 4. Encode the results (using ASN.1)
+*/
+slot = PK11_GetInternalKeySlot();
+if (!slot) { rv = SECFailure; goto loser; }
+/* Use triple-DES */
+type = CKM_DES3_CBC;
+/*
+* Login to the internal token before we look for the key, otherwise we
+* won't find it.
+*/
+rv = PK11_Authenticate(slot, PR_TRUE, cx);
+if (rv != SECSuccess) goto loser;
+/* Find the key to use */
+pKeyID = keyid;
+if (pKeyID->len == 0) {
+	  pKeyID = &keyIDItem;  /* Use default value */
+	  /* put in a course lock to prevent a race between not finding the
+	   * key and creating  one.
+	   */
+	  if (pk11sdrLock) PR_Lock(pk11sdrLock);
+	  /* Try to find the key */
+	  key = PK11_FindFixedKey(slot, type, pKeyID, cx);
+	  /* If the default key doesn't exist yet, try to create it */
+	  if (!key) key = PK11_GenDES3TokenKey(slot, pKeyID, cx);
+	  if (pk11sdrLock) PR_Unlock(pk11sdrLock);
+} else {
+	  key = PK11_FindFixedKey(slot, type, pKeyID, cx);
+}
+if (!key) { rv = SECFailure; goto loser; }
+params = PK11_GenerateNewParam(type, key);
+if (!params) { rv = SECFailure; goto loser; }
+ctx = PK11_CreateContextBySymKey(type, CKA_ENCRYPT, key, params);
+if (!ctx) { rv = SECFailure; goto loser; }
+rv = padBlock(data, PK11_GetBlockSize(type, 0), &paddedData);
+if (rv != SECSuccess) goto loser;
+sdrResult.data.len = paddedData.len;
+sdrResult.data.data = (unsigned char *)PORT_ArenaAlloc(arena, sdrResult.data.len);
+rv = PK11_CipherOp(ctx, sdrResult.data.data, (int*)&sdrResult.data.len, sdrResult.data.len,
+paddedData.data, paddedData.len);
+if (rv != SECSuccess) goto loser;
+PK11_Finalize(ctx);
+sdrResult.keyid = *pKeyID;
+rv = PK11_ParamToAlgid(SEC_OID_DES_EDE3_CBC, params, arena, &sdrResult.alg);
+if (rv != SECSuccess) goto loser;
+if (!SEC_ASN1EncodeItem(0, result, &sdrResult, template)) { rv = SECFailure; goto loser; }
+loser:
+SECITEM_ZfreeItem(&paddedData, PR_FALSE);
+if (arena) PORT_FreeArena(arena, PR_TRUE);
+if (ctx) PK11_DestroyContext(ctx, PR_TRUE);
+if (params) SECITEM_ZfreeItem(params, PR_TRUE);
+if (key) PK11_FreeSymKey(key);
+if (slot) PK11_FreeSlot(slot);
+return rv;
+}
+/* decrypt a block */
+static SECStatus
+pk11Decrypt(PK11SlotInfo *slot, PLArenaPool *arena,
+	    CK_MECHANISM_TYPE type, PK11SymKey *key,
+	    SECItem *params, SECItem *in, SECItem *result)
+{
+PK11Context *ctx = 0;
+SECItem paddedResult;
+SECStatus rv;
+paddedResult.len = 0;
+paddedResult.data = 0;
+ctx = PK11_CreateContextBySymKey(type, CKA_DECRYPT, key, params);
+if (!ctx) { rv = SECFailure; goto loser; }
+paddedResult.len = in->len;
+paddedResult.data = PORT_ArenaAlloc(arena, paddedResult.len);
+rv = PK11_CipherOp(ctx, paddedResult.data,
+			(int*)&paddedResult.len, paddedResult.len,
+			in->data, in->len);
+if (rv != SECSuccess) goto loser;
+PK11_Finalize(ctx);
+/* Remove the padding */
+rv = unpadBlock(&paddedResult, PK11_GetBlockSize(type, 0), result);
+if (rv) goto loser;
+loser:
+if (ctx) PK11_DestroyContext(ctx, PR_TRUE);
+return rv;
+}
+/*
+* PK11SDR_Decrypt
+*  Decrypt a block of data produced by PK11SDR_Encrypt.  The key used is identified
+*  by the keyid field within the input.
+*/
+SECStatus
+PK11SDR_Decrypt(SECItem *data, SECItem *result, void *cx)
+{
+SECStatus rv = SECSuccess;
+PK11SlotInfo *slot = 0;
+PK11SymKey *key = 0;
+CK_MECHANISM_TYPE type;
+SDRResult sdrResult;
+SECItem *params = 0;
+SECItem possibleResult = { 0, NULL, 0 };
+PLArenaPool *arena = 0;
+arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
+if (!arena) { rv = SECFailure; goto loser; }
+/* Decode the incoming data */
+memset(&sdrResult, 0, sizeof sdrResult);
+rv = SEC_QuickDERDecodeItem(arena, &sdrResult, template, data);
+if (rv != SECSuccess) goto loser;  /* Invalid format */
+/* Find the slot and key for the given keyid */
+slot = PK11_GetInternalKeySlot();
+if (!slot) { rv = SECFailure; goto loser; }
+rv = PK11_Authenticate(slot, PR_TRUE, cx);
+if (rv != SECSuccess) goto loser;
+/* Get the parameter values from the data */
+params = PK11_ParamFromAlgid(&sdrResult.alg);
+if (!params) { rv = SECFailure; goto loser; }
+/* Use triple-DES (Should look up the algorithm) */
+type = CKM_DES3_CBC;
+key = PK11_FindFixedKey(slot, type, &sdrResult.keyid, cx);
+if (!key) {
+	rv = SECFailure;
+} else {
+	rv = pk11Decrypt(slot, arena, type, key, params,
+			&sdrResult.data, result);
+}
+/*
+* if the pad value was too small (1 or 2), then it's statistically
+* 'likely' that (1 in 256) that we may not have the correct key.
+* Check the other keys for a better match. If we find none, use
+* this result.
+*/
+if (rv == SECWouldBlock) {
+	possibleResult = *result;
+}
+/*
+* handle the case where your key indicies may have been broken
+*/
+if (rv != SECSuccess) {
+	PK11SymKey *keyList = PK11_ListFixedKeysInSlot(slot, NULL, cx);
+	PK11SymKey *testKey = NULL;
+	PK11SymKey *nextKey = NULL;
+	for (testKey = keyList; testKey;
+				testKey = PK11_GetNextSymKey(testKey)) {
+	    rv = pk11Decrypt(slot, arena, type, testKey, params,
+			     &sdrResult.data, result);
+	    if (rv == SECSuccess) {
+		break;
+	    }
+	    /* found a close match. If it's our first remember it */
+	    if (rv == SECWouldBlock) {
+		if (possibleResult.data) {
+		    /* this is unlikely but possible. If we hit this condition,
+		     * we have no way of knowing which possibility to prefer.
+		     * in this case we just match the key the application
+		     * thought was the right one */
+		    SECITEM_ZfreeItem(result, PR_FALSE);
+		} else {
+		    possibleResult = *result;
+		}
+	    }
+	}
+	/* free the list */
+	for (testKey = keyList; testKey; testKey = nextKey) {
+	    nextKey = PK11_GetNextSymKey(testKey);
+	    PK11_FreeSymKey(testKey);
+	}
+}
+/* we didn't find a better key, use the one with a small pad value */
+if ((rv != SECSuccess) && (possibleResult.data)) {
+	*result = possibleResult;
+	possibleResult.data = NULL;
+	rv = SECSuccess;
+}
+loser:
+if (arena) PORT_FreeArena(arena, PR_TRUE);
+if (key) PK11_FreeSymKey(key);
+if (params) SECITEM_ZfreeItem(params, PR_TRUE);
+if (slot) PK11_FreeSlot(slot);
+if (possibleResult.data) SECITEM_ZfreeItem(&possibleResult, PR_FALSE);
+return rv;
+}

The Tor Browser / file comparison

comparison: security/nss/lib/pk11wrap/pk11sdr.c

security/nss/lib/pk11wrap/pk11sdr.c