1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/lib/softoken/lowkey.c Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,492 @@
1.4 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.5 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.6 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.7 +#include "lowkeyi.h"
1.8 +#include "secoid.h"
1.9 +#include "secitem.h"
1.10 +#include "secder.h"
1.11 +#include "base64.h"
1.12 +#include "secasn1.h"
1.13 +#include "secerr.h"
1.14 +
1.15 +#ifndef NSS_DISABLE_ECC
1.16 +#include "softoken.h"
1.17 +#endif
1.18 +
1.19 +SEC_ASN1_MKSUB(SEC_AnyTemplate)
1.20 +SEC_ASN1_MKSUB(SEC_BitStringTemplate)
1.21 +SEC_ASN1_MKSUB(SEC_ObjectIDTemplate)
1.22 +SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
1.23 +
1.24 +const SEC_ASN1Template nsslowkey_AttributeTemplate[] = {
1.25 + { SEC_ASN1_SEQUENCE,
1.26 + 0, NULL, sizeof(NSSLOWKEYAttribute) },
1.27 + { SEC_ASN1_OBJECT_ID, offsetof(NSSLOWKEYAttribute, attrType) },
1.28 + { SEC_ASN1_SET_OF | SEC_ASN1_XTRN ,
1.29 + offsetof(NSSLOWKEYAttribute, attrValue),
1.30 + SEC_ASN1_SUB(SEC_AnyTemplate) },
1.31 + { 0 }
1.32 +};
1.33 +
1.34 +const SEC_ASN1Template nsslowkey_SetOfAttributeTemplate[] = {
1.35 + { SEC_ASN1_SET_OF, 0, nsslowkey_AttributeTemplate },
1.36 +};
1.37 +/* ASN1 Templates for new decoder/encoder */
1.38 +const SEC_ASN1Template nsslowkey_PrivateKeyInfoTemplate[] = {
1.39 + { SEC_ASN1_SEQUENCE,
1.40 + 0, NULL, sizeof(NSSLOWKEYPrivateKeyInfo) },
1.41 + { SEC_ASN1_INTEGER,
1.42 + offsetof(NSSLOWKEYPrivateKeyInfo,version) },
1.43 + { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
1.44 + offsetof(NSSLOWKEYPrivateKeyInfo,algorithm),
1.45 + SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
1.46 + { SEC_ASN1_OCTET_STRING,
1.47 + offsetof(NSSLOWKEYPrivateKeyInfo,privateKey) },
1.48 + { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
1.49 + offsetof(NSSLOWKEYPrivateKeyInfo, attributes),
1.50 + nsslowkey_SetOfAttributeTemplate },
1.51 + { 0 }
1.52 +};
1.53 +
1.54 +const SEC_ASN1Template nsslowkey_PQGParamsTemplate[] = {
1.55 + { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(PQGParams) },
1.56 + { SEC_ASN1_INTEGER, offsetof(PQGParams,prime) },
1.57 + { SEC_ASN1_INTEGER, offsetof(PQGParams,subPrime) },
1.58 + { SEC_ASN1_INTEGER, offsetof(PQGParams,base) },
1.59 + { 0, }
1.60 +};
1.61 +
1.62 +const SEC_ASN1Template nsslowkey_RSAPrivateKeyTemplate[] = {
1.63 + { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSSLOWKEYPrivateKey) },
1.64 + { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.rsa.version) },
1.65 + { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.rsa.modulus) },
1.66 + { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.rsa.publicExponent) },
1.67 + { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.rsa.privateExponent) },
1.68 + { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.rsa.prime1) },
1.69 + { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.rsa.prime2) },
1.70 + { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.rsa.exponent1) },
1.71 + { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.rsa.exponent2) },
1.72 + { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.rsa.coefficient) },
1.73 + { 0 }
1.74 +};
1.75 +
1.76 +
1.77 +const SEC_ASN1Template nsslowkey_DSAPrivateKeyTemplate[] = {
1.78 + { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSSLOWKEYPrivateKey) },
1.79 + { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.dsa.publicValue) },
1.80 + { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.dsa.privateValue) },
1.81 + { 0, }
1.82 +};
1.83 +
1.84 +const SEC_ASN1Template nsslowkey_DSAPrivateKeyExportTemplate[] = {
1.85 + { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.dsa.privateValue) },
1.86 +};
1.87 +
1.88 +const SEC_ASN1Template nsslowkey_DHPrivateKeyTemplate[] = {
1.89 + { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSSLOWKEYPrivateKey) },
1.90 + { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.dh.publicValue) },
1.91 + { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.dh.privateValue) },
1.92 + { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.dh.base) },
1.93 + { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.dh.prime) },
1.94 + { 0, }
1.95 +};
1.96 +
1.97 +#ifndef NSS_DISABLE_ECC
1.98 +
1.99 +/* XXX This is just a placeholder for later when we support
1.100 + * generic curves and need full-blown support for parsing EC
1.101 + * parameters. For now, we only support named curves in which
1.102 + * EC params are simply encoded as an object ID and we don't
1.103 + * use nsslowkey_ECParamsTemplate.
1.104 + */
1.105 +const SEC_ASN1Template nsslowkey_ECParamsTemplate[] = {
1.106 + { SEC_ASN1_CHOICE, offsetof(ECParams,type), NULL, sizeof(ECParams) },
1.107 + { SEC_ASN1_OBJECT_ID, offsetof(ECParams,curveOID), NULL, ec_params_named },
1.108 + { 0, }
1.109 +};
1.110 +
1.111 +
1.112 +/* NOTE: The SECG specification allows the private key structure
1.113 + * to contain curve parameters but recommends that they be stored
1.114 + * in the PrivateKeyAlgorithmIdentifier field of the PrivateKeyInfo
1.115 + * instead.
1.116 + */
1.117 +const SEC_ASN1Template nsslowkey_ECPrivateKeyTemplate[] = {
1.118 + { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSSLOWKEYPrivateKey) },
1.119 + { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.ec.version) },
1.120 + { SEC_ASN1_OCTET_STRING,
1.121 + offsetof(NSSLOWKEYPrivateKey,u.ec.privateValue) },
1.122 + /* XXX The following template works for now since we only
1.123 + * support named curves for which the parameters are
1.124 + * encoded as an object ID. When we support generic curves,
1.125 + * we'll need to define nsslowkey_ECParamsTemplate
1.126 + */
1.127 +#if 1
1.128 + { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED |
1.129 + SEC_ASN1_EXPLICIT | SEC_ASN1_CONTEXT_SPECIFIC |
1.130 + SEC_ASN1_XTRN | 0,
1.131 + offsetof(NSSLOWKEYPrivateKey,u.ec.ecParams.curveOID),
1.132 + SEC_ASN1_SUB(SEC_ObjectIDTemplate) },
1.133 +#else
1.134 + { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED |
1.135 + SEC_ASN1_EXPLICIT | SEC_ASN1_CONTEXT_SPECIFIC | 0,
1.136 + offsetof(NSSLOWKEYPrivateKey,u.ec.ecParams),
1.137 + nsslowkey_ECParamsTemplate },
1.138 +#endif
1.139 + { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED |
1.140 + SEC_ASN1_EXPLICIT | SEC_ASN1_CONTEXT_SPECIFIC |
1.141 + SEC_ASN1_XTRN | 1,
1.142 + offsetof(NSSLOWKEYPrivateKey,u.ec.publicValue),
1.143 + SEC_ASN1_SUB(SEC_BitStringTemplate) },
1.144 + { 0, }
1.145 +};
1.146 +#endif /* NSS_DISABLE_ECC */
1.147 +/*
1.148 + * See bugzilla bug 125359
1.149 + * Since NSS (via PKCS#11) wants to handle big integers as unsigned ints,
1.150 + * all of the templates above that en/decode into integers must be converted
1.151 + * from ASN.1's signed integer type. This is done by marking either the
1.152 + * source or destination (encoding or decoding, respectively) type as
1.153 + * siUnsignedInteger.
1.154 + */
1.155 +
1.156 +void
1.157 +prepare_low_rsa_priv_key_for_asn1(NSSLOWKEYPrivateKey *key)
1.158 +{
1.159 + key->u.rsa.modulus.type = siUnsignedInteger;
1.160 + key->u.rsa.publicExponent.type = siUnsignedInteger;
1.161 + key->u.rsa.privateExponent.type = siUnsignedInteger;
1.162 + key->u.rsa.prime1.type = siUnsignedInteger;
1.163 + key->u.rsa.prime2.type = siUnsignedInteger;
1.164 + key->u.rsa.exponent1.type = siUnsignedInteger;
1.165 + key->u.rsa.exponent2.type = siUnsignedInteger;
1.166 + key->u.rsa.coefficient.type = siUnsignedInteger;
1.167 +}
1.168 +
1.169 +void
1.170 +prepare_low_pqg_params_for_asn1(PQGParams *params)
1.171 +{
1.172 + params->prime.type = siUnsignedInteger;
1.173 + params->subPrime.type = siUnsignedInteger;
1.174 + params->base.type = siUnsignedInteger;
1.175 +}
1.176 +
1.177 +void
1.178 +prepare_low_dsa_priv_key_for_asn1(NSSLOWKEYPrivateKey *key)
1.179 +{
1.180 + key->u.dsa.publicValue.type = siUnsignedInteger;
1.181 + key->u.dsa.privateValue.type = siUnsignedInteger;
1.182 + key->u.dsa.params.prime.type = siUnsignedInteger;
1.183 + key->u.dsa.params.subPrime.type = siUnsignedInteger;
1.184 + key->u.dsa.params.base.type = siUnsignedInteger;
1.185 +}
1.186 +
1.187 +void
1.188 +prepare_low_dsa_priv_key_export_for_asn1(NSSLOWKEYPrivateKey *key)
1.189 +{
1.190 + key->u.dsa.privateValue.type = siUnsignedInteger;
1.191 +}
1.192 +
1.193 +void
1.194 +prepare_low_dh_priv_key_for_asn1(NSSLOWKEYPrivateKey *key)
1.195 +{
1.196 + key->u.dh.prime.type = siUnsignedInteger;
1.197 + key->u.dh.base.type = siUnsignedInteger;
1.198 + key->u.dh.publicValue.type = siUnsignedInteger;
1.199 + key->u.dh.privateValue.type = siUnsignedInteger;
1.200 +}
1.201 +
1.202 +#ifndef NSS_DISABLE_ECC
1.203 +void
1.204 +prepare_low_ecparams_for_asn1(ECParams *params)
1.205 +{
1.206 + params->DEREncoding.type = siUnsignedInteger;
1.207 + params->curveOID.type = siUnsignedInteger;
1.208 +}
1.209 +
1.210 +void
1.211 +prepare_low_ec_priv_key_for_asn1(NSSLOWKEYPrivateKey *key)
1.212 +{
1.213 + key->u.ec.version.type = siUnsignedInteger;
1.214 + key->u.ec.ecParams.DEREncoding.type = siUnsignedInteger;
1.215 + key->u.ec.ecParams.curveOID.type = siUnsignedInteger;
1.216 + key->u.ec.privateValue.type = siUnsignedInteger;
1.217 + key->u.ec.publicValue.type = siUnsignedInteger;
1.218 +}
1.219 +#endif /* NSS_DISABLE_ECC */
1.220 +
1.221 +void
1.222 +nsslowkey_DestroyPrivateKey(NSSLOWKEYPrivateKey *privk)
1.223 +{
1.224 + if (privk && privk->arena) {
1.225 + PORT_FreeArena(privk->arena, PR_TRUE);
1.226 + }
1.227 +}
1.228 +
1.229 +void
1.230 +nsslowkey_DestroyPublicKey(NSSLOWKEYPublicKey *pubk)
1.231 +{
1.232 + if (pubk && pubk->arena) {
1.233 + PORT_FreeArena(pubk->arena, PR_FALSE);
1.234 + }
1.235 +}
1.236 +unsigned
1.237 +nsslowkey_PublicModulusLen(NSSLOWKEYPublicKey *pubk)
1.238 +{
1.239 + unsigned char b0;
1.240 +
1.241 + /* interpret modulus length as key strength... in
1.242 + * fortezza that's the public key length */
1.243 +
1.244 + switch (pubk->keyType) {
1.245 + case NSSLOWKEYRSAKey:
1.246 + b0 = pubk->u.rsa.modulus.data[0];
1.247 + return b0 ? pubk->u.rsa.modulus.len : pubk->u.rsa.modulus.len - 1;
1.248 + default:
1.249 + break;
1.250 + }
1.251 + return 0;
1.252 +}
1.253 +
1.254 +unsigned
1.255 +nsslowkey_PrivateModulusLen(NSSLOWKEYPrivateKey *privk)
1.256 +{
1.257 +
1.258 + unsigned char b0;
1.259 +
1.260 + switch (privk->keyType) {
1.261 + case NSSLOWKEYRSAKey:
1.262 + b0 = privk->u.rsa.modulus.data[0];
1.263 + return b0 ? privk->u.rsa.modulus.len : privk->u.rsa.modulus.len - 1;
1.264 + default:
1.265 + break;
1.266 + }
1.267 + return 0;
1.268 +}
1.269 +
1.270 +NSSLOWKEYPublicKey *
1.271 +nsslowkey_ConvertToPublicKey(NSSLOWKEYPrivateKey *privk)
1.272 +{
1.273 + NSSLOWKEYPublicKey *pubk;
1.274 + PLArenaPool *arena;
1.275 +
1.276 +
1.277 + arena = PORT_NewArena (DER_DEFAULT_CHUNKSIZE);
1.278 + if (arena == NULL) {
1.279 + PORT_SetError (SEC_ERROR_NO_MEMORY);
1.280 + return NULL;
1.281 + }
1.282 +
1.283 + switch(privk->keyType) {
1.284 + case NSSLOWKEYRSAKey:
1.285 + case NSSLOWKEYNullKey:
1.286 + pubk = (NSSLOWKEYPublicKey *)PORT_ArenaZAlloc(arena,
1.287 + sizeof (NSSLOWKEYPublicKey));
1.288 + if (pubk != NULL) {
1.289 + SECStatus rv;
1.290 +
1.291 + pubk->arena = arena;
1.292 + pubk->keyType = privk->keyType;
1.293 + if (privk->keyType == NSSLOWKEYNullKey) return pubk;
1.294 + rv = SECITEM_CopyItem(arena, &pubk->u.rsa.modulus,
1.295 + &privk->u.rsa.modulus);
1.296 + if (rv == SECSuccess) {
1.297 + rv = SECITEM_CopyItem (arena, &pubk->u.rsa.publicExponent,
1.298 + &privk->u.rsa.publicExponent);
1.299 + if (rv == SECSuccess)
1.300 + return pubk;
1.301 + }
1.302 + } else {
1.303 + PORT_SetError (SEC_ERROR_NO_MEMORY);
1.304 + }
1.305 + break;
1.306 + case NSSLOWKEYDSAKey:
1.307 + pubk = (NSSLOWKEYPublicKey *)PORT_ArenaZAlloc(arena,
1.308 + sizeof(NSSLOWKEYPublicKey));
1.309 + if (pubk != NULL) {
1.310 + SECStatus rv;
1.311 +
1.312 + pubk->arena = arena;
1.313 + pubk->keyType = privk->keyType;
1.314 + rv = SECITEM_CopyItem(arena, &pubk->u.dsa.publicValue,
1.315 + &privk->u.dsa.publicValue);
1.316 + if (rv != SECSuccess) break;
1.317 + rv = SECITEM_CopyItem(arena, &pubk->u.dsa.params.prime,
1.318 + &privk->u.dsa.params.prime);
1.319 + if (rv != SECSuccess) break;
1.320 + rv = SECITEM_CopyItem(arena, &pubk->u.dsa.params.subPrime,
1.321 + &privk->u.dsa.params.subPrime);
1.322 + if (rv != SECSuccess) break;
1.323 + rv = SECITEM_CopyItem(arena, &pubk->u.dsa.params.base,
1.324 + &privk->u.dsa.params.base);
1.325 + if (rv == SECSuccess) return pubk;
1.326 + }
1.327 + break;
1.328 + case NSSLOWKEYDHKey:
1.329 + pubk = (NSSLOWKEYPublicKey *)PORT_ArenaZAlloc(arena,
1.330 + sizeof(NSSLOWKEYPublicKey));
1.331 + if (pubk != NULL) {
1.332 + SECStatus rv;
1.333 +
1.334 + pubk->arena = arena;
1.335 + pubk->keyType = privk->keyType;
1.336 + rv = SECITEM_CopyItem(arena, &pubk->u.dh.publicValue,
1.337 + &privk->u.dh.publicValue);
1.338 + if (rv != SECSuccess) break;
1.339 + rv = SECITEM_CopyItem(arena, &pubk->u.dh.prime,
1.340 + &privk->u.dh.prime);
1.341 + if (rv != SECSuccess) break;
1.342 + rv = SECITEM_CopyItem(arena, &pubk->u.dh.base,
1.343 + &privk->u.dh.base);
1.344 + if (rv == SECSuccess) return pubk;
1.345 + }
1.346 + break;
1.347 +#ifndef NSS_DISABLE_ECC
1.348 + case NSSLOWKEYECKey:
1.349 + pubk = (NSSLOWKEYPublicKey *)PORT_ArenaZAlloc(arena,
1.350 + sizeof(NSSLOWKEYPublicKey));
1.351 + if (pubk != NULL) {
1.352 + SECStatus rv;
1.353 +
1.354 + pubk->arena = arena;
1.355 + pubk->keyType = privk->keyType;
1.356 + rv = SECITEM_CopyItem(arena, &pubk->u.ec.publicValue,
1.357 + &privk->u.ec.publicValue);
1.358 + if (rv != SECSuccess) break;
1.359 + pubk->u.ec.ecParams.arena = arena;
1.360 + /* Copy the rest of the params */
1.361 + rv = EC_CopyParams(arena, &(pubk->u.ec.ecParams),
1.362 + &(privk->u.ec.ecParams));
1.363 + if (rv == SECSuccess) return pubk;
1.364 + }
1.365 + break;
1.366 +#endif /* NSS_DISABLE_ECC */
1.367 + /* No Fortezza in Low Key implementations (Fortezza keys aren't
1.368 + * stored in our data base */
1.369 + default:
1.370 + break;
1.371 + }
1.372 +
1.373 + PORT_FreeArena (arena, PR_FALSE);
1.374 + return NULL;
1.375 +}
1.376 +
1.377 +NSSLOWKEYPrivateKey *
1.378 +nsslowkey_CopyPrivateKey(NSSLOWKEYPrivateKey *privKey)
1.379 +{
1.380 + NSSLOWKEYPrivateKey *returnKey = NULL;
1.381 + SECStatus rv = SECFailure;
1.382 + PLArenaPool *poolp;
1.383 +
1.384 + if(!privKey) {
1.385 + return NULL;
1.386 + }
1.387 +
1.388 + poolp = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
1.389 + if(!poolp) {
1.390 + return NULL;
1.391 + }
1.392 +
1.393 + returnKey = (NSSLOWKEYPrivateKey*)PORT_ArenaZAlloc(poolp, sizeof(NSSLOWKEYPrivateKey));
1.394 + if(!returnKey) {
1.395 + rv = SECFailure;
1.396 + goto loser;
1.397 + }
1.398 +
1.399 + returnKey->keyType = privKey->keyType;
1.400 + returnKey->arena = poolp;
1.401 +
1.402 + switch(privKey->keyType) {
1.403 + case NSSLOWKEYRSAKey:
1.404 + rv = SECITEM_CopyItem(poolp, &(returnKey->u.rsa.modulus),
1.405 + &(privKey->u.rsa.modulus));
1.406 + if(rv != SECSuccess) break;
1.407 + rv = SECITEM_CopyItem(poolp, &(returnKey->u.rsa.version),
1.408 + &(privKey->u.rsa.version));
1.409 + if(rv != SECSuccess) break;
1.410 + rv = SECITEM_CopyItem(poolp, &(returnKey->u.rsa.publicExponent),
1.411 + &(privKey->u.rsa.publicExponent));
1.412 + if(rv != SECSuccess) break;
1.413 + rv = SECITEM_CopyItem(poolp, &(returnKey->u.rsa.privateExponent),
1.414 + &(privKey->u.rsa.privateExponent));
1.415 + if(rv != SECSuccess) break;
1.416 + rv = SECITEM_CopyItem(poolp, &(returnKey->u.rsa.prime1),
1.417 + &(privKey->u.rsa.prime1));
1.418 + if(rv != SECSuccess) break;
1.419 + rv = SECITEM_CopyItem(poolp, &(returnKey->u.rsa.prime2),
1.420 + &(privKey->u.rsa.prime2));
1.421 + if(rv != SECSuccess) break;
1.422 + rv = SECITEM_CopyItem(poolp, &(returnKey->u.rsa.exponent1),
1.423 + &(privKey->u.rsa.exponent1));
1.424 + if(rv != SECSuccess) break;
1.425 + rv = SECITEM_CopyItem(poolp, &(returnKey->u.rsa.exponent2),
1.426 + &(privKey->u.rsa.exponent2));
1.427 + if(rv != SECSuccess) break;
1.428 + rv = SECITEM_CopyItem(poolp, &(returnKey->u.rsa.coefficient),
1.429 + &(privKey->u.rsa.coefficient));
1.430 + if(rv != SECSuccess) break;
1.431 + break;
1.432 + case NSSLOWKEYDSAKey:
1.433 + rv = SECITEM_CopyItem(poolp, &(returnKey->u.dsa.publicValue),
1.434 + &(privKey->u.dsa.publicValue));
1.435 + if(rv != SECSuccess) break;
1.436 + rv = SECITEM_CopyItem(poolp, &(returnKey->u.dsa.privateValue),
1.437 + &(privKey->u.dsa.privateValue));
1.438 + if(rv != SECSuccess) break;
1.439 + returnKey->u.dsa.params.arena = poolp;
1.440 + rv = SECITEM_CopyItem(poolp, &(returnKey->u.dsa.params.prime),
1.441 + &(privKey->u.dsa.params.prime));
1.442 + if(rv != SECSuccess) break;
1.443 + rv = SECITEM_CopyItem(poolp, &(returnKey->u.dsa.params.subPrime),
1.444 + &(privKey->u.dsa.params.subPrime));
1.445 + if(rv != SECSuccess) break;
1.446 + rv = SECITEM_CopyItem(poolp, &(returnKey->u.dsa.params.base),
1.447 + &(privKey->u.dsa.params.base));
1.448 + if(rv != SECSuccess) break;
1.449 + break;
1.450 + case NSSLOWKEYDHKey:
1.451 + rv = SECITEM_CopyItem(poolp, &(returnKey->u.dh.publicValue),
1.452 + &(privKey->u.dh.publicValue));
1.453 + if(rv != SECSuccess) break;
1.454 + rv = SECITEM_CopyItem(poolp, &(returnKey->u.dh.privateValue),
1.455 + &(privKey->u.dh.privateValue));
1.456 + if(rv != SECSuccess) break;
1.457 + returnKey->u.dsa.params.arena = poolp;
1.458 + rv = SECITEM_CopyItem(poolp, &(returnKey->u.dh.prime),
1.459 + &(privKey->u.dh.prime));
1.460 + if(rv != SECSuccess) break;
1.461 + rv = SECITEM_CopyItem(poolp, &(returnKey->u.dh.base),
1.462 + &(privKey->u.dh.base));
1.463 + if(rv != SECSuccess) break;
1.464 + break;
1.465 +#ifndef NSS_DISABLE_ECC
1.466 + case NSSLOWKEYECKey:
1.467 + rv = SECITEM_CopyItem(poolp, &(returnKey->u.ec.version),
1.468 + &(privKey->u.ec.version));
1.469 + if(rv != SECSuccess) break;
1.470 + rv = SECITEM_CopyItem(poolp, &(returnKey->u.ec.publicValue),
1.471 + &(privKey->u.ec.publicValue));
1.472 + if(rv != SECSuccess) break;
1.473 + rv = SECITEM_CopyItem(poolp, &(returnKey->u.ec.privateValue),
1.474 + &(privKey->u.ec.privateValue));
1.475 + if(rv != SECSuccess) break;
1.476 + returnKey->u.ec.ecParams.arena = poolp;
1.477 + /* Copy the rest of the params */
1.478 + rv = EC_CopyParams(poolp, &(returnKey->u.ec.ecParams),
1.479 + &(privKey->u.ec.ecParams));
1.480 + if (rv != SECSuccess) break;
1.481 + break;
1.482 +#endif /* NSS_DISABLE_ECC */
1.483 + default:
1.484 + rv = SECFailure;
1.485 + }
1.486 +
1.487 +loser:
1.488 +
1.489 + if(rv != SECSuccess) {
1.490 + PORT_FreeArena(poolp, PR_TRUE);
1.491 + returnKey = NULL;
1.492 + }
1.493 +
1.494 + return returnKey;
1.495 +}
