security/nss/lib/softoken/lowpbe.c@6474c204b198
security/nss/lib/softoken/lowpbe.c
Wed, 31 Dec 2014 06:09:35 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 06:09:35 +0100
- changeset 0
- 6474c204b198
- permissions
- -rw-r--r--
Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.
1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
5 #include "plarena.h"
7 #include "seccomon.h"
8 #include "secitem.h"
9 #include "secport.h"
10 #include "hasht.h"
11 #include "pkcs11t.h"
12 #include "blapi.h"
13 #include "hasht.h"
14 #include "secasn1.h"
15 #include "secder.h"
16 #include "lowpbe.h"
17 #include "secoid.h"
18 #include "alghmac.h"
19 #include "softoken.h"
20 #include "secerr.h"
22 SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
24 /* template for PKCS 5 PBE Parameter. This template has been expanded
25 * based upon the additions in PKCS 12. This should eventually be moved
26 * if RSA updates PKCS 5.
27 */
28 static const SEC_ASN1Template NSSPKCS5PBEParameterTemplate[] =
29 {
30 { SEC_ASN1_SEQUENCE,
31 0, NULL, sizeof(NSSPKCS5PBEParameter) },
32 { SEC_ASN1_OCTET_STRING,
33 offsetof(NSSPKCS5PBEParameter, salt) },
34 { SEC_ASN1_INTEGER,
35 offsetof(NSSPKCS5PBEParameter, iteration) },
36 { 0 }
37 };
39 static const SEC_ASN1Template NSSPKCS5PKCS12V2PBEParameterTemplate[] =
40 {
41 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSSPKCS5PBEParameter) },
42 { SEC_ASN1_OCTET_STRING, offsetof(NSSPKCS5PBEParameter, salt) },
43 { SEC_ASN1_INTEGER, offsetof(NSSPKCS5PBEParameter, iteration) },
44 { 0 }
45 };
48 /* PKCS5 v2 */
50 struct nsspkcs5V2PBEParameterStr {
51 SECAlgorithmID keyParams; /* parameters of the key generation */
52 SECAlgorithmID algParams; /* parameters for the encryption or mac op */
53 };
55 typedef struct nsspkcs5V2PBEParameterStr nsspkcs5V2PBEParameter;
56 #define PBKDF2
58 #ifdef PBKDF2
59 static const SEC_ASN1Template NSSPKCS5V2PBES2ParameterTemplate[] =
60 {
61 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(nsspkcs5V2PBEParameter) },
62 { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
63 offsetof(nsspkcs5V2PBEParameter, keyParams),
64 SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
65 { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
66 offsetof(nsspkcs5V2PBEParameter, algParams),
67 SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
68 { 0 }
69 };
71 static const SEC_ASN1Template NSSPKCS5V2PBEParameterTemplate[] =
72 {
73 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSSPKCS5PBEParameter) },
74 /* this is really a choice, but since we don't understand any other
75 *choice, just inline it. */
76 { SEC_ASN1_OCTET_STRING, offsetof(NSSPKCS5PBEParameter, salt) },
77 { SEC_ASN1_INTEGER, offsetof(NSSPKCS5PBEParameter, iteration) },
78 { SEC_ASN1_INTEGER, offsetof(NSSPKCS5PBEParameter, keyLength) },
79 { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
80 offsetof(NSSPKCS5PBEParameter, prfAlg),
81 SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
82 { 0 }
83 };
84 #endif
86 SECStatus
87 nsspkcs5_HashBuf(const SECHashObject *hashObj, unsigned char *dest,
88 unsigned char *src, int len)
89 {
90 void *ctx;
91 unsigned int retLen;
93 ctx = hashObj->create();
94 if(ctx == NULL) {
95 return SECFailure;
96 }
97 hashObj->begin(ctx);
98 hashObj->update(ctx, src, len);
99 hashObj->end(ctx, dest, &retLen, hashObj->length);
100 hashObj->destroy(ctx, PR_TRUE);
101 return SECSuccess;
102 }
104 /* generate bits using any hash
105 */
106 static SECItem *
107 nsspkcs5_PBKDF1(const SECHashObject *hashObj, SECItem *salt, SECItem *pwd,
108 int iter, PRBool faulty3DES)
109 {
110 SECItem *hash = NULL, *pre_hash = NULL;
111 SECStatus rv = SECFailure;
113 if((salt == NULL) || (pwd == NULL) || (iter < 0)) {
114 return NULL;
115 }
117 hash = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
118 pre_hash = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
120 if((hash != NULL) && (pre_hash != NULL)) {
121 int i, ph_len;
123 ph_len = hashObj->length;
124 if((salt->len + pwd->len) > hashObj->length) {
125 ph_len = salt->len + pwd->len;
126 }
128 rv = SECFailure;
130 /* allocate buffers */
131 hash->len = hashObj->length;
132 hash->data = (unsigned char *)PORT_ZAlloc(hash->len);
133 pre_hash->data = (unsigned char *)PORT_ZAlloc(ph_len);
135 /* in pbeSHA1TripleDESCBC there was an allocation error that made
136 * it into the caller. We do not want to propagate those errors
137 * further, so we are doing it correctly, but reading the old method.
138 */
139 if (faulty3DES) {
140 pre_hash->len = ph_len;
141 } else {
142 pre_hash->len = salt->len + pwd->len;
143 }
145 /* preform hash */
146 if ((hash->data != NULL) && (pre_hash->data != NULL)) {
147 rv = SECSuccess;
148 /* check for 0 length password */
149 if(pwd->len > 0) {
150 PORT_Memcpy(pre_hash->data, pwd->data, pwd->len);
151 }
152 if(salt->len > 0) {
153 PORT_Memcpy((pre_hash->data+pwd->len), salt->data, salt->len);
154 }
155 for(i = 0; ((i < iter) && (rv == SECSuccess)); i++) {
156 rv = nsspkcs5_HashBuf(hashObj, hash->data,
157 pre_hash->data, pre_hash->len);
158 if(rv != SECFailure) {
159 pre_hash->len = hashObj->length;
160 PORT_Memcpy(pre_hash->data, hash->data, hashObj->length);
161 }
162 }
163 }
164 }
166 if(pre_hash != NULL) {
167 SECITEM_FreeItem(pre_hash, PR_TRUE);
168 }
170 if((rv != SECSuccess) && (hash != NULL)) {
171 SECITEM_FreeItem(hash, PR_TRUE);
172 hash = NULL;
173 }
175 return hash;
176 }
178 /* this bit generation routine is described in PKCS 12 and the proposed
179 * extensions to PKCS 5. an initial hash is generated following the
180 * instructions laid out in PKCS 5. If the number of bits generated is
181 * insufficient, then the method discussed in the proposed extensions to
182 * PKCS 5 in PKCS 12 are used. This extension makes use of the HMAC
183 * function. And the P_Hash function from the TLS standard.
184 */
185 static SECItem *
186 nsspkcs5_PFXPBE(const SECHashObject *hashObj, NSSPKCS5PBEParameter *pbe_param,
187 SECItem *init_hash, unsigned int bytes_needed)
188 {
189 SECItem *ret_bits = NULL;
190 int hash_size = 0;
191 unsigned int i;
192 unsigned int hash_iter;
193 unsigned int dig_len;
194 SECStatus rv = SECFailure;
195 unsigned char *state = NULL;
196 unsigned int state_len;
197 HMACContext *cx = NULL;
199 hash_size = hashObj->length;
200 hash_iter = (bytes_needed + (unsigned int)hash_size - 1) / hash_size;
202 /* allocate return buffer */
203 ret_bits = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
204 if(ret_bits == NULL)
205 return NULL;
206 ret_bits->data = (unsigned char *)PORT_ZAlloc((hash_iter * hash_size) + 1);
207 ret_bits->len = (hash_iter * hash_size);
208 if(ret_bits->data == NULL) {
209 PORT_Free(ret_bits);
210 return NULL;
211 }
213 /* allocate intermediate hash buffer. 8 is for the 8 bytes of
214 * data which are added based on iteration number
215 */
217 if ((unsigned int)hash_size > pbe_param->salt.len) {
218 state_len = hash_size;
219 } else {
220 state_len = pbe_param->salt.len;
221 }
222 state = (unsigned char *)PORT_ZAlloc(state_len);
223 if(state == NULL) {
224 rv = SECFailure;
225 goto loser;
226 }
227 if(pbe_param->salt.len > 0) {
228 PORT_Memcpy(state, pbe_param->salt.data, pbe_param->salt.len);
229 }
231 cx = HMAC_Create(hashObj, init_hash->data, init_hash->len, PR_TRUE);
232 if (cx == NULL) {
233 rv = SECFailure;
234 goto loser;
235 }
237 for(i = 0; i < hash_iter; i++) {
239 /* generate output bits */
240 HMAC_Begin(cx);
241 HMAC_Update(cx, state, state_len);
242 HMAC_Update(cx, pbe_param->salt.data, pbe_param->salt.len);
243 rv = HMAC_Finish(cx, ret_bits->data + (i * hash_size),
244 &dig_len, hash_size);
245 if (rv != SECSuccess)
246 goto loser;
247 PORT_Assert((unsigned int)hash_size == dig_len);
249 /* generate new state */
250 HMAC_Begin(cx);
251 HMAC_Update(cx, state, state_len);
252 rv = HMAC_Finish(cx, state, &state_len, state_len);
253 if (rv != SECSuccess)
254 goto loser;
255 PORT_Assert(state_len == dig_len);
256 }
258 loser:
259 if (state != NULL)
260 PORT_ZFree(state, state_len);
261 HMAC_Destroy(cx, PR_TRUE);
263 if(rv != SECSuccess) {
264 SECITEM_ZfreeItem(ret_bits, PR_TRUE);
265 ret_bits = NULL;
266 }
268 return ret_bits;
269 }
271 /* generate bits for the key and iv determination. if enough bits
272 * are not generated using PKCS 5, then we need to generate more bits
273 * based on the extension proposed in PKCS 12
274 */
275 static SECItem *
276 nsspkcs5_PBKDF1Extended(const SECHashObject *hashObj,
277 NSSPKCS5PBEParameter *pbe_param, SECItem *pwitem, PRBool faulty3DES)
278 {
279 SECItem * hash = NULL;
280 SECItem * newHash = NULL;
281 int bytes_needed;
282 int bytes_available;
284 bytes_needed = pbe_param->ivLen + pbe_param->keyLen;
285 bytes_available = hashObj->length;
287 hash = nsspkcs5_PBKDF1(hashObj, &pbe_param->salt, pwitem,
288 pbe_param->iter, faulty3DES);
290 if(hash == NULL) {
291 return NULL;
292 }
294 if(bytes_needed <= bytes_available) {
295 return hash;
296 }
298 newHash = nsspkcs5_PFXPBE(hashObj, pbe_param, hash, bytes_needed);
299 if (hash != newHash)
300 SECITEM_FreeItem(hash, PR_TRUE);
301 return newHash;
302 }
304 #ifdef PBKDF2
306 /*
307 * PBDKDF2 is PKCS #5 v2.0 it's currently not used by NSS
308 */
309 static void
310 do_xor(unsigned char *dest, unsigned char *src, int len)
311 {
312 /* use byt xor, not all platforms are happy about inaligned
313 * integer fetches */
314 while (len--) {
315 *dest = *dest ^ *src;
316 dest++;
317 src++;
318 }
319 }
321 static SECStatus
322 nsspkcs5_PBKFD2_F(const SECHashObject *hashobj, SECItem *pwitem, SECItem *salt,
323 int iterations, unsigned int i, unsigned char *T)
324 {
325 int j;
326 HMACContext *cx = NULL;
327 unsigned int hLen = hashobj->length;
328 SECStatus rv = SECFailure;
329 unsigned char *last = NULL;
330 unsigned int lastLength = salt->len + 4;
331 unsigned int lastBufLength;
333 cx=HMAC_Create(hashobj,pwitem->data,pwitem->len,PR_FALSE);
334 if (cx == NULL) {
335 goto loser;
336 }
337 PORT_Memset(T,0,hLen);
338 lastBufLength = PR_MAX(lastLength, hLen);
339 last = PORT_Alloc(lastBufLength);
340 if (last == NULL) {
341 goto loser;
342 }
343 PORT_Memcpy(last,salt->data,salt->len);
344 last[salt->len ] = (i >> 24) & 0xff;
345 last[salt->len+1] = (i >> 16) & 0xff;
346 last[salt->len+2] = (i >> 8) & 0xff;
347 last[salt->len+3] = i & 0xff;
349 /* NOTE: we need at least one iteration to return success! */
350 for (j=0; j < iterations; j++) {
351 HMAC_Begin(cx);
352 HMAC_Update(cx,last,lastLength);
353 rv =HMAC_Finish(cx,last,&lastLength,hLen);
354 if (rv !=SECSuccess) {
355 break;
356 }
357 do_xor(T,last,hLen);
358 }
359 loser:
360 if (cx) {
361 HMAC_Destroy(cx, PR_TRUE);
362 }
363 if (last) {
364 PORT_ZFree(last,lastBufLength);
365 }
366 return rv;
367 }
369 static SECItem *
370 nsspkcs5_PBKDF2(const SECHashObject *hashobj, NSSPKCS5PBEParameter *pbe_param,
371 SECItem *pwitem)
372 {
373 int iterations = pbe_param->iter;
374 int bytesNeeded = pbe_param->keyLen;
375 unsigned int dkLen = bytesNeeded;
376 unsigned int hLen = hashobj->length;
377 unsigned int nblocks = (dkLen+hLen-1) / hLen;
378 unsigned int i;
379 unsigned char *rp;
380 unsigned char *T = NULL;
381 SECItem *result = NULL;
382 SECItem *salt = &pbe_param->salt;
383 SECStatus rv = SECFailure;
385 result = SECITEM_AllocItem(NULL,NULL,nblocks*hLen);
386 if (result == NULL) {
387 return NULL;
388 }
390 T = PORT_Alloc(hLen);
391 if (T == NULL) {
392 goto loser;
393 }
395 for (i=1,rp=result->data; i <= nblocks ; i++, rp +=hLen) {
396 rv = nsspkcs5_PBKFD2_F(hashobj,pwitem,salt,iterations,i,T);
397 if (rv != SECSuccess) {
398 break;
399 }
400 PORT_Memcpy(rp,T,hLen);
401 }
403 loser:
404 if (T) {
405 PORT_ZFree(T,hLen);
406 }
407 if (rv != SECSuccess) {
408 SECITEM_FreeItem(result,PR_TRUE);
409 result = NULL;
410 } else {
411 result->len = dkLen;
412 }
414 return result;
415 }
416 #endif
418 #define HMAC_BUFFER 64
419 #define NSSPBE_ROUNDUP(x,y) ((((x)+((y)-1))/(y))*(y))
420 #define NSSPBE_MIN(x,y) ((x) < (y) ? (x) : (y))
421 /*
422 * This is the extended PBE function defined by the final PKCS #12 spec.
423 */
424 static SECItem *
425 nsspkcs5_PKCS12PBE(const SECHashObject *hashObject,
426 NSSPKCS5PBEParameter *pbe_param, SECItem *pwitem,
427 PBEBitGenID bitGenPurpose, unsigned int bytesNeeded)
428 {
429 PLArenaPool *arena = NULL;
430 unsigned int SLen,PLen;
431 unsigned int hashLength = hashObject->length;
432 unsigned char *S, *P;
433 SECItem *A = NULL, B, D, I;
434 SECItem *salt = &pbe_param->salt;
435 unsigned int c,i = 0;
436 unsigned int hashLen;
437 int iter;
438 unsigned char *iterBuf;
439 void *hash = NULL;
441 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
442 if(!arena) {
443 return NULL;
444 }
446 /* how many hash object lengths are needed */
447 c = (bytesNeeded + (hashLength-1))/hashLength;
449 /* initialize our buffers */
450 D.len = HMAC_BUFFER;
451 /* B and D are the same length, use one alloc go get both */
452 D.data = (unsigned char*)PORT_ArenaZAlloc(arena, D.len*2);
453 B.len = D.len;
454 B.data = D.data + D.len;
456 /* if all goes well, A will be returned, so don't use our temp arena */
457 A = SECITEM_AllocItem(NULL,NULL,c*hashLength);
458 if (A == NULL) {
459 goto loser;
460 }
462 SLen = NSSPBE_ROUNDUP(salt->len,HMAC_BUFFER);
463 PLen = NSSPBE_ROUNDUP(pwitem->len,HMAC_BUFFER);
464 I.len = SLen+PLen;
465 I.data = (unsigned char*)PORT_ArenaZAlloc(arena, I.len);
466 if (I.data == NULL) {
467 goto loser;
468 }
470 /* S & P are only used to initialize I */
471 S = I.data;
472 P = S + SLen;
474 PORT_Memset(D.data, (char)bitGenPurpose, D.len);
475 if (SLen) {
476 for (i=0; i < SLen; i += salt->len) {
477 PORT_Memcpy(S+i, salt->data, NSSPBE_MIN(SLen-i,salt->len));
478 }
479 }
480 if (PLen) {
481 for (i=0; i < PLen; i += pwitem->len) {
482 PORT_Memcpy(P+i, pwitem->data, NSSPBE_MIN(PLen-i,pwitem->len));
483 }
484 }
486 iterBuf = (unsigned char*)PORT_ArenaZAlloc(arena,hashLength);
487 if (iterBuf == NULL) {
488 goto loser;
489 }
491 hash = hashObject->create();
492 if(!hash) {
493 goto loser;
494 }
495 /* calculate the PBE now */
496 for(i = 0; i < c; i++) {
497 int Bidx; /* must be signed or the for loop won't terminate */
498 unsigned int k, j;
499 unsigned char *Ai = A->data+i*hashLength;
502 for(iter = 0; iter < pbe_param->iter; iter++) {
503 hashObject->begin(hash);
505 if (iter) {
506 hashObject->update(hash, iterBuf, hashLen);
507 } else {
508 hashObject->update(hash, D.data, D.len);
509 hashObject->update(hash, I.data, I.len);
510 }
512 hashObject->end(hash, iterBuf, &hashLen, hashObject->length);
513 if(hashLen != hashObject->length) {
514 break;
515 }
516 }
518 PORT_Memcpy(Ai, iterBuf, hashLength);
519 for (Bidx = 0; Bidx < B.len; Bidx += hashLength) {
520 PORT_Memcpy(B.data+Bidx,iterBuf,NSSPBE_MIN(B.len-Bidx,hashLength));
521 }
523 k = I.len/B.len;
524 for(j = 0; j < k; j++) {
525 unsigned int q, carryBit;
526 unsigned char *Ij = I.data + j*B.len;
528 /* (Ij = Ij+B+1) */
529 for (Bidx = (B.len-1), q=1, carryBit=0; Bidx >= 0; Bidx--,q=0) {
530 q += (unsigned int)Ij[Bidx];
531 q += (unsigned int)B.data[Bidx];
532 q += carryBit;
534 carryBit = (q > 0xff);
535 Ij[Bidx] = (unsigned char)(q & 0xff);
536 }
537 }
538 }
539 loser:
540 if (hash) {
541 hashObject->destroy(hash, PR_TRUE);
542 }
543 if(arena) {
544 PORT_FreeArena(arena, PR_TRUE);
545 }
547 if (A) {
548 /* if i != c, then we didn't complete the loop above and must of failed
549 * somwhere along the way */
550 if (i != c) {
551 SECITEM_ZfreeItem(A,PR_TRUE);
552 A = NULL;
553 } else {
554 A->len = bytesNeeded;
555 }
556 }
558 return A;
559 }
561 /*
562 * generate key as per PKCS 5
563 */
564 SECItem *
565 nsspkcs5_ComputeKeyAndIV(NSSPKCS5PBEParameter *pbe_param, SECItem *pwitem,
566 SECItem *iv, PRBool faulty3DES)
567 {
568 SECItem *hash = NULL, *key = NULL;
569 const SECHashObject *hashObj;
570 PRBool getIV = PR_FALSE;
572 if((pbe_param == NULL) || (pwitem == NULL)) {
573 return NULL;
574 }
576 key = SECITEM_AllocItem(NULL,NULL,pbe_param->keyLen);
577 if (key == NULL) {
578 return NULL;
579 }
581 if (iv && (pbe_param->ivLen) && (iv->data == NULL)) {
582 getIV = PR_TRUE;
583 iv->data = (unsigned char *)PORT_Alloc(pbe_param->ivLen);
584 if (iv->data == NULL) {
585 goto loser;
586 }
587 iv->len = pbe_param->ivLen;
588 }
590 hashObj = HASH_GetRawHashObject(pbe_param->hashType);
591 switch (pbe_param->pbeType) {
592 case NSSPKCS5_PBKDF1:
593 hash = nsspkcs5_PBKDF1Extended(hashObj,pbe_param,pwitem,faulty3DES);
594 if (hash == NULL) {
595 goto loser;
596 }
597 PORT_Assert(hash->len >= key->len+(getIV ? iv->len : 0));
598 if (getIV) {
599 PORT_Memcpy(iv->data, hash->data+(hash->len - iv->len),iv->len);
600 }
602 break;
603 #ifdef PBKDF2
604 case NSSPKCS5_PBKDF2:
605 hash = nsspkcs5_PBKDF2(hashObj,pbe_param,pwitem);
606 if (getIV) {
607 PORT_Memcpy(iv->data, pbe_param->ivData, iv->len);
608 }
609 break;
610 #endif
611 case NSSPKCS5_PKCS12_V2:
612 if (getIV) {
613 hash = nsspkcs5_PKCS12PBE(hashObj,pbe_param,pwitem,
614 pbeBitGenCipherIV,iv->len);
615 if (hash == NULL) {
616 goto loser;
617 }
618 PORT_Memcpy(iv->data,hash->data,iv->len);
619 SECITEM_ZfreeItem(hash,PR_TRUE);
620 hash = NULL;
621 }
622 hash = nsspkcs5_PKCS12PBE(hashObj,pbe_param,pwitem,
623 pbe_param->keyID,key->len);
624 default:
625 break;
626 }
628 if (hash == NULL) {
629 goto loser;
630 }
632 if (pbe_param->is2KeyDES) {
633 PORT_Memcpy(key->data, hash->data, (key->len * 2) / 3);
634 PORT_Memcpy(&(key->data[(key->len * 2) / 3]), key->data,
635 key->len / 3);
636 } else {
637 PORT_Memcpy(key->data, hash->data, key->len);
638 }
640 SECITEM_ZfreeItem(hash, PR_TRUE);
641 return key;
643 loser:
644 if (getIV && iv->data) {
645 PORT_ZFree(iv->data,iv->len);
646 iv->data = NULL;
647 }
649 SECITEM_ZfreeItem(key, PR_TRUE);
650 return NULL;
651 }
653 static SECStatus
654 nsspkcs5_FillInParam(SECOidTag algorithm, NSSPKCS5PBEParameter *pbe_param)
655 {
656 PRBool skipType = PR_FALSE;
658 pbe_param->keyLen = 5;
659 pbe_param->ivLen = 8;
660 pbe_param->hashType = HASH_AlgSHA1;
661 pbe_param->pbeType = NSSPKCS5_PBKDF1;
662 pbe_param->encAlg = SEC_OID_RC2_CBC;
663 pbe_param->is2KeyDES = PR_FALSE;
664 switch(algorithm) {
665 /* DES3 Algorithms */
666 case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_2KEY_TRIPLE_DES_CBC:
667 pbe_param->is2KeyDES = PR_TRUE;
668 /* fall through */
669 case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC:
670 pbe_param->pbeType = NSSPKCS5_PKCS12_V2;
671 /* fall through */
672 case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC:
673 pbe_param->keyLen = 24;
674 pbe_param->encAlg = SEC_OID_DES_EDE3_CBC;
675 break;
677 /* DES Algorithms */
678 case SEC_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC:
679 pbe_param->hashType = HASH_AlgMD2;
680 goto finish_des;
681 case SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC:
682 pbe_param->hashType = HASH_AlgMD5;
683 /* fall through */
684 case SEC_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC:
685 finish_des:
686 pbe_param->keyLen = 8;
687 pbe_param->encAlg = SEC_OID_DES_CBC;
688 break;
690 /* RC2 Algorithms */
691 case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC:
692 pbe_param->keyLen = 16;
693 /* fall through */
694 case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC:
695 pbe_param->pbeType = NSSPKCS5_PKCS12_V2;
696 break;
697 case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC:
698 pbe_param->keyLen = 16;
699 /* fall through */
700 case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC:
701 break;
703 /* RC4 algorithms */
704 case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC4:
705 skipType = PR_TRUE;
706 /* fall through */
707 case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC4:
708 pbe_param->keyLen = 16;
709 /* fall through */
710 case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4:
711 if (!skipType) {
712 pbe_param->pbeType = NSSPKCS5_PKCS12_V2;
713 }
714 /* fall through */
715 case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC4:
716 pbe_param->ivLen = 0;
717 pbe_param->encAlg = SEC_OID_RC4;
718 break;
720 #ifdef PBKDF2
721 case SEC_OID_PKCS5_PBKDF2:
722 case SEC_OID_PKCS5_PBES2:
723 case SEC_OID_PKCS5_PBMAC1:
724 /* everything else will be filled in by the template */
725 pbe_param->ivLen = 0;
726 pbe_param->pbeType = NSSPKCS5_PBKDF2;
727 pbe_param->encAlg = SEC_OID_PKCS5_PBKDF2;
728 pbe_param->keyLen = 0; /* needs to be set by caller after return */
729 break;
730 #endif
732 default:
733 return SECFailure;
734 }
736 return SECSuccess;
737 }
739 /* decode the algid and generate a PKCS 5 parameter from it
740 */
741 NSSPKCS5PBEParameter *
742 nsspkcs5_NewParam(SECOidTag alg, SECItem *salt, int iterator)
743 {
744 PLArenaPool *arena = NULL;
745 NSSPKCS5PBEParameter *pbe_param = NULL;
746 SECStatus rv = SECFailure;
748 arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
749 if (arena == NULL)
750 return NULL;
752 /* allocate memory for the parameter */
753 pbe_param = (NSSPKCS5PBEParameter *)PORT_ArenaZAlloc(arena,
754 sizeof(NSSPKCS5PBEParameter));
756 if (pbe_param == NULL) {
757 goto loser;
758 }
760 pbe_param->poolp = arena;
762 rv = nsspkcs5_FillInParam(alg, pbe_param);
763 if (rv != SECSuccess) {
764 goto loser;
765 }
767 pbe_param->iter = iterator;
768 if (salt) {
769 rv = SECITEM_CopyItem(arena,&pbe_param->salt,salt);
770 }
772 /* default key gen */
773 pbe_param->keyID = pbeBitGenCipherKey;
775 loser:
776 if (rv != SECSuccess) {
777 PORT_FreeArena(arena, PR_TRUE);
778 pbe_param = NULL;
779 }
781 return pbe_param;
782 }
784 /*
785 * find the hash type needed to implement a specific HMAC.
786 * OID definitions are from pkcs 5 v2.0 and 2.1
787 */
788 HASH_HashType
789 HASH_FromHMACOid(SECOidTag hmac)
790 {
791 switch (hmac) {
792 case SEC_OID_HMAC_SHA1:
793 return HASH_AlgSHA1;
794 case SEC_OID_HMAC_SHA256:
795 return HASH_AlgSHA256;
796 case SEC_OID_HMAC_SHA384:
797 return HASH_AlgSHA384;
798 case SEC_OID_HMAC_SHA512:
799 return HASH_AlgSHA512;
800 case SEC_OID_HMAC_SHA224:
801 default:
802 break;
803 }
804 return HASH_AlgNULL;
805 }
807 /* decode the algid and generate a PKCS 5 parameter from it
808 */
809 NSSPKCS5PBEParameter *
810 nsspkcs5_AlgidToParam(SECAlgorithmID *algid)
811 {
812 NSSPKCS5PBEParameter *pbe_param = NULL;
813 nsspkcs5V2PBEParameter pbev2_param;
814 SECOidTag algorithm;
815 SECStatus rv = SECFailure;
817 if (algid == NULL) {
818 return NULL;
819 }
821 algorithm = SECOID_GetAlgorithmTag(algid);
822 if (algorithm == SEC_OID_UNKNOWN) {
823 goto loser;
824 }
826 pbe_param = nsspkcs5_NewParam(algorithm, NULL, 1);
827 if (pbe_param == NULL) {
828 goto loser;
829 }
831 /* decode parameter */
832 rv = SECFailure;
833 switch (pbe_param->pbeType) {
834 case NSSPKCS5_PBKDF1:
835 rv = SEC_ASN1DecodeItem(pbe_param->poolp, pbe_param,
836 NSSPKCS5PBEParameterTemplate, &algid->parameters);
837 break;
838 case NSSPKCS5_PKCS12_V2:
839 rv = SEC_ASN1DecodeItem(pbe_param->poolp, pbe_param,
840 NSSPKCS5PKCS12V2PBEParameterTemplate, &algid->parameters);
841 break;
842 #ifdef PBKDF2
843 case NSSPKCS5_PBKDF2:
844 PORT_Memset(&pbev2_param,0, sizeof(pbev2_param));
845 /* just the PBE */
846 if (algorithm == SEC_OID_PKCS5_PBKDF2) {
847 rv = SEC_ASN1DecodeItem(pbe_param->poolp, pbe_param,
848 NSSPKCS5V2PBEParameterTemplate, &algid->parameters);
849 } else {
850 /* PBE data an others */
851 rv = SEC_ASN1DecodeItem(pbe_param->poolp, &pbev2_param,
852 NSSPKCS5V2PBES2ParameterTemplate, &algid->parameters);
853 if (rv != SECSuccess) {
854 break;
855 }
856 pbe_param->encAlg = SECOID_GetAlgorithmTag(&pbev2_param.algParams);
857 rv = SEC_ASN1DecodeItem(pbe_param->poolp, pbe_param,
858 NSSPKCS5V2PBEParameterTemplate,
859 &pbev2_param.keyParams.parameters);
860 if (rv != SECSuccess) {
861 break;
862 }
863 pbe_param->keyLen = DER_GetInteger(&pbe_param->keyLength);
864 }
865 /* we we are encrypting, save any iv's */
866 if (algorithm == SEC_OID_PKCS5_PBES2) {
867 pbe_param->ivLen = pbev2_param.algParams.parameters.len;
868 pbe_param->ivData = pbev2_param.algParams.parameters.data;
869 }
870 pbe_param->hashType =
871 HASH_FromHMACOid(SECOID_GetAlgorithmTag(&pbe_param->prfAlg));
872 if (pbe_param->hashType == HASH_AlgNULL) {
873 PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
874 rv = SECFailure;
875 }
876 break;
877 #endif
878 }
880 loser:
881 if (rv == SECSuccess) {
882 pbe_param->iter = DER_GetInteger(&pbe_param->iteration);
883 } else {
884 nsspkcs5_DestroyPBEParameter(pbe_param);
885 pbe_param = NULL;
886 }
888 return pbe_param;
889 }
891 /* destroy a pbe parameter. it assumes that the parameter was
892 * generated using the appropriate create function and therefor
893 * contains an arena pool.
894 */
895 void
896 nsspkcs5_DestroyPBEParameter(NSSPKCS5PBEParameter *pbe_param)
897 {
898 if (pbe_param != NULL) {
899 PORT_FreeArena(pbe_param->poolp, PR_FALSE);
900 }
901 }
904 /* crypto routines */
905 /* perform DES encryption and decryption. these routines are called
906 * by nsspkcs5_CipherData. In the case of an error, NULL is returned.
907 */
908 static SECItem *
909 sec_pkcs5_des(SECItem *key, SECItem *iv, SECItem *src, PRBool triple_des,
910 PRBool encrypt)
911 {
912 SECItem *dest;
913 SECItem *dup_src;
914 SECStatus rv = SECFailure;
915 int pad;
917 if((src == NULL) || (key == NULL) || (iv == NULL))
918 return NULL;
920 dup_src = SECITEM_DupItem(src);
921 if(dup_src == NULL) {
922 return NULL;
923 }
925 if(encrypt != PR_FALSE) {
926 void *dummy;
928 dummy = CBC_PadBuffer(NULL, dup_src->data,
929 dup_src->len, &dup_src->len, 8 /* DES_BLOCK_SIZE */);
930 if(dummy == NULL) {
931 SECITEM_FreeItem(dup_src, PR_TRUE);
932 return NULL;
933 }
934 dup_src->data = (unsigned char*)dummy;
935 }
937 dest = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
938 if(dest != NULL) {
939 /* allocate with over flow */
940 dest->data = (unsigned char *)PORT_ZAlloc(dup_src->len + 64);
941 if(dest->data != NULL) {
942 DESContext *ctxt;
943 ctxt = DES_CreateContext(key->data, iv->data,
944 (triple_des ? NSS_DES_EDE3_CBC : NSS_DES_CBC),
945 encrypt);
947 if(ctxt != NULL) {
948 rv = (encrypt ? DES_Encrypt : DES_Decrypt)(
949 ctxt, dest->data, &dest->len,
950 dup_src->len + 64, dup_src->data, dup_src->len);
952 /* remove padding -- assumes 64 bit blocks */
953 if((encrypt == PR_FALSE) && (rv == SECSuccess)) {
954 pad = dest->data[dest->len-1];
955 if((pad > 0) && (pad <= 8)) {
956 if(dest->data[dest->len-pad] != pad) {
957 rv = SECFailure;
958 PORT_SetError(SEC_ERROR_BAD_PASSWORD);
959 } else {
960 dest->len -= pad;
961 }
962 } else {
963 rv = SECFailure;
964 PORT_SetError(SEC_ERROR_BAD_PASSWORD);
965 }
966 }
967 DES_DestroyContext(ctxt, PR_TRUE);
968 }
969 }
970 }
972 if(rv == SECFailure) {
973 if(dest != NULL) {
974 SECITEM_FreeItem(dest, PR_TRUE);
975 }
976 dest = NULL;
977 }
979 if(dup_src != NULL) {
980 SECITEM_FreeItem(dup_src, PR_TRUE);
981 }
983 return dest;
984 }
986 /* perform aes encryption/decryption if an error occurs, NULL is returned
987 */
988 static SECItem *
989 sec_pkcs5_aes(SECItem *key, SECItem *iv, SECItem *src, PRBool triple_des,
990 PRBool encrypt)
991 {
992 SECItem *dest;
993 SECItem *dup_src;
994 SECStatus rv = SECFailure;
995 int pad;
997 if((src == NULL) || (key == NULL) || (iv == NULL))
998 return NULL;
1000 dup_src = SECITEM_DupItem(src);
1001 if(dup_src == NULL) {
1002 return NULL;
1003 }
1005 if(encrypt != PR_FALSE) {
1006 void *dummy;
1008 dummy = CBC_PadBuffer(NULL, dup_src->data,
1009 dup_src->len, &dup_src->len,AES_BLOCK_SIZE);
1010 if(dummy == NULL) {
1011 SECITEM_FreeItem(dup_src, PR_TRUE);
1012 return NULL;
1013 }
1014 dup_src->data = (unsigned char*)dummy;
1015 }
1017 dest = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
1018 if(dest != NULL) {
1019 /* allocate with over flow */
1020 dest->data = (unsigned char *)PORT_ZAlloc(dup_src->len + 64);
1021 if(dest->data != NULL) {
1022 AESContext *ctxt;
1023 ctxt = AES_CreateContext(key->data, iv->data,
1024 NSS_AES_CBC, encrypt, key->len, 16);
1026 if(ctxt != NULL) {
1027 rv = (encrypt ? AES_Encrypt : AES_Decrypt)(
1028 ctxt, dest->data, &dest->len,
1029 dup_src->len + 64, dup_src->data, dup_src->len);
1031 /* remove padding -- assumes 64 bit blocks */
1032 if((encrypt == PR_FALSE) && (rv == SECSuccess)) {
1033 pad = dest->data[dest->len-1];
1034 if((pad > 0) && (pad <= 16)) {
1035 if(dest->data[dest->len-pad] != pad) {
1036 rv = SECFailure;
1037 PORT_SetError(SEC_ERROR_BAD_PASSWORD);
1038 } else {
1039 dest->len -= pad;
1040 }
1041 } else {
1042 rv = SECFailure;
1043 PORT_SetError(SEC_ERROR_BAD_PASSWORD);
1044 }
1045 }
1046 AES_DestroyContext(ctxt, PR_TRUE);
1047 }
1048 }
1049 }
1051 if(rv == SECFailure) {
1052 if(dest != NULL) {
1053 SECITEM_FreeItem(dest, PR_TRUE);
1054 }
1055 dest = NULL;
1056 }
1058 if(dup_src != NULL) {
1059 SECITEM_FreeItem(dup_src, PR_TRUE);
1060 }
1062 return dest;
1063 }
1065 /* perform rc2 encryption/decryption if an error occurs, NULL is returned
1066 */
1067 static SECItem *
1068 sec_pkcs5_rc2(SECItem *key, SECItem *iv, SECItem *src, PRBool dummy,
1069 PRBool encrypt)
1070 {
1071 SECItem *dest;
1072 SECItem *dup_src;
1073 SECStatus rv = SECFailure;
1074 int pad;
1076 if((src == NULL) || (key == NULL) || (iv == NULL)) {
1077 return NULL;
1078 }
1080 dup_src = SECITEM_DupItem(src);
1081 if(dup_src == NULL) {
1082 return NULL;
1083 }
1085 if(encrypt != PR_FALSE) {
1086 void *dummy;
1088 dummy = CBC_PadBuffer(NULL, dup_src->data,
1089 dup_src->len, &dup_src->len, 8 /* RC2_BLOCK_SIZE */);
1090 if(dummy == NULL) {
1091 SECITEM_FreeItem(dup_src, PR_TRUE);
1092 return NULL;
1093 }
1094 dup_src->data = (unsigned char*)dummy;
1095 }
1097 dest = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
1098 if(dest != NULL) {
1099 dest->data = (unsigned char *)PORT_ZAlloc(dup_src->len + 64);
1100 if(dest->data != NULL) {
1101 RC2Context *ctxt;
1103 ctxt = RC2_CreateContext(key->data, key->len, iv->data,
1104 NSS_RC2_CBC, key->len);
1106 if(ctxt != NULL) {
1107 rv = (encrypt ? RC2_Encrypt: RC2_Decrypt)(
1108 ctxt, dest->data, &dest->len,
1109 dup_src->len + 64, dup_src->data, dup_src->len);
1111 /* assumes 8 byte blocks -- remove padding */
1112 if((rv == SECSuccess) && (encrypt != PR_TRUE)) {
1113 pad = dest->data[dest->len-1];
1114 if((pad > 0) && (pad <= 8)) {
1115 if(dest->data[dest->len-pad] != pad) {
1116 PORT_SetError(SEC_ERROR_BAD_PASSWORD);
1117 rv = SECFailure;
1118 } else {
1119 dest->len -= pad;
1120 }
1121 } else {
1122 PORT_SetError(SEC_ERROR_BAD_PASSWORD);
1123 rv = SECFailure;
1124 }
1125 }
1127 }
1128 }
1129 }
1131 if((rv != SECSuccess) && (dest != NULL)) {
1132 SECITEM_FreeItem(dest, PR_TRUE);
1133 dest = NULL;
1134 }
1136 if(dup_src != NULL) {
1137 SECITEM_FreeItem(dup_src, PR_TRUE);
1138 }
1140 return dest;
1141 }
1143 /* perform rc4 encryption and decryption */
1144 static SECItem *
1145 sec_pkcs5_rc4(SECItem *key, SECItem *iv, SECItem *src, PRBool dummy_op,
1146 PRBool encrypt)
1147 {
1148 SECItem *dest;
1149 SECStatus rv = SECFailure;
1151 if((src == NULL) || (key == NULL) || (iv == NULL)) {
1152 return NULL;
1153 }
1155 dest = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
1156 if(dest != NULL) {
1157 dest->data = (unsigned char *)PORT_ZAlloc(sizeof(unsigned char) *
1158 (src->len + 64));
1159 if(dest->data != NULL) {
1160 RC4Context *ctxt;
1162 ctxt = RC4_CreateContext(key->data, key->len);
1163 if(ctxt) {
1164 rv = (encrypt ? RC4_Encrypt : RC4_Decrypt)(
1165 ctxt, dest->data, &dest->len,
1166 src->len + 64, src->data, src->len);
1167 RC4_DestroyContext(ctxt, PR_TRUE);
1168 }
1169 }
1170 }
1172 if((rv != SECSuccess) && (dest)) {
1173 SECITEM_FreeItem(dest, PR_TRUE);
1174 dest = NULL;
1175 }
1177 return dest;
1178 }
1179 /* function pointer template for crypto functions */
1180 typedef SECItem *(* pkcs5_crypto_func)(SECItem *key, SECItem *iv,
1181 SECItem *src, PRBool op1, PRBool op2);
1183 /* performs the cipher operation on the src and returns the result.
1184 * if an error occurs, NULL is returned.
1185 *
1186 * a null length password is allowed. this corresponds to encrypting
1187 * the data with ust the salt.
1188 */
1189 /* change this to use PKCS 11? */
1190 SECItem *
1191 nsspkcs5_CipherData(NSSPKCS5PBEParameter *pbe_param, SECItem *pwitem,
1192 SECItem *src, PRBool encrypt, PRBool *update)
1193 {
1194 SECItem *key = NULL, iv;
1195 SECItem *dest = NULL;
1196 PRBool tripleDES = PR_TRUE;
1197 pkcs5_crypto_func cryptof;
1199 iv.data = NULL;
1201 if (update) {
1202 *update = PR_FALSE;
1203 }
1205 if ((pwitem == NULL) || (src == NULL)) {
1206 return NULL;
1207 }
1209 /* get key, and iv */
1210 key = nsspkcs5_ComputeKeyAndIV(pbe_param, pwitem, &iv, PR_FALSE);
1211 if(key == NULL) {
1212 return NULL;
1213 }
1215 switch(pbe_param->encAlg) {
1216 /* PKCS 5 v2 only */
1217 case SEC_OID_AES_128_CBC:
1218 case SEC_OID_AES_192_CBC:
1219 case SEC_OID_AES_256_CBC:
1220 cryptof = sec_pkcs5_aes;
1221 break;
1222 case SEC_OID_DES_EDE3_CBC:
1223 cryptof = sec_pkcs5_des;
1224 tripleDES = PR_TRUE;
1225 break;
1226 case SEC_OID_DES_CBC:
1227 cryptof = sec_pkcs5_des;
1228 tripleDES = PR_FALSE;
1229 break;
1230 case SEC_OID_RC2_CBC:
1231 cryptof = sec_pkcs5_rc2;
1232 break;
1233 case SEC_OID_RC4:
1234 cryptof = sec_pkcs5_rc4;
1235 break;
1236 default:
1237 cryptof = NULL;
1238 break;
1239 }
1241 if (cryptof == NULL) {
1242 goto loser;
1243 }
1245 dest = (*cryptof)(key, &iv, src, tripleDES, encrypt);
1246 /*
1247 * it's possible for some keys and keydb's to claim to
1248 * be triple des when they're really des. In this case
1249 * we simply try des. If des works we set the update flag
1250 * so the key db knows it needs to update all it's entries.
1251 * The case can only happen on decrypted of a
1252 * SEC_OID_DES_EDE3_CBD.
1253 */
1254 if ((dest == NULL) && (encrypt == PR_FALSE) &&
1255 (pbe_param->encAlg == SEC_OID_DES_EDE3_CBC)) {
1256 dest = (*cryptof)(key, &iv, src, PR_FALSE, encrypt);
1257 if (update && (dest != NULL)) *update = PR_TRUE;
1258 }
1260 loser:
1261 if (key != NULL) {
1262 SECITEM_ZfreeItem(key, PR_TRUE);
1263 }
1264 if (iv.data != NULL) {
1265 SECITEM_ZfreeItem(&iv, PR_FALSE);
1266 }
1268 return dest;
1269 }
1271 /* creates a algorithm ID containing the PBE algorithm and appropriate
1272 * parameters. the required parameter is the algorithm. if salt is
1273 * not specified, it is generated randomly. if IV is specified, it overrides
1274 * the PKCS 5 generation of the IV.
1275 *
1276 * the returned SECAlgorithmID should be destroyed using
1277 * SECOID_DestroyAlgorithmID
1278 */
1279 SECAlgorithmID *
1280 nsspkcs5_CreateAlgorithmID(PLArenaPool *arena, SECOidTag algorithm,
1281 NSSPKCS5PBEParameter *pbe_param)
1282 {
1283 SECAlgorithmID *algid, *ret_algid = NULL;
1284 SECItem der_param;
1285 nsspkcs5V2PBEParameter pkcs5v2_param;
1287 SECStatus rv = SECFailure;
1288 void *dummy = NULL;
1290 if (arena == NULL) {
1291 return NULL;
1292 }
1294 der_param.data = NULL;
1295 der_param.len = 0;
1297 /* generate the algorithm id */
1298 algid = (SECAlgorithmID *)PORT_ArenaZAlloc(arena, sizeof(SECAlgorithmID));
1299 if (algid == NULL) {
1300 goto loser;
1301 }
1303 if (pbe_param->iteration.data == NULL) {
1304 dummy = SEC_ASN1EncodeInteger(pbe_param->poolp,&pbe_param->iteration,
1305 pbe_param->iter);
1306 if (dummy == NULL) {
1307 goto loser;
1308 }
1309 }
1310 switch (pbe_param->pbeType) {
1311 case NSSPKCS5_PBKDF1:
1312 dummy = SEC_ASN1EncodeItem(arena, &der_param, pbe_param,
1313 NSSPKCS5PBEParameterTemplate);
1314 break;
1315 case NSSPKCS5_PKCS12_V2:
1316 dummy = SEC_ASN1EncodeItem(arena, &der_param, pbe_param,
1317 NSSPKCS5PKCS12V2PBEParameterTemplate);
1318 break;
1319 #ifdef PBKDF2
1320 case NSSPKCS5_PBKDF2:
1321 if (pbe_param->keyLength.data == NULL) {
1322 dummy = SEC_ASN1EncodeInteger(pbe_param->poolp,
1323 &pbe_param->keyLength, pbe_param->keyLen);
1324 if (dummy == NULL) {
1325 goto loser;
1326 }
1327 }
1328 PORT_Memset(&pkcs5v2_param, 0, sizeof(pkcs5v2_param));
1329 dummy = SEC_ASN1EncodeItem(arena, &der_param, pbe_param,
1330 NSSPKCS5V2PBEParameterTemplate);
1331 if (dummy == NULL) {
1332 break;
1333 }
1334 dummy = NULL;
1335 rv = SECOID_SetAlgorithmID(arena, &pkcs5v2_param.keyParams,
1336 SEC_OID_PKCS5_PBKDF2, &der_param);
1337 if (rv != SECSuccess) {
1338 break;
1339 }
1340 der_param.data = pbe_param->ivData;
1341 der_param.len = pbe_param->ivLen;
1342 rv = SECOID_SetAlgorithmID(arena, &pkcs5v2_param.algParams,
1343 pbe_param->encAlg, pbe_param->ivLen ? &der_param : NULL);
1344 if (rv != SECSuccess) {
1345 break;
1346 }
1347 dummy = SEC_ASN1EncodeItem(arena, &der_param, &pkcs5v2_param,
1348 NSSPKCS5V2PBES2ParameterTemplate);
1349 break;
1350 #endif
1351 default:
1352 break;
1353 }
1355 if (dummy == NULL) {
1356 goto loser;
1357 }
1359 rv = SECOID_SetAlgorithmID(arena, algid, algorithm, &der_param);
1360 if (rv != SECSuccess) {
1361 goto loser;
1362 }
1364 ret_algid = (SECAlgorithmID *)PORT_ZAlloc(sizeof(SECAlgorithmID));
1365 if (ret_algid == NULL) {
1366 goto loser;
1367 }
1369 rv = SECOID_CopyAlgorithmID(NULL, ret_algid, algid);
1370 if (rv != SECSuccess) {
1371 SECOID_DestroyAlgorithmID(ret_algid, PR_TRUE);
1372 ret_algid = NULL;
1373 }
1375 loser:
1377 return ret_algid;
1378 }
