зеркало из https://github.com/mozilla/gecko-dev.git
ECC code landing.
Contributed by Sheuling Chang, Stephen Fung, Vipul Gupta, Nils Gura, and Douglas Stebila of Sun Labs
This commit is contained in:
ian.mcgreer%sun.com
Родитель
7931dd2ce8
Коммит
5c2c5888f9
|
|
@ -17,6 +17,7 @@
|
|||
* Rights Reserved.
|
||||
*
|
||||
* Contributor(s):
|
||||
* Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the
|
||||
* terms of the GNU General Public License Version 2 or later (the
|
||||
|
|
@ -47,6 +48,15 @@
|
|||
#include "softoken.h"
|
||||
#include "nss.h"
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#include "ecl-curve.h"
|
||||
SECStatus EC_DecodeParams(const SECItem *encodedParams,
|
||||
ECParams **ecparams);
|
||||
SECStatus EC_CopyParams(PRArenaPool *arena, ECParams *dstParams,
|
||||
const ECParams *srcParams);
|
||||
SECStatus secoid_Init(void);
|
||||
#endif
|
||||
|
||||
/* Temporary - add debugging ouput on windows for RSA to track QA failure */
|
||||
#ifdef _WIN32
|
||||
#define TRACK_BLTEST_BUG
|
||||
|
|
@ -123,11 +133,34 @@ static void Usage()
|
|||
PRINTUSAGE(progName, "-S -m mode", "Sign a buffer");
|
||||
PRINTUSAGE("", "", "[-i plaintext] [-o signature] [-k key]");
|
||||
PRINTUSAGE("", "", "[-b bufsize]");
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
PRINTUSAGE("", "", "[-n curvename]");
|
||||
#endif
|
||||
PRINTUSAGE("", "", "[-p repetitions]");
|
||||
PRINTUSAGE("", "-m", "cipher mode to use");
|
||||
PRINTUSAGE("", "-i", "file which contains input buffer");
|
||||
PRINTUSAGE("", "-o", "file for signature");
|
||||
PRINTUSAGE("", "-k", "file which contains key");
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
PRINTUSAGE("", "-n", "name of curve for EC key generation; one of:");
|
||||
PRINTUSAGE("", "", " sect163k1, nistk163, sect163r1, sect163r2,");
|
||||
PRINTUSAGE("", "", " nistb163, sect193r1, sect193r2, sect233k1, nistk233,");
|
||||
PRINTUSAGE("", "", " sect233r1, nistb233, sect239k1, sect283k1, nistk283,");
|
||||
PRINTUSAGE("", "", " sect283r1, nistb283, sect409k1, nistk409, sect409r1,");
|
||||
PRINTUSAGE("", "", " nistb409, sect571k1, nistk571, sect571r1, nistb571,");
|
||||
PRINTUSAGE("", "", " secp169k1, secp160r1, secp160r2, secp192k1, secp192r1,");
|
||||
PRINTUSAGE("", "", " nistp192, secp224k1, secp224r1, nistp224, secp256k1,");
|
||||
PRINTUSAGE("", "", " secp256r1, nistp256, secp384r1, nistp384, secp521r1,");
|
||||
PRINTUSAGE("", "", " nistp521, prime192v1, prime192v2, prime192v3,");
|
||||
PRINTUSAGE("", "", " prime239v1, prime239v2, prime239v3, c2pnb163v1,");
|
||||
PRINTUSAGE("", "", " c2pnb163v2, c2pnb163v3, c2pnb176v1, c2tnb191v1,");
|
||||
PRINTUSAGE("", "", " c2tnb191v2, c2tnb191v3, c2onb191v4, c2onb191v5,");
|
||||
PRINTUSAGE("", "", " c2pnb208w1, c2tnb239v1, c2tnb239v2, c2tnb239v3,");
|
||||
PRINTUSAGE("", "", " c2onb239v4, c2onb239v5, c2pnb272w1, c2pnb304w1,");
|
||||
PRINTUSAGE("", "", " c2tnb359w1, c2pnb368w1, c2tnb431r1, secp112r1,");
|
||||
PRINTUSAGE("", "", " secp112r2, secp128r1, secp128r2, sect113r1, sect113r2,");
|
||||
PRINTUSAGE("", "", " sect131r1, sect131r2");
|
||||
#endif
|
||||
PRINTUSAGE("", "-p", "do performance test");
|
||||
fprintf(stderr, "\n");
|
||||
PRINTUSAGE(progName, "-V -m mode", "Verify a signed buffer");
|
||||
|
|
@ -291,23 +324,28 @@ serialize_key(SECItem *it, int ni, PRFileDesc *file)
|
|||
}
|
||||
|
||||
void
|
||||
key_from_filedata(PRArenaPool *arena, SECItem *it, int ni, SECItem *filedata)
|
||||
key_from_filedata(PRArenaPool *arena, SECItem *it, int ns, int ni, SECItem *filedata)
|
||||
{
|
||||
int fpos = 0;
|
||||
int i;
|
||||
int i, len;
|
||||
unsigned char *buf = filedata->data;
|
||||
for (i=0; i<ni; i++, it++) {
|
||||
it->len = (buf[fpos++] & 0xff) << 24;
|
||||
it->len |= (buf[fpos++] & 0xff) << 16;
|
||||
it->len |= (buf[fpos++] & 0xff) << 8;
|
||||
it->len |= (buf[fpos++] & 0xff);
|
||||
if (it->len > 0) {
|
||||
it->data = PORT_ArenaAlloc(arena, it->len);
|
||||
PORT_Memcpy(it->data, &buf[fpos], it->len);
|
||||
} else {
|
||||
it->data = NULL;
|
||||
for (i=0; i<ni; i++) {
|
||||
len = (buf[fpos++] & 0xff) << 24;
|
||||
len |= (buf[fpos++] & 0xff) << 16;
|
||||
len |= (buf[fpos++] & 0xff) << 8;
|
||||
len |= (buf[fpos++] & 0xff);
|
||||
if (ns <= i) {
|
||||
if (len > 0) {
|
||||
it->len = len;
|
||||
it->data = PORT_ArenaAlloc(arena, it->len);
|
||||
PORT_Memcpy(it->data, &buf[fpos], it->len);
|
||||
} else {
|
||||
it->len = 0;
|
||||
it->data = NULL;
|
||||
}
|
||||
it++;
|
||||
}
|
||||
fpos += it->len;
|
||||
fpos += len;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -319,7 +357,7 @@ rsakey_from_filedata(SECItem *filedata)
|
|||
arena = PORT_NewArena(BLTEST_DEFAULT_CHUNKSIZE);
|
||||
key = (RSAPrivateKey *)PORT_ArenaZAlloc(arena, sizeof(RSAPrivateKey));
|
||||
key->arena = arena;
|
||||
key_from_filedata(arena, &key->version, 9, filedata);
|
||||
key_from_filedata(arena, &key->version, 0, 9, filedata);
|
||||
return key;
|
||||
}
|
||||
|
||||
|
|
@ -331,7 +369,7 @@ pqg_from_filedata(SECItem *filedata)
|
|||
arena = PORT_NewArena(BLTEST_DEFAULT_CHUNKSIZE);
|
||||
pqg = (PQGParams *)PORT_ArenaZAlloc(arena, sizeof(PQGParams));
|
||||
pqg->arena = arena;
|
||||
key_from_filedata(arena, &pqg->prime, 3, filedata);
|
||||
key_from_filedata(arena, &pqg->prime, 0, 3, filedata);
|
||||
return pqg;
|
||||
}
|
||||
|
||||
|
|
@ -343,10 +381,166 @@ dsakey_from_filedata(SECItem *filedata)
|
|||
arena = PORT_NewArena(BLTEST_DEFAULT_CHUNKSIZE);
|
||||
key = (DSAPrivateKey *)PORT_ArenaZAlloc(arena, sizeof(DSAPrivateKey));
|
||||
key->params.arena = arena;
|
||||
key_from_filedata(arena, &key->params.prime, 5, filedata);
|
||||
key_from_filedata(arena, &key->params.prime, 0, 5, filedata);
|
||||
return key;
|
||||
}
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
static ECPrivateKey *
|
||||
eckey_from_filedata(SECItem *filedata)
|
||||
{
|
||||
ECPrivateKey *key;
|
||||
PRArenaPool *arena;
|
||||
SECStatus rv;
|
||||
ECParams *tmpECParams = NULL;
|
||||
arena = PORT_NewArena(BLTEST_DEFAULT_CHUNKSIZE);
|
||||
key = (ECPrivateKey *)PORT_ArenaZAlloc(arena, sizeof(ECPrivateKey));
|
||||
/* read and convert params */
|
||||
key->ecParams.arena = arena;
|
||||
key_from_filedata(arena, &key->ecParams.DEREncoding, 0, 1, filedata);
|
||||
rv = secoid_Init();
|
||||
CHECKERROR(rv, __LINE__);
|
||||
rv = EC_DecodeParams(&key->ecParams.DEREncoding, &tmpECParams);
|
||||
CHECKERROR(rv, __LINE__);
|
||||
rv = EC_CopyParams(key->ecParams.arena, &key->ecParams, tmpECParams);
|
||||
CHECKERROR(rv, __LINE__);
|
||||
rv = SECOID_Shutdown();
|
||||
CHECKERROR(rv, __LINE__);
|
||||
PORT_FreeArena(tmpECParams->arena, PR_TRUE);
|
||||
/* read key */
|
||||
key_from_filedata(arena, &key->publicValue, 1, 3, filedata);
|
||||
return key;
|
||||
}
|
||||
|
||||
typedef struct curveNameTagPairStr {
|
||||
char *curveName;
|
||||
SECOidTag curveOidTag;
|
||||
} CurveNameTagPair;
|
||||
|
||||
#define DEFAULT_CURVE_OID_TAG SEC_OID_SECG_EC_SECP192R1
|
||||
/* #define DEFAULT_CURVE_OID_TAG SEC_OID_SECG_EC_SECP160R1 */
|
||||
|
||||
static CurveNameTagPair nameTagPair[] =
|
||||
{
|
||||
{ "sect163k1", SEC_OID_SECG_EC_SECT163K1},
|
||||
{ "nistk163", SEC_OID_SECG_EC_SECT163K1},
|
||||
{ "sect163r1", SEC_OID_SECG_EC_SECT163R1},
|
||||
{ "sect163r2", SEC_OID_SECG_EC_SECT163R2},
|
||||
{ "nistb163", SEC_OID_SECG_EC_SECT163R2},
|
||||
{ "sect193r1", SEC_OID_SECG_EC_SECT193R1},
|
||||
{ "sect193r2", SEC_OID_SECG_EC_SECT193R2},
|
||||
{ "sect233k1", SEC_OID_SECG_EC_SECT233K1},
|
||||
{ "nistk233", SEC_OID_SECG_EC_SECT233K1},
|
||||
{ "sect233r1", SEC_OID_SECG_EC_SECT233R1},
|
||||
{ "nistb233", SEC_OID_SECG_EC_SECT233R1},
|
||||
{ "sect239k1", SEC_OID_SECG_EC_SECT239K1},
|
||||
{ "sect283k1", SEC_OID_SECG_EC_SECT283K1},
|
||||
{ "nistk283", SEC_OID_SECG_EC_SECT283K1},
|
||||
{ "sect283r1", SEC_OID_SECG_EC_SECT283R1},
|
||||
{ "nistb283", SEC_OID_SECG_EC_SECT283R1},
|
||||
{ "sect409k1", SEC_OID_SECG_EC_SECT409K1},
|
||||
{ "nistk409", SEC_OID_SECG_EC_SECT409K1},
|
||||
{ "sect409r1", SEC_OID_SECG_EC_SECT409R1},
|
||||
{ "nistb409", SEC_OID_SECG_EC_SECT409R1},
|
||||
{ "sect571k1", SEC_OID_SECG_EC_SECT571K1},
|
||||
{ "nistk571", SEC_OID_SECG_EC_SECT571K1},
|
||||
{ "sect571r1", SEC_OID_SECG_EC_SECT571R1},
|
||||
{ "nistb571", SEC_OID_SECG_EC_SECT571R1},
|
||||
{ "secp160k1", SEC_OID_SECG_EC_SECP160K1},
|
||||
{ "secp160r1", SEC_OID_SECG_EC_SECP160R1},
|
||||
{ "secp160r2", SEC_OID_SECG_EC_SECP160R2},
|
||||
{ "secp192k1", SEC_OID_SECG_EC_SECP192K1},
|
||||
{ "secp192r1", SEC_OID_SECG_EC_SECP192R1},
|
||||
{ "nistp192", SEC_OID_SECG_EC_SECP192R1},
|
||||
{ "secp224k1", SEC_OID_SECG_EC_SECP224K1},
|
||||
{ "secp224r1", SEC_OID_SECG_EC_SECP224R1},
|
||||
{ "nistp224", SEC_OID_SECG_EC_SECP224R1},
|
||||
{ "secp256k1", SEC_OID_SECG_EC_SECP256K1},
|
||||
{ "secp256r1", SEC_OID_SECG_EC_SECP256R1},
|
||||
{ "nistp256", SEC_OID_SECG_EC_SECP256R1},
|
||||
{ "secp384r1", SEC_OID_SECG_EC_SECP384R1},
|
||||
{ "nistp384", SEC_OID_SECG_EC_SECP384R1},
|
||||
{ "secp521r1", SEC_OID_SECG_EC_SECP521R1},
|
||||
{ "nistp521", SEC_OID_SECG_EC_SECP521R1},
|
||||
|
||||
{ "prime192v1", SEC_OID_ANSIX962_EC_PRIME192V1 },
|
||||
{ "prime192v2", SEC_OID_ANSIX962_EC_PRIME192V2 },
|
||||
{ "prime192v3", SEC_OID_ANSIX962_EC_PRIME192V3 },
|
||||
{ "prime239v1", SEC_OID_ANSIX962_EC_PRIME239V1 },
|
||||
{ "prime239v2", SEC_OID_ANSIX962_EC_PRIME239V2 },
|
||||
{ "prime239v3", SEC_OID_ANSIX962_EC_PRIME239V3 },
|
||||
|
||||
{ "c2pnb163v1", SEC_OID_ANSIX962_EC_C2PNB163V1 },
|
||||
{ "c2pnb163v2", SEC_OID_ANSIX962_EC_C2PNB163V2 },
|
||||
{ "c2pnb163v3", SEC_OID_ANSIX962_EC_C2PNB163V3 },
|
||||
{ "c2pnb176v1", SEC_OID_ANSIX962_EC_C2PNB176V1 },
|
||||
{ "c2tnb191v1", SEC_OID_ANSIX962_EC_C2TNB191V1 },
|
||||
{ "c2tnb191v2", SEC_OID_ANSIX962_EC_C2TNB191V2 },
|
||||
{ "c2tnb191v3", SEC_OID_ANSIX962_EC_C2TNB191V3 },
|
||||
{ "c2onb191v4", SEC_OID_ANSIX962_EC_C2ONB191V4 },
|
||||
{ "c2onb191v5", SEC_OID_ANSIX962_EC_C2ONB191V5 },
|
||||
{ "c2pnb208w1", SEC_OID_ANSIX962_EC_C2PNB208W1 },
|
||||
{ "c2tnb239v1", SEC_OID_ANSIX962_EC_C2TNB239V1 },
|
||||
{ "c2tnb239v2", SEC_OID_ANSIX962_EC_C2TNB239V2 },
|
||||
{ "c2tnb239v3", SEC_OID_ANSIX962_EC_C2TNB239V3 },
|
||||
{ "c2onb239v4", SEC_OID_ANSIX962_EC_C2ONB239V4 },
|
||||
{ "c2onb239v5", SEC_OID_ANSIX962_EC_C2ONB239V5 },
|
||||
{ "c2pnb272w1", SEC_OID_ANSIX962_EC_C2PNB272W1 },
|
||||
{ "c2pnb304w1", SEC_OID_ANSIX962_EC_C2PNB304W1 },
|
||||
{ "c2tnb359v1", SEC_OID_ANSIX962_EC_C2TNB359V1 },
|
||||
{ "c2pnb368w1", SEC_OID_ANSIX962_EC_C2PNB368W1 },
|
||||
{ "c2tnb431r1", SEC_OID_ANSIX962_EC_C2TNB431R1 },
|
||||
|
||||
{ "secp112r1", SEC_OID_SECG_EC_SECP112R1},
|
||||
{ "secp112r2", SEC_OID_SECG_EC_SECP112R2},
|
||||
{ "secp128r1", SEC_OID_SECG_EC_SECP128R1},
|
||||
{ "secp128r2", SEC_OID_SECG_EC_SECP128R2},
|
||||
|
||||
{ "sect113r1", SEC_OID_SECG_EC_SECT113R1},
|
||||
{ "sect113r2", SEC_OID_SECG_EC_SECT113R2},
|
||||
{ "sect131r1", SEC_OID_SECG_EC_SECT131R1},
|
||||
{ "sect131r2", SEC_OID_SECG_EC_SECT131R2},
|
||||
};
|
||||
|
||||
static SECKEYECParams *
|
||||
getECParams(char *curve)
|
||||
{
|
||||
SECKEYECParams *ecparams;
|
||||
SECOidData *oidData = NULL;
|
||||
SECOidTag curveOidTag = SEC_OID_UNKNOWN; /* default */
|
||||
int i, numCurves;
|
||||
|
||||
if (curve != NULL) {
|
||||
numCurves = sizeof(nameTagPair)/sizeof(CurveNameTagPair);
|
||||
for (i = 0; ((i < numCurves) && (curveOidTag == SEC_OID_UNKNOWN));
|
||||
i++) {
|
||||
if (PL_strcmp(curve, nameTagPair[i].curveName) == 0)
|
||||
curveOidTag = nameTagPair[i].curveOidTag;
|
||||
}
|
||||
}
|
||||
|
||||
/* Return NULL if curve name is not recognized */
|
||||
if ((curveOidTag == SEC_OID_UNKNOWN) ||
|
||||
(oidData = SECOID_FindOIDByTag(curveOidTag)) == NULL) {
|
||||
fprintf(stderr, "Unrecognized elliptic curve %s\n", curve);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
ecparams = SECITEM_AllocItem(NULL, NULL, (2 + oidData->oid.len));
|
||||
|
||||
/*
|
||||
* ecparams->data needs to contain the ASN encoding of an object ID (OID)
|
||||
* representing the named curve. The actual OID is in
|
||||
* oidData->oid.data so we simply prepend 0x06 and OID length
|
||||
*/
|
||||
ecparams->data[0] = SEC_ASN1_OBJECT_ID;
|
||||
ecparams->data[1] = oidData->oid.len;
|
||||
memcpy(ecparams->data + 2, oidData->oid.data, oidData->oid.len);
|
||||
|
||||
return ecparams;
|
||||
}
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
|
||||
static void
|
||||
dump_pqg(PQGParams *pqg)
|
||||
{
|
||||
|
|
@ -363,6 +557,23 @@ dump_dsakey(DSAPrivateKey *key)
|
|||
SECU_PrintInteger(stdout, &key->privateValue, "PRIVATE VALUE:", 0);
|
||||
}
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
static void
|
||||
dump_ecp(ECParams *ecp)
|
||||
{
|
||||
/* TODO other fields */
|
||||
SECU_PrintInteger(stdout, &ecp->base, "BASE POINT:", 0);
|
||||
}
|
||||
|
||||
static void
|
||||
dump_eckey(ECPrivateKey *key)
|
||||
{
|
||||
dump_ecp(&key->ecParams);
|
||||
SECU_PrintInteger(stdout, &key->publicValue, "PUBLIC VALUE:", 0);
|
||||
SECU_PrintInteger(stdout, &key->privateValue, "PRIVATE VALUE:", 0);
|
||||
}
|
||||
#endif
|
||||
|
||||
static void
|
||||
dump_rsakey(RSAPrivateKey *key)
|
||||
{
|
||||
|
|
@ -421,7 +632,10 @@ typedef enum {
|
|||
bltestAES_ECB, /* . */
|
||||
bltestAES_CBC, /* . */
|
||||
bltestRSA, /* Public Key Ciphers */
|
||||
bltestDSA, /* . (Public Key Sig.) */
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
bltestECDSA, /* . (Public Key Sig.) */
|
||||
#endif
|
||||
bltestDSA, /* . */
|
||||
bltestMD2, /* Hash algorithms */
|
||||
bltestMD5, /* . */
|
||||
bltestSHA1, /* . */
|
||||
|
|
@ -445,6 +659,9 @@ static char *mode_strings[] =
|
|||
"aes_ecb",
|
||||
"aes_cbc",
|
||||
"rsa",
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
"ecdsa",
|
||||
#endif
|
||||
/*"pqg",*/
|
||||
"dsa",
|
||||
"md2",
|
||||
|
|
@ -488,6 +705,17 @@ typedef struct
|
|||
DSAPrivateKey *dsakey;
|
||||
} bltestDSAParams;
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
typedef struct
|
||||
{
|
||||
bltestIO key;
|
||||
char *curveName;
|
||||
bltestIO sigseed;
|
||||
bltestIO sig; /* if doing verify, have additional input */
|
||||
ECPrivateKey *eckey;
|
||||
} bltestECDSAParams;
|
||||
#endif
|
||||
|
||||
typedef struct
|
||||
{
|
||||
bltestIO key; /* unused */
|
||||
|
|
@ -501,6 +729,9 @@ typedef union
|
|||
bltestRC5Params rc5;
|
||||
bltestRSAParams rsa;
|
||||
bltestDSAParams dsa;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
bltestECDSAParams ecdsa;
|
||||
#endif
|
||||
bltestHashParams hash;
|
||||
} bltestParams;
|
||||
|
||||
|
|
@ -560,7 +791,11 @@ PRBool
|
|||
is_sigCipher(bltestCipherMode mode)
|
||||
{
|
||||
/* change as needed! */
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
if (mode >= bltestECDSA && mode <= bltestDSA)
|
||||
#else
|
||||
if (mode >= bltestDSA && mode <= bltestDSA)
|
||||
#endif
|
||||
return PR_TRUE;
|
||||
return PR_FALSE;
|
||||
}
|
||||
|
|
@ -829,6 +1064,20 @@ dsa_verifyDigest(void *key, SECItem *output, const SECItem *input)
|
|||
return DSA_VerifyDigest((DSAPublicKey *)key, output, input);
|
||||
}
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
SECStatus
|
||||
ecdsa_signDigest(void *key, SECItem *output, const SECItem *input)
|
||||
{
|
||||
return ECDSA_SignDigest((ECPrivateKey *)key, output, input);
|
||||
}
|
||||
|
||||
SECStatus
|
||||
ecdsa_verifyDigest(void *key, SECItem *output, const SECItem *input)
|
||||
{
|
||||
return ECDSA_VerifyDigest((ECPublicKey *)key, output, input);
|
||||
}
|
||||
#endif
|
||||
|
||||
SECStatus
|
||||
bltest_des_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
|
||||
{
|
||||
|
|
@ -1125,6 +1374,74 @@ bltest_dsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
|
|||
return SECSuccess;
|
||||
}
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
SECStatus
|
||||
bltest_ecdsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
|
||||
{
|
||||
int i;
|
||||
ECPrivateKey **dummyKey;
|
||||
PRIntervalTime time1, time2;
|
||||
bltestECDSAParams *ecdsap = &cipherInfo->params.ecdsa;
|
||||
/* ECDSA key gen was done during parameter setup */
|
||||
cipherInfo->cx = cipherInfo->params.ecdsa.eckey;
|
||||
/* For performance testing */
|
||||
if (cipherInfo->cxreps > 0) {
|
||||
/* Create space for n private key objects */
|
||||
dummyKey = (ECPrivateKey **)PORT_ZAlloc(cipherInfo->cxreps *
|
||||
sizeof(ECPrivateKey *));
|
||||
/* Time n keygens, storing in the array */
|
||||
TIMESTART();
|
||||
for (i=0; i<cipherInfo->cxreps; i++) {
|
||||
EC_NewKey(&ecdsap->eckey->ecParams, &dummyKey[i]);
|
||||
}
|
||||
TIMEFINISH(cipherInfo->cxtime, cipherInfo->cxreps);
|
||||
/* Free the n key objects */
|
||||
for (i=0; i<cipherInfo->cxreps; i++)
|
||||
PORT_FreeArena(dummyKey[i]->ecParams.arena, PR_TRUE);
|
||||
PORT_Free(dummyKey);
|
||||
}
|
||||
if (!cipherInfo->cx && ecdsap->key.buf.len > 0) {
|
||||
cipherInfo->cx = eckey_from_filedata(&ecdsap->key.buf);
|
||||
}
|
||||
if (encrypt) {
|
||||
cipherInfo->cipher.pubkeyCipher = ecdsa_signDigest;
|
||||
} else {
|
||||
/* Have to convert private key to public key. Memory
|
||||
* is freed with private key's arena */
|
||||
ECPublicKey *pubkey;
|
||||
ECPrivateKey *key = (ECPrivateKey *)cipherInfo->cx;
|
||||
pubkey = (ECPublicKey *)PORT_ArenaZAlloc(key->ecParams.arena,
|
||||
sizeof(ECPublicKey));
|
||||
pubkey->ecParams.type = key->ecParams.type;
|
||||
pubkey->ecParams.fieldID.size = key->ecParams.fieldID.size;
|
||||
pubkey->ecParams.fieldID.type = key->ecParams.fieldID.type;
|
||||
pubkey->ecParams.fieldID.u.prime.len = key->ecParams.fieldID.u.prime.len;
|
||||
pubkey->ecParams.fieldID.u.prime.data = key->ecParams.fieldID.u.prime.data;
|
||||
pubkey->ecParams.fieldID.k1 = key->ecParams.fieldID.k1;
|
||||
pubkey->ecParams.fieldID.k2 = key->ecParams.fieldID.k2;
|
||||
pubkey->ecParams.fieldID.k3 = key->ecParams.fieldID.k3;
|
||||
pubkey->ecParams.curve.a.len = key->ecParams.curve.a.len;
|
||||
pubkey->ecParams.curve.a.data = key->ecParams.curve.a.data;
|
||||
pubkey->ecParams.curve.b.len = key->ecParams.curve.b.len;
|
||||
pubkey->ecParams.curve.b.data = key->ecParams.curve.b.data;
|
||||
pubkey->ecParams.curve.seed.len = key->ecParams.curve.seed.len;
|
||||
pubkey->ecParams.curve.seed.data = key->ecParams.curve.seed.data;
|
||||
pubkey->ecParams.base.len = key->ecParams.base.len;
|
||||
pubkey->ecParams.base.data = key->ecParams.base.data;
|
||||
pubkey->ecParams.order.len = key->ecParams.order.len;
|
||||
pubkey->ecParams.order.data = key->ecParams.order.data;
|
||||
pubkey->ecParams.cofactor = key->ecParams.cofactor;
|
||||
pubkey->ecParams.DEREncoding.len = key->ecParams.DEREncoding.len;
|
||||
pubkey->ecParams.DEREncoding.data = key->ecParams.DEREncoding.data;
|
||||
pubkey->ecParams.name= key->ecParams.name;
|
||||
pubkey->publicValue.len = key->publicValue.len;
|
||||
pubkey->publicValue.data = key->publicValue.data;
|
||||
cipherInfo->cipher.pubkeyCipher = ecdsa_verifyDigest;
|
||||
}
|
||||
return SECSuccess;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* XXX unfortunately, this is not defined in blapi.h */
|
||||
SECStatus
|
||||
md2_HashBuf(unsigned char *dest, const unsigned char *src, uint32 src_length)
|
||||
|
|
@ -1374,12 +1691,22 @@ finish:
|
|||
|
||||
SECStatus
|
||||
pubkeyInitKey(bltestCipherInfo *cipherInfo, PRFileDesc *file,
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
int keysize, int exponent, char *curveName)
|
||||
#else
|
||||
int keysize, int exponent)
|
||||
#endif
|
||||
{
|
||||
int i;
|
||||
SECStatus rv = SECSuccess;
|
||||
bltestRSAParams *rsap;
|
||||
bltestDSAParams *dsap;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
bltestECDSAParams *ecdsap;
|
||||
SECItem *tmpECParamsDER;
|
||||
ECParams *tmpECParams = NULL;
|
||||
SECItem ecSerialize[3];
|
||||
#endif
|
||||
switch (cipherInfo->mode) {
|
||||
case bltestRSA:
|
||||
rsap = &cipherInfo->params.rsa;
|
||||
|
|
@ -1412,6 +1739,37 @@ pubkeyInitKey(bltestCipherInfo *cipherInfo, PRFileDesc *file,
|
|||
dsap->j = PQG_PBITS_TO_INDEX(8*dsap->dsakey->params.prime.len);
|
||||
}
|
||||
break;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
case bltestECDSA:
|
||||
ecdsap = &cipherInfo->params.ecdsa;
|
||||
if (curveName != NULL) {
|
||||
tmpECParamsDER = getECParams(curveName);
|
||||
rv = secoid_Init();
|
||||
CHECKERROR(rv, __LINE__);
|
||||
rv = EC_DecodeParams(tmpECParamsDER, &tmpECParams) == SECFailure;
|
||||
CHECKERROR(rv, __LINE__);
|
||||
rv = EC_NewKey(tmpECParams, &ecdsap->eckey);
|
||||
CHECKERROR(rv, __LINE__);
|
||||
ecSerialize[0].type = tmpECParamsDER->type;
|
||||
ecSerialize[0].data = tmpECParamsDER->data;
|
||||
ecSerialize[0].len = tmpECParamsDER->len;
|
||||
ecSerialize[1].type = ecdsap->eckey->publicValue.type;
|
||||
ecSerialize[1].data = ecdsap->eckey->publicValue.data;
|
||||
ecSerialize[1].len = ecdsap->eckey->publicValue.len;
|
||||
ecSerialize[2].type = ecdsap->eckey->privateValue.type;
|
||||
ecSerialize[2].data = ecdsap->eckey->privateValue.data;
|
||||
ecSerialize[2].len = ecdsap->eckey->privateValue.len;
|
||||
serialize_key(&(ecSerialize[0]), 3, file);
|
||||
free(tmpECParamsDER);
|
||||
PORT_FreeArena(tmpECParams->arena, PR_TRUE);
|
||||
rv = SECOID_Shutdown();
|
||||
CHECKERROR(rv, __LINE__);
|
||||
} else {
|
||||
setupIO(cipherInfo->arena, &cipherInfo->params.key, file, NULL, 0);
|
||||
ecdsap->eckey = eckey_from_filedata(&cipherInfo->params.key.buf);
|
||||
}
|
||||
break;
|
||||
#endif
|
||||
default:
|
||||
return SECFailure;
|
||||
}
|
||||
|
|
@ -1466,6 +1824,13 @@ cipherInit(bltestCipherInfo *cipherInfo, PRBool encrypt)
|
|||
DSA_SIGNATURE_LEN);
|
||||
return bltest_dsa_init(cipherInfo, encrypt);
|
||||
break;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
case bltestECDSA:
|
||||
SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
|
||||
2 * MAX_ECKEY_LEN);
|
||||
return bltest_ecdsa_init(cipherInfo, encrypt);
|
||||
break;
|
||||
#endif
|
||||
case bltestMD2:
|
||||
restart = cipherInfo->params.hash.restart;
|
||||
SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
|
||||
|
|
@ -1573,6 +1938,66 @@ dsaOp(bltestCipherInfo *cipherInfo)
|
|||
return rv;
|
||||
}
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
SECStatus
|
||||
ecdsaOp(bltestCipherInfo *cipherInfo)
|
||||
{
|
||||
PRIntervalTime time1, time2;
|
||||
SECStatus rv = SECSuccess;
|
||||
int i;
|
||||
int maxLen = cipherInfo->output.pBuf.len;
|
||||
SECItem dummyOut = { 0, 0, 0 };
|
||||
SECITEM_AllocItem(NULL, &dummyOut, maxLen);
|
||||
if (cipherInfo->cipher.pubkeyCipher == ecdsa_signDigest) {
|
||||
if (cipherInfo->params.ecdsa.sigseed.buf.len > 0) {
|
||||
rv = ECDSA_SignDigestWithSeed((ECPrivateKey *)cipherInfo->cx,
|
||||
&cipherInfo->output.pBuf,
|
||||
&cipherInfo->input.pBuf,
|
||||
cipherInfo->params.ecdsa.sigseed.buf.data,
|
||||
cipherInfo->params.ecdsa.sigseed.buf.len);
|
||||
CHECKERROR(rv, __LINE__);
|
||||
TIMESTART();
|
||||
for (i=0; i<cipherInfo->repetitions; i++) {
|
||||
rv |= ECDSA_SignDigestWithSeed((ECPrivateKey *)cipherInfo->cx,
|
||||
&dummyOut,
|
||||
&cipherInfo->input.pBuf,
|
||||
cipherInfo->params.ecdsa.sigseed.buf.data,
|
||||
cipherInfo->params.ecdsa.sigseed.buf.len);
|
||||
}
|
||||
TIMEFINISH(cipherInfo->optime, 1.0);
|
||||
CHECKERROR(rv, __LINE__);
|
||||
} else {
|
||||
rv = ECDSA_SignDigest((ECPrivateKey *)cipherInfo->cx,
|
||||
&cipherInfo->output.pBuf,
|
||||
&cipherInfo->input.pBuf);
|
||||
CHECKERROR(rv, __LINE__);
|
||||
TIMESTART();
|
||||
for (i=0; i<cipherInfo->repetitions; i++) {
|
||||
ECDSA_SignDigest((ECPrivateKey *)cipherInfo->cx, &dummyOut,
|
||||
&cipherInfo->input.pBuf);
|
||||
}
|
||||
TIMEFINISH(cipherInfo->optime, 1.0);
|
||||
}
|
||||
bltestCopyIO(cipherInfo->arena, &cipherInfo->params.ecdsa.sig,
|
||||
&cipherInfo->output);
|
||||
} else {
|
||||
rv = ECDSA_VerifyDigest((ECPublicKey *)cipherInfo->cx,
|
||||
&cipherInfo->params.ecdsa.sig.buf,
|
||||
&cipherInfo->input.pBuf);
|
||||
CHECKERROR(rv, __LINE__);
|
||||
TIMESTART();
|
||||
for (i=0; i<cipherInfo->repetitions; i++) {
|
||||
ECDSA_VerifyDigest((ECPublicKey *)cipherInfo->cx,
|
||||
&cipherInfo->params.ecdsa.sig.buf,
|
||||
&cipherInfo->input.pBuf);
|
||||
}
|
||||
TIMEFINISH(cipherInfo->optime, 1.0);
|
||||
}
|
||||
SECITEM_FreeItem(&dummyOut, PR_FALSE);
|
||||
return rv;
|
||||
}
|
||||
#endif
|
||||
|
||||
SECStatus
|
||||
cipherDoOp(bltestCipherInfo *cipherInfo)
|
||||
{
|
||||
|
|
@ -1583,6 +2008,10 @@ cipherDoOp(bltestCipherInfo *cipherInfo)
|
|||
unsigned char *dummyOut;
|
||||
if (cipherInfo->mode == bltestDSA)
|
||||
return dsaOp(cipherInfo);
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
else if (cipherInfo->mode == bltestECDSA)
|
||||
return ecdsaOp(cipherInfo);
|
||||
#endif
|
||||
dummyOut = PORT_Alloc(maxLen);
|
||||
if (is_symmkeyCipher(cipherInfo->mode)) {
|
||||
rv = (*cipherInfo->cipher.symmkeyCipher)(cipherInfo->cx,
|
||||
|
|
@ -1657,6 +2086,9 @@ cipherFinish(bltestCipherInfo *cipherInfo)
|
|||
#endif
|
||||
case bltestRSA: /* keys are alloc'ed within cipherInfo's arena, */
|
||||
case bltestDSA: /* will be freed with it. */
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
case bltestECDSA:
|
||||
#endif
|
||||
case bltestMD2: /* hash contexts are ephemeral */
|
||||
case bltestMD5:
|
||||
case bltestSHA1:
|
||||
|
|
@ -1733,6 +2165,14 @@ print_td:
|
|||
else
|
||||
fprintf(stdout, "%8d", PQG_INDEX_TO_PBITS(info->params.dsa.j));
|
||||
break;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
case bltestECDSA:
|
||||
if (td)
|
||||
fprintf(stdout, "%12s", "ec_curve");
|
||||
else
|
||||
fprintf(stdout, "%12s", ecCurve_map[info->params.ecdsa.eckey->ecParams.name]->text);
|
||||
break;
|
||||
#endif
|
||||
case bltestMD2:
|
||||
case bltestMD5:
|
||||
case bltestSHA1:
|
||||
|
|
@ -1877,6 +2317,18 @@ get_params(PRArenaPool *arena, bltestParams *params,
|
|||
sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "ciphertext",j);
|
||||
load_file_data(arena, ¶ms->dsa.sig, filename, bltestBase64Encoded);
|
||||
break;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
case bltestECDSA:
|
||||
sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j);
|
||||
load_file_data(arena, ¶ms->ecdsa.key, filename, bltestBase64Encoded);
|
||||
params->ecdsa.eckey = eckey_from_filedata(¶ms->key.buf);
|
||||
sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "sigseed", j);
|
||||
load_file_data(arena, ¶ms->ecdsa.sigseed, filename,
|
||||
bltestBase64Encoded);
|
||||
sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "ciphertext",j);
|
||||
load_file_data(arena, ¶ms->ecdsa.sig, filename, bltestBase64Encoded);
|
||||
break;
|
||||
#endif
|
||||
case bltestMD2:
|
||||
case bltestMD5:
|
||||
case bltestSHA1:
|
||||
|
|
@ -1945,7 +2397,7 @@ blapi_selftest(bltestCipherMode *modes, int numModes, int inoff, int outoff,
|
|||
bltestIO pt, ct;
|
||||
bltestCipherMode mode;
|
||||
bltestParams *params;
|
||||
int i, j, nummodes;
|
||||
int i, j, nummodes, numtests;
|
||||
char *modestr;
|
||||
char filename[256];
|
||||
PRFileDesc *file;
|
||||
|
|
@ -1993,7 +2445,12 @@ blapi_selftest(bltestCipherMode *modes, int numModes, int inoff, int outoff,
|
|||
#endif
|
||||
PR_Close(file);
|
||||
/* loop over the tests in the directory */
|
||||
for (j=0; j<(int)(item.data[0] - '0'); j++) { /* XXX bug when > 10 */
|
||||
numtests = (int) (item.data[0] - '0');
|
||||
for (j=1; j<item.len - 1; j++) {
|
||||
numtests *= 10;
|
||||
numtests += (int) (item.data[j] - '0');
|
||||
}
|
||||
for (j=0; j<numtests; j++) {
|
||||
#ifdef TRACK_BLTEST_BUG
|
||||
if (mode == bltestRSA) {
|
||||
fprintf(stderr, "[%s] Executing self-test #%d\n", __bltDBG, j);
|
||||
|
|
@ -2001,8 +2458,13 @@ blapi_selftest(bltestCipherMode *modes, int numModes, int inoff, int outoff,
|
|||
#endif
|
||||
sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr,
|
||||
"plaintext", j);
|
||||
load_file_data(arena, &pt, filename, (mode == bltestDSA) ?
|
||||
bltestBase64Encoded : bltestBinary);
|
||||
load_file_data(arena, &pt, filename,
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
((mode == bltestDSA) || (mode == bltestECDSA))
|
||||
#else
|
||||
(mode == bltestDSA)
|
||||
#endif
|
||||
? bltestBase64Encoded : bltestBinary);
|
||||
sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr,
|
||||
"ciphertext", j);
|
||||
load_file_data(arena, &ct, filename, bltestBase64Encoded);
|
||||
|
|
@ -2066,7 +2528,11 @@ blapi_selftest(bltestCipherMode *modes, int numModes, int inoff, int outoff,
|
|||
** Align the input buffer (ciphertext) according to request
|
||||
** then perform operation and compare to plaintext
|
||||
*/
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
if ((mode != bltestDSA) && (mode != bltestECDSA))
|
||||
#else
|
||||
if (mode != bltestDSA)
|
||||
#endif
|
||||
bltestCopyIO(arena, &cipherInfo.input, &ct);
|
||||
else
|
||||
bltestCopyIO(arena, &cipherInfo.input, &pt);
|
||||
|
|
@ -2127,6 +2593,13 @@ dump_file(bltestCipherMode mode, char *filename)
|
|||
load_file_data(arena, &keydata, filename, bltestBase64Encoded);
|
||||
key = dsakey_from_filedata(&keydata.buf);
|
||||
dump_dsakey(key);
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
} else if (mode == bltestECDSA) {
|
||||
ECPrivateKey *key;
|
||||
load_file_data(arena, &keydata, filename, bltestBase64Encoded);
|
||||
key = eckey_from_filedata(&keydata.buf);
|
||||
dump_eckey(key);
|
||||
#endif
|
||||
}
|
||||
PORT_FreeArena(arena, PR_FALSE);
|
||||
return SECFailure;
|
||||
|
|
@ -2160,6 +2633,9 @@ enum {
|
|||
opt_Key,
|
||||
opt_HexWSpc,
|
||||
opt_Mode,
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
opt_CurveName,
|
||||
#endif
|
||||
opt_Output,
|
||||
opt_Repetitions,
|
||||
opt_ZeroBuf,
|
||||
|
|
@ -2206,6 +2682,9 @@ static secuCommandFlag bltest_options[] =
|
|||
{ /* opt_Key */ 'k', PR_TRUE, 0, PR_FALSE },
|
||||
{ /* opt_HexWSpc */ 'l', PR_FALSE, 0, PR_FALSE },
|
||||
{ /* opt_Mode */ 'm', PR_TRUE, 0, PR_FALSE },
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
{ /* opt_CurveName */ 'n', PR_TRUE, 0, PR_FALSE },
|
||||
#endif
|
||||
{ /* opt_Output */ 'o', PR_TRUE, 0, PR_FALSE },
|
||||
{ /* opt_Repetitions */ 'p', PR_TRUE, 0, PR_FALSE },
|
||||
{ /* opt_ZeroBuf */ 'q', PR_FALSE, 0, PR_FALSE },
|
||||
|
|
@ -2236,6 +2715,9 @@ int main(int argc, char **argv)
|
|||
PRArenaPool *arena;
|
||||
bltestIOMode ioMode;
|
||||
int keysize, bufsize, exponent;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
char *curveName = NULL;
|
||||
#endif
|
||||
int i, commandsEntered;
|
||||
int inoff, outoff;
|
||||
|
||||
|
|
@ -2397,6 +2879,13 @@ int main(int argc, char **argv)
|
|||
else
|
||||
exponent = 65537;
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
if (bltest.options[opt_CurveName].activated)
|
||||
curveName = PORT_Strdup(bltest.options[opt_CurveName].arg);
|
||||
else
|
||||
curveName = NULL;
|
||||
#endif
|
||||
|
||||
/* Set up an encryption key. */
|
||||
keysize = 0;
|
||||
file = NULL;
|
||||
|
|
@ -2431,7 +2920,11 @@ int main(int argc, char **argv)
|
|||
file = PR_Open("tmp.key", PR_WRONLY|PR_CREATE_FILE, 00660);
|
||||
}
|
||||
params->key.mode = bltestBase64Encoded;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
pubkeyInitKey(&cipherInfo, file, keysize, exponent, curveName);
|
||||
#else
|
||||
pubkeyInitKey(&cipherInfo, file, keysize, exponent);
|
||||
#endif
|
||||
PR_Close(file);
|
||||
}
|
||||
|
||||
|
|
@ -2468,9 +2961,17 @@ int main(int argc, char **argv)
|
|||
exit(-1);
|
||||
}
|
||||
file = PR_Open(bltest.options[opt_SigFile].arg, PR_RDONLY, 00660);
|
||||
memset(&cipherInfo.params.dsa.sig, 0, sizeof(bltestIO));
|
||||
cipherInfo.params.dsa.sig.mode = ioMode;
|
||||
setupIO(cipherInfo.arena, &cipherInfo.params.dsa.sig, file, NULL, 0);
|
||||
if (cipherInfo.mode == bltestDSA) {
|
||||
memset(&cipherInfo.params.dsa.sig, 0, sizeof(bltestIO));
|
||||
cipherInfo.params.dsa.sig.mode = ioMode;
|
||||
setupIO(cipherInfo.arena, &cipherInfo.params.dsa.sig, file, NULL, 0);
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
} else if (cipherInfo.mode == bltestECDSA) {
|
||||
memset(&cipherInfo.params.ecdsa.sig, 0, sizeof(bltestIO));
|
||||
cipherInfo.params.ecdsa.sig.mode = ioMode;
|
||||
setupIO(cipherInfo.arena, &cipherInfo.params.ecdsa.sig, file, NULL, 0);
|
||||
#endif
|
||||
}
|
||||
}
|
||||
|
||||
if (bltest.options[opt_PQGFile].activated) {
|
||||
|
|
|
|||
|
|
@ -34,7 +34,7 @@ CORE_DEPTH = ../../..
|
|||
|
||||
MODULE = nss
|
||||
|
||||
REQUIRES = seccmd dbm
|
||||
REQUIRES = seccmd dbm softoken
|
||||
|
||||
INCLUDES += -I$(CORE_DEPTH)/nss/lib/softoken
|
||||
|
||||
|
|
@ -52,3 +52,7 @@ CSRCS = \
|
|||
blapitest.c \
|
||||
$(NULL)
|
||||
|
||||
ifdef NSS_ENABLE_ECC
|
||||
DEFINES += -DNSS_ENABLE_ECC
|
||||
endif
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,22 @@
|
|||
0 secp160k1
|
||||
1 secp160r1
|
||||
2 secp160r2
|
||||
3 nistk163
|
||||
4 sect163r1
|
||||
5 nistb163
|
||||
6 secp192k1
|
||||
7 nistp192
|
||||
8 secp224k1
|
||||
9 nistp224
|
||||
10 nistk233
|
||||
11 nistb233
|
||||
12 nistp256
|
||||
13 nistk283
|
||||
14 nistb283
|
||||
15 nistp384
|
||||
16 nistk409
|
||||
17 nistb409
|
||||
18 nistk571
|
||||
19 nistb571
|
||||
# the following tests are not yet implemented
|
||||
#20 nistp521
|
||||
|
|
@ -0,0 +1 @@
|
|||
GoWqve3YezF7HOABQjioFL/3oq32oM9pHsGTQTJE7aFE62nItVqAdg==
|
||||
|
|
@ -0,0 +1 @@
|
|||
PM6xHbiwP6Xcb44mg7BHtaJvd8PkxgvHAB1sh2cF0so3naFf0Tj6vQ==
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
AF3bbyED08NTrUgKmag9HiuUbaW0skXA/Bp9RPjRAD6M0rp3nvLDKozI940jxPP1
|
||||
nWpHF7VcyCVzJeV6
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
AOLrxy4FWd29ToUjOwLs6GyQ+dYZN6NkZ8oVO6dsAEXt55ePlCWZbOtmk6v9PrNG
|
||||
JOsY/MHnGhDeAGRl
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
aQHMte9cFByD9Ff3rZOPOtPI75luPoxemmgjXIgh/9jEeoTdDk8xuAYQUkayCfs+
|
||||
DpDaGnOLkfAyZ8GcuaCujg==
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
AaeVCRJQPbpTqa1+zLd/8xAbkz3KKTr0dlS4tuGC8hc9j5esAeEv+7IklbA3v5Jz
|
||||
jC+nJy4p81iNO5E9H8nfGGckfQSiFzHG
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
AgU0N7zJPg/1UxmCWD5Z+DqDqkRKjy4heFgayCyopb/u4XErAZArgsjashAxzMKC
|
||||
PSDJasPT90T5Va8sNtjXtSpHWxc2roV9
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
NXo8is+7lAoOwWGt7+GBbT/UX8LGs8TXEHBI+tX9311pJ4J3pfBYobgN0ZK6ZBtp
|
||||
dS6PkrPaQp0S9nrfTOS5uAH95eD1eymRfCbOnjTUKzLuIn53V17vRjdcDtLzrhzX
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
ADhxjBz/ACTy4GJlL0tYZpyNpC4DsXND9lJuU7x9N7g6gkpJyBPw3vBYU1olw6PH
|
||||
dnegpgAm4Gh6MCsZB4KBcLwl1wjt4B3p2eqEqDYn5fiie5f4XuRomvI92jR5Sb+I
|
||||
nBLCHIppt/Q=
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
AGhHQ6kfdZRgu1svQTXEIewvFVglnUy6ANPumyUbM14AEfRkCUNa1uzvhV1sbWYj
|
||||
qT3egQCA9MTjThDNJeDOvvL6hVVOryUv4+C3RtkpQGCtdml+CSsjVTej8h9JbMds
|
||||
Dme40b2G6fE=
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
AGBuqk48tufy0bKEWpu+xEHsmi+6KCfdwOSRwLDnpVetGe9AWknHDzeTSwe0QxcE
|
||||
RsEkUZGDpxfzUlCLSSSU+ErrYY/uyLV2AJTb3prB6A2YNwdmFGeRbDoxeOu7FuQA
|
||||
3gxBQhR+TGMuskeM+BdHFmFrwvTTdHCGzjTBa5S8mbgEJTfeik/it28T/9i+duZ8
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
AaiotJfCiWU1d2LFe+t0CcWHDSF7EOlApWYJ+RNRSq8TbkXJIzi6abbb7BovtRwf
|
||||
i/COYwjS7OnkFQ6x5Pdrb7OZ0dTAdDRXAKtXWSKR20Y4fhnx/HUxisFwKrsCEQ3O
|
||||
uVtwDG8rh5V8zjBnCEcs5Iy9CsklucibR0PIyglVmW+ZuY42YNebuOC2VUKqHNF7
|
||||
|
|
@ -0,0 +1 @@
|
|||
Vli8Hau3xL8oder6ZdM9Y3fMd92jbguiMq6F+9CUjlUQXy5EwAVGeg==
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
ALAM5hGnex7TvBbSEzDlfv+n5g7aWyRyZsBbl2Y6wW1plSovbq2GcV6w1ZV1Vlot
|
||||
70zbqkKyNApvTi3xoD4Ens6pAeLMYDILwaQhnyJZWQv3etbWqUKJZNgfH1IDj03k
|
||||
n9hbjYLX3y4bc4CnrhOiv5Ab34s7M8wUYcjC+DbHwhLl/S6N
|
||||
|
|
@ -0,0 +1 @@
|
|||
AFohw5TN/dpmqbhp/T4z1Rl1boAUA6r9eEPJbYN0zf+eHZzyvezxqjxU
|
||||
|
|
@ -0,0 +1 @@
|
|||
AtJdCPXn5yQW34jekhsnsNmaMOeeA3KIVl1d2+7pb6QycUAzYccgwSrp
|
||||
|
|
@ -0,0 +1 @@
|
|||
AzEg0sOGHwxd0o3cv+o9dsRPOzXMAdpgtI6O0uUmVN2+a5qI5FYQlItz
|
||||
|
|
@ -0,0 +1 @@
|
|||
5+HDXH/ieN8Bzxd3dfxKZoqbbhsm7jyeqWdemt6Xy0kx+7zwSYsh9Ng5KRdy6wtA
|
||||
|
|
@ -0,0 +1 @@
|
|||
WcS9umnUASP0X6lHvkWJwPY37ZVvAMLBERHLjL3Vzg6QVjwcS8kDVortTFei3aTx
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
ItpmPaGAaoe2feXPbh5+EASLGnEzyYbEnwJ+JFNSOQcoY4a/cMV2rn8FYyBsEDiZ
|
||||
LPDBU0i2uOg=
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
QjzCVGRUjulOLqeBqC5xpY0GWomOrmQUCtImY0czn98a/jHrdgsSRKiMHukBUxM1
|
||||
TIRGjkV2L+A=
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
AAAABwYFK4EEAAkAAAApBPiF0ntSFtn41JULxlA1l/lHE/zUPGJWkCqtdOryS6yD
|
||||
WFCoF/IHwHsAAAAUcw+b2b1AJUlmezgu5EjmAGPC0YQ=
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
AAAABwYFK4EEAAgAAAApBI80VWK9xatmkFRiDTcdeFQ0T9h3h6iVOinMURyWZw0T
|
||||
5vZqd8/gvwwAAAAUYOQMjDdtNSL5zY0nVWPWY+UJoqQ=
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
AAAABwYFK4EEABoAAAA9BACmzalMQJBOWV2FoyV0tXSpT07Xajq4bB1SUwSY7QGn
|
||||
dgGC3GBqjPs9vEpqfMMQ2M9k3+5oubWnexNFhQAAAB4BRha/6sE7VSHl92ZqCj5p
|
||||
LYtBpK23jzfdVWO8SAY=
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
AAAABwYFK4EEABsAAAA9BAD2/x9HSYYVEQ9AU4MivlIKPypJjsm0sTrp8BftlQGv
|
||||
KaYrKpZCg/CEw3C2kqvke7HAu+10hafK9asRxQAAAB4AXyFCurtsXhahkyJpkb5J
|
||||
LUg3xVL00vviR0KyFZY=
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
AAAACgYIKoZIzj0DAQcAAABBBNGB7n4kH15tKA/SMpetaQVqg6WxIuuUuMQT2tDX
|
||||
NN5jKZfaxD47NsTjTr3x3D5t1qRBYuL6VtdgIuxBIHGG9dcAAAAgaGjyZBL+LN3a
|
||||
7NkGiHJBfqh7XKNH0AnPF3vFWpostIQ=
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
AAAABwYFK4EEABAAAABJBAT3klWkt7+1Pr6QGEcvEIZplopwt1alrsJUThDOxvUF
|
||||
7KvBpQLVjB+DQTwYQnEREb/WFyRgUBuIbII0+zd/g0fLHE4PQ8SNlAAAACQFPsMX
|
||||
mqSVRreUVasUOIZQFB2jnpwCUyoq+xa9SRril5LeOCY=
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
AAAABwYFK4EEABEAAABJBAf/ei/XCrFrMZLBp5BFkKZ3Odn+ZJu7QIAK32Ubuxmi
|
||||
xgWTewf2vv+KY5kHwsBYuBXmmnKe9Ak9zGP4Lykvgk5n5J6iUz5ycQAAACQAQHXa
|
||||
d29OqGxoDNCl9xETW3tAL/2hfZzstNuOPLm5kj4j1Dc=
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
AAAABwYFK4EEACIAAABhBLWMJG3t4khPYcsl3H492rAqukJ1RqJm27pqpN54rFGG
|
||||
r2VDwOfqb9tMninq8IyOh42eaaVOEPXXu4Q/ATWBEfrbTRBjTpzAE2SSPuQma0lM
|
||||
q0RSVECCgdBOKIhB0H6VxAAAADA3WPjUaMWCS9E5KbVDrEcf5CV5tCNNWJQkwjsA
|
||||
yALMCiXJqRVXwbq42WMuaELMW+g=
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
AAAABwYFK4EEACQAAABpBADkgknFgTPuirxQxFlqIK+vcARWzlpJR+qmyRyQsBiz
|
||||
Nh6Ws036xUKY9M8LxMIWXFNM6aIA2wxKsBF+HHD6oy27EAJSJOGbke/9F9Kv5AiW
|
||||
2RXA4mllUaxCNsuQ36PqUdqv4FeXxWTpAAAANAHTZloqhR0V4bfyaeo2hojcvY3T
|
||||
NO04ewNryBpsHZ0bhID0EfewYuwQmX00GYNfuV3mJ2w=
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
AAAABwYFK4EEACUAAABpBAAEE/bAmqCjO3FLvN93Q/UjDyDp2sj+F//buuf1hZ0K
|
||||
1rSOGXMLcBrqVa8R6UJ57F9/Yc0BCTylpJMXjfCr4eDczG4WOQk+5x8kpKQs5Q9U
|
||||
V3IolHDiQY/Nhn7o4UFn5/mF71T3qUqwAAAANAH/o7jEl9Bw+Arj9uQ7ZHkoPGgx
|
||||
t92UJg1r/lxa7UUd66iJfRI8n8yQH/sw56D1+CweeII=
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
AAAABwYFK4EEACYAAACRBAffZTrfwIl0dciO2fui3UhZw6r+jnFh7gyER92gXL7+
|
||||
LzPgTHagd1vdQiIX4K8Dv76KN0BldiFuX5odP7qC26MUaiURDdWT0AWcPmumSSBH
|
||||
NXZYLLx5hQjW3BTNwV7v5bmUjezfgtuOCC30dQGs2GMgExAmiWRjTkiPrHg1SFKF
|
||||
3RklauOyMWauaVpEzh3c+wAAAEgAZvLs4/Rx7tS+QGH92fGGIxPWPbVYOpDKwabY
|
||||
poV2i1BD5Fxvw+eHlvxVOLmRPqRCPTfOLwAeNbHyt17U/BVZ8+svTChlzuA=
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
AAAABwYFK4EEACcAAACRBASpPvOfQVqiMD+cBL/nulFit5pk/5beJ6/KpeIltg4s
|
||||
6/s7PPggJA59BP7RJwak6rgY3PsRqXVPjyM/1UkUfRUR2BJgOfNTkQe9WF7Y5zXy
|
||||
TM76cWhOP+sLSoUcscy/HTLCpHqRLLvWZPDzgjrfJqSlydMEDZjWsJRVPk9IfeQ/
|
||||
amGiWOhJIQd/bSrAazZn6AAAAEgFz1qZzjHuhuP1boJ7gzndJhQslx1efbESxHSc
|
||||
wbOpeBpw2MsCAwjtgo3Y8pviFIC8+5MStkFjE8uHQ0ngXc02wm3G0xj8XGQ=
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
AAAABwYFK4EEAB4AAAApBGouC+vgvmItzsLO4hXn+AXi3skEE+M19o/QHLfjibbA
|
||||
p7av8F4tcGgAAAAUmpQDUgnIkiXPBs0moD4jEmJHato=
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
AAAABwYFK4EEACMAAACFBAHLMSpMFVyG6mXE7SZ5O5Bwv4d8/QiAB3BzpXkyrU1W
|
||||
jJ9O9uOYTXM+cFtF5v56+LsI4yGkaAl9+RF6lFPjrhpIswCmBmEqMBgZpjoz38my
|
||||
nLHBI9MaFF8AHkRQwD3LJLo4eSZHOVkdIvDYLwicdlgr0zD3Nf76/HB1+0DkBGqE
|
||||
MyG22gAAAEIAFah7z179UbqqdH68pzdZsP1ChXjtYZ11rBM0+HP7yLirxH3ahKTt
|
||||
DjsY19GEjz4gKsaLfLiQ1/Dp+VKVLcBKpk0=
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
AAAABwYFK4EEAAEAAAArBAe4qW9DTVGRVIYYznwJZbn8mWXLugA2A+Mv112Bu+y7
|
||||
gxI8E4/fEdLTsQAAABUGEQDNcbxi0JhwALA8FCCxvmWYM3E=
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
AAAABwYFK4EEAAIAAAArBAXw45Pc59l1QWmAB1W6M30lyFzQmAH/0FIFKYgEOYIa
|
||||
dnEXMwKNwaRdsQAAABUCErj052f+Rth5OxAm376LOAQyvBY=
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
AAAABwYFK4EEAA8AAAArBAFhm71N2wsUOYCwDNr/6rFvNX1okAbki1SNlHq2TQDO
|
||||
Bktd1M0jlApWVQAAABUCILsraWg3Qi5nBsXQ1pGmZk0YuSA=
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
AAAABwYFK4EEAB8AAAAxBHOYACoc9XsLk5n8NZZKV2U9CDoMj/VRDvqbf+myloR7
|
||||
uBfVNm+uVN33Sa65phAfXQAAABitxs6KZtkqU4tglcdQ1Rmk2U74vjYP0JM=
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
AAAACgYIKoZIzj0DAQEAAAAxBOyOI+rIs3x+jsChxQqSVblnoZGqhIM1WX0FMfw+
|
||||
D8Dz6Y25iPcAQFpIAWh29FxnrgAAABh+uEQYXwMB783sULxE6PEd1t/MNZ9HSHI=
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
AAAABwYFK4EEACAAAAA5BKQnZoj4VtlPqrJ5dekM4haG+7PjfgO4wNNIqD7JnrKI
|
||||
gTUd+oUQ41d517xCObyBaHNzdVPty9DvAAAAHIrG9+FE+OJV5UV2l/op7PCDPI4G
|
||||
qkpgzPIwe7U=
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
AAAABwYFK4EEACEAAAA5BGCNDWldzQCbI83PMR96tqR6JnIUpvfIO8l6hIf/QfMc
|
||||
rx2BbrSLoy6EJmP++Jyw5yNyaoVaNYl6AAAAHDnjgcUSIshTSLuejnSsvtvU363b
|
||||
1NJv4ULUbIs=
|
||||
|
|
@ -0,0 +1 @@
|
|||
21
|
||||
|
|
@ -0,0 +1 @@
|
|||
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
|
||||
|
|
@ -0,0 +1 @@
|
|||
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
|
||||
|
|
@ -0,0 +1 @@
|
|||
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
|
||||
|
|
@ -0,0 +1 @@
|
|||
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
|
||||
|
|
@ -0,0 +1 @@
|
|||
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
|
||||
|
|
@ -0,0 +1 @@
|
|||
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
|
||||
|
|
@ -0,0 +1 @@
|
|||
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
|
||||
|
|
@ -0,0 +1 @@
|
|||
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
|
||||
|
|
@ -0,0 +1 @@
|
|||
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
|
||||
|
|
@ -0,0 +1 @@
|
|||
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
|
||||
|
|
@ -0,0 +1 @@
|
|||
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
|
||||
|
|
@ -0,0 +1 @@
|
|||
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
|
||||
|
|
@ -0,0 +1 @@
|
|||
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
|
||||
|
|
@ -0,0 +1 @@
|
|||
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
|
||||
|
|
@ -0,0 +1 @@
|
|||
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
|
||||
|
|
@ -0,0 +1 @@
|
|||
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
|
||||
|
|
@ -0,0 +1 @@
|
|||
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
|
||||
|
|
@ -0,0 +1 @@
|
|||
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
|
||||
|
|
@ -0,0 +1 @@
|
|||
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
|
||||
|
|
@ -0,0 +1 @@
|
|||
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
|
||||
|
|
@ -0,0 +1 @@
|
|||
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
|
||||
|
|
@ -0,0 +1 @@
|
|||
aHpm2QZI+ZOGfhIfTd+d2wEgVYQ=
|
||||
|
|
@ -0,0 +1 @@
|
|||
aHpm2QZI+ZOGfhIfTd+d2wEgVYQ=
|
||||
|
|
@ -0,0 +1 @@
|
|||
fjIzMWJpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA=
|
||||
|
|
@ -0,0 +1 @@
|
|||
fjIzMWJpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA=
|
||||
|
|
@ -0,0 +1 @@
|
|||
/jI1NmJpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA4MDk=
|
||||
|
|
@ -0,0 +1 @@
|
|||
ATI4MWJpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA4MDkwYTBi
|
||||
|
|
@ -0,0 +1 @@
|
|||
ATI4MWJpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA4MDkwYTBi
|
||||
|
|
@ -0,0 +1 @@
|
|||
/jM4NGJpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA4MDkwYTBiMGMwZDBlMGYxMDEx
|
||||
|
|
@ -0,0 +1 @@
|
|||
fjQwN2JpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA4MDkwYTBiMGMwZDBlMGYxMDExMTIx
|
||||
|
|
@ -0,0 +1 @@
|
|||
fjQwN2JpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA4MDkwYTBiMGMwZDBlMGYxMDExMTIx
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
PjU2NmJpdHNPZlRleHQwMDAxMDIwMzA0MDUwNjA3MDgwOTBhMGIwYzBkMGUwZjEwMTExMjEz
|
||||
MTQxNTE2MTcxODE5MWExYjE=
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
PjU2NmJpdHNPZlRleHQwMDAxMDIwMzA0MDUwNjA3MDgwOTBhMGIwYzBkMGUwZjEwMTExMjEz
|
||||
MTQxNTE2MTcxODE5MWExYjE=
|
||||
|
|
@ -0,0 +1 @@
|
|||
aHpm2QZI+ZOGfhIfTd+d2wEgVYQ=
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
/jUyMGJpdHNPZlRleHQwMDAxMDIwMzA0MDUwNjA3MDgwOTBhMGIwYzBkMGUwZjEwMTExMjEz
|
||||
MTQxNTE2MTcxODE=
|
||||
|
|
@ -0,0 +1 @@
|
|||
aHpm2QZI+ZOGfhIfTd+d2wEgVYQ=
|
||||
|
|
@ -0,0 +1 @@
|
|||
aHpm2QZI+ZOGfhIfTd+d2wEgVYQ=
|
||||
|
|
@ -0,0 +1 @@
|
|||
aHpm2QZI+ZOGfhIfTd+d2wEgVYQ=
|
||||
|
|
@ -0,0 +1 @@
|
|||
/jE5MmJpdHNPZlRleHQwMDAwMDAwMDAw
|
||||
|
|
@ -0,0 +1 @@
|
|||
/jE5MmJpdHNPZlRleHQwMDAwMDAwMDAw
|
||||
|
|
@ -0,0 +1 @@
|
|||
/jIyNGJpdHNPZlRleHQwMDAwMDAwMDAwMDAwMA==
|
||||
|
|
@ -0,0 +1 @@
|
|||
/jIyNGJpdHNPZlRleHQwMDAwMDAwMDAwMDAwMA==
|
||||
|
|
@ -16,7 +16,11 @@
|
|||
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
|
||||
* Rights Reserved.
|
||||
*
|
||||
* Portions created by Sun Microsystems, Inc. are Copyright (C) 2003
|
||||
* Sun Microsystems, Inc. All Rights Reserved.
|
||||
*
|
||||
* Contributor(s):
|
||||
* Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the
|
||||
* terms of the GNU General Public License Version 2 or later (the
|
||||
|
|
@ -281,7 +285,7 @@ AddCert(PK11SlotInfo *slot, CERTCertDBHandle *handle, char *name, char *trusts,
|
|||
PRFileDesc *inFile, PRBool ascii, PRBool emailcert, void *pwdata)
|
||||
{
|
||||
CERTCertTrust *trust = NULL;
|
||||
CERTCertificate *cert = NULL, *tempCert = NULL;
|
||||
CERTCertificate *cert = NULL;
|
||||
SECItem certDER;
|
||||
SECStatus rv;
|
||||
|
||||
|
|
@ -382,6 +386,12 @@ getSignatureOidTag(KeyType keyType, SECOidTag hashAlgTag)
|
|||
break;
|
||||
}
|
||||
break;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
case ecKey:
|
||||
/* XXX For now only ECDSA with SHA1 is supported */
|
||||
sigTag = SEC_OID_ANSIX962_ECDSA_SIGNATURE_WITH_SHA1_DIGEST;
|
||||
break;
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
|
@ -975,8 +985,15 @@ Usage(char *progName)
|
|||
"\t\t [-f pwfile] [-z noisefile] [-d certdir] [-P dbprefix]\n", progName);
|
||||
FPS "\t%s -G [-h token-name] -k dsa [-q pqgfile -g key-size] [-f pwfile]\n"
|
||||
"\t\t [-z noisefile] [-d certdir] [-P dbprefix]\n", progName);
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
FPS "\t%s -G [-h token-name] -k ec -q curve [-f pwfile]\n"
|
||||
"\t\t [-z noisefile] [-d certdir] [-P dbprefix]\n", progName);
|
||||
FPS "\t%s -K [-n key-name] [-h token-name] [-k dsa|ec|rsa|all]\n",
|
||||
progName);
|
||||
#else
|
||||
FPS "\t%s -K [-n key-name] [-h token-name] [-k dsa|rsa|all]\n",
|
||||
progName);
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
FPS "\t\t [-f pwfile] [-X] [-d certdir] [-P dbprefix]\n");
|
||||
FPS "\t%s -L [-n cert-name] [-X] [-d certdir] [-P dbprefix] [-r] [-a]\n", progName);
|
||||
FPS "\t%s -M -n cert-name -t trustargs [-d certdir] [-P dbprefix]\n",
|
||||
|
|
@ -989,7 +1006,7 @@ Usage(char *progName)
|
|||
"\t\t[-X] [-d certdir] [-P dbprefix]\n",
|
||||
progName);
|
||||
FPS "\t%s -S -n cert-name -s subj [-c issuer-name | -x] -t trustargs\n"
|
||||
"\t\t [-k key-type] [-h token-name] [-g key-size]\n"
|
||||
"\t\t [-k key-type] [-q key-params] [-h token-name] [-g key-size]\n"
|
||||
"\t\t [-m serial-number] [-w warp-months] [-v months-valid]\n"
|
||||
"\t\t [-f pwfile] [-d certdir] [-P dbprefix]\n"
|
||||
"\t\t [-p phone] [-1] [-2] [-3] [-4] [-5] [-6] [-7 emailAddrs]\n"
|
||||
|
|
@ -1076,10 +1093,17 @@ static void LongUsage(char *progName)
|
|||
"-G");
|
||||
FPS "%-20s Name of token in which to generate key (default is internal)\n",
|
||||
" -h token-name");
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
FPS "%-20s Type of key pair to generate (\"dsa\", \"ec\", \"rsa\" (default))\n",
|
||||
" -k key-type");
|
||||
FPS "%-20s Key size in bits, (min %d, max %d, default %d) (not for ec)\n",
|
||||
" -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS);
|
||||
#else
|
||||
FPS "%-20s Type of key pair to generate (\"dsa\", \"rsa\" (default))\n",
|
||||
" -k key-type");
|
||||
FPS "%-20s Key size in bits, (min %d, max %d, default %d)\n",
|
||||
" -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS);
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
FPS "%-20s Set the public exponent value (3, 17, 65537) (rsa only)\n",
|
||||
" -y exp");
|
||||
FPS "%-20s Specify the password file\n",
|
||||
|
|
@ -1088,6 +1112,27 @@ static void LongUsage(char *progName)
|
|||
" -z noisefile");
|
||||
FPS "%-20s read PQG value from pqgfile (dsa only)\n",
|
||||
" -q pqgfile");
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
FPS "%-20s Elliptic curve name (ec only)\n",
|
||||
" -q curve-name");
|
||||
FPS "%-20s One of sect163k1, nistk163, sect163r1, sect163r2,\n", "");
|
||||
FPS "%-20s nistb163, sect193r1, sect193r2, sect233k1, nistk233,\n", "");
|
||||
FPS "%-20s sect233r1, nistb233, sect239k1, sect283k1, nistk283,\n", "");
|
||||
FPS "%-20s sect283r1, nistb283, sect409k1, nistk409, sect409r1,\n", "");
|
||||
FPS "%-20s nistb409, sect571k1, nistk571, sect571r1, nistb571,\n", "");
|
||||
FPS "%-20s secp169k1, secp160r1, secp160r2, secp192k1, secp192r1,\n", "");
|
||||
FPS "%-20s nistp192, secp224k1, secp224r1, nistp224, secp256k1,\n", "");
|
||||
FPS "%-20s secp256r1, nistp256, secp384r1, nistp384, secp521r1,\n", "");
|
||||
FPS "%-20s nistp521, prime192v1, prime192v2, prime192v3, \n", "");
|
||||
FPS "%-20s prime239v1, prime239v2, prime239v3, c2pnb163v1, \n", "");
|
||||
FPS "%-20s c2pnb163v2, c2pnb163v3, c2pnb176v1, c2tnb191v1, \n", "");
|
||||
FPS "%-20s c2tnb191v2, c2tnb191v3, c2onb191v4, c2onb191v5, \n", "");
|
||||
FPS "%-20s c2pnb208w1, c2tnb239v1, c2tnb239v2, c2tnb239v3, \n", "");
|
||||
FPS "%-20s c2onb239v4, c2onb239v5, c2pnb272w1, c2pnb304w1, \n", "");
|
||||
FPS "%-20s c2tnb359w1, c2pnb368w1, c2tnb431r1, secp112r1, \n", "");
|
||||
FPS "%-20s secp112r2, secp128r1, secp128r2, sect113r1, sect113r2\n", "");
|
||||
FPS "%-20s sect131r1, sect131r2\n", "");
|
||||
#endif
|
||||
FPS "%-20s Key database directory (default is ~/.netscape)\n",
|
||||
" -d keydir");
|
||||
FPS "%-20s Cert & Key database prefix\n",
|
||||
|
|
@ -1119,8 +1164,13 @@ static void LongUsage(char *progName)
|
|||
FPS "%-20s Name of token in which to look for keys (default is internal,"
|
||||
" use \"all\" to list keys on all tokens)\n",
|
||||
" -h token-name ");
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
FPS "%-20s Type of key pair to list (\"all\", \"dsa\", \"ec\", \"rsa\" (default))\n",
|
||||
" -k key-type");
|
||||
#else
|
||||
FPS "%-20s Type of key pair to list (\"all\", \"dsa\", \"rsa\" (default))\n",
|
||||
" -k key-type");
|
||||
#endif
|
||||
FPS "%-20s Specify the password file\n",
|
||||
" -f password-file");
|
||||
FPS "%-20s Key database directory (default is ~/.netscape)\n",
|
||||
|
|
@ -1195,12 +1245,25 @@ static void LongUsage(char *progName)
|
|||
" -s subject");
|
||||
FPS "%-20s Output the cert request to this file\n",
|
||||
" -o output-req");
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
FPS "%-20s Type of key pair to generate (\"dsa\", \"ec\", \"rsa\" (default))\n",
|
||||
" -k key-type");
|
||||
#else
|
||||
FPS "%-20s Type of key pair to generate (\"dsa\", \"rsa\" (default))\n",
|
||||
" -k key-type");
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
FPS "%-20s Name of token in which to generate key (default is internal)\n",
|
||||
" -h token-name");
|
||||
FPS "%-20s Key size in bits, RSA keys only (min %d, max %d, default %d)\n",
|
||||
" -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS);
|
||||
FPS "%-20s Name of file containing PQG parameters (dsa only)\n",
|
||||
" -q pqgfile");
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
FPS "%-20s Elliptic curve name (ec only)\n",
|
||||
" -q curve-name");
|
||||
FPS "%-20s See the \"-G\" option for a full list of supported names.\n",
|
||||
"");
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
FPS "%-20s Specify the password file\n",
|
||||
" -f pwfile");
|
||||
FPS "%-20s Key database directory (default is ~/.netscape)\n",
|
||||
|
|
@ -1244,12 +1307,25 @@ static void LongUsage(char *progName)
|
|||
" -c issuer-name");
|
||||
FPS "%-20s Set the certificate trust attributes (see -A above)\n",
|
||||
" -t trustargs");
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
FPS "%-20s Type of key pair to generate (\"dsa\", \"ec\", \"rsa\" (default))\n",
|
||||
" -k key-type");
|
||||
#else
|
||||
FPS "%-20s Type of key pair to generate (\"dsa\", \"rsa\" (default))\n",
|
||||
" -k key-type");
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
FPS "%-20s Name of token in which to generate key (default is internal)\n",
|
||||
" -h token-name");
|
||||
FPS "%-20s Key size in bits, RSA keys only (min %d, max %d, default %d)\n",
|
||||
" -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS);
|
||||
FPS "%-20s Name of file containing PQG parameters (dsa only)\n",
|
||||
" -q pqgfile");
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
FPS "%-20s Elliptic curve name (ec only)\n",
|
||||
" -q curve-name");
|
||||
FPS "%-20s See the \"-G\" option for a full list of supported names.\n",
|
||||
"");
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
FPS "%-20s Self sign\n",
|
||||
" -x");
|
||||
FPS "%-20s Cert serial number\n",
|
||||
|
|
@ -2335,9 +2411,16 @@ secuCommandFlag certutil_options[] =
|
|||
if ((keysize < MIN_KEY_BITS) || (keysize > MAX_KEY_BITS)) {
|
||||
PR_fprintf(PR_STDERR,
|
||||
"%s -g: Keysize must be between %d and %d.\n",
|
||||
MIN_KEY_BITS, MAX_KEY_BITS);
|
||||
progName, MIN_KEY_BITS, MAX_KEY_BITS);
|
||||
return 255;
|
||||
}
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
if (keytype == ecKey) {
|
||||
PR_fprintf(PR_STDERR, "%s -g: Not for ec keys.\n", progName);
|
||||
return 255;
|
||||
}
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
|
||||
}
|
||||
|
||||
/* -h specify token name */
|
||||
|
|
@ -2379,6 +2462,10 @@ secuCommandFlag certutil_options[] =
|
|||
keytype = rsaKey;
|
||||
} else if (PL_strcmp(arg, "dsa") == 0) {
|
||||
keytype = dsaKey;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
} else if (PL_strcmp(arg, "ec") == 0) {
|
||||
keytype = ecKey;
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
} else if (PL_strcmp(arg, "all") == 0) {
|
||||
keytype = nullKey;
|
||||
} else {
|
||||
|
|
@ -2403,11 +2490,18 @@ secuCommandFlag certutil_options[] =
|
|||
if (certutil.options[opt_DBPrefix].activated)
|
||||
certPrefix = strdup(certutil.options[opt_DBPrefix].arg);
|
||||
|
||||
/* -q PQG file */
|
||||
/* -q PQG file or curve name */
|
||||
if (certutil.options[opt_PQGFile].activated) {
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
if ((keytype != dsaKey) && (keytype != ecKey)) {
|
||||
PR_fprintf(PR_STDERR, "%s -q: specifies a PQG file for DSA keys" \
|
||||
" (-k dsa) or a named curve for EC keys (-k ec)\n)",
|
||||
progName);
|
||||
#else
|
||||
if (keytype != dsaKey) {
|
||||
PR_fprintf(PR_STDERR, "%s -q: PQG file is for DSA key (-k dsa).\n)",
|
||||
progName);
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
return 255;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -16,7 +16,11 @@
|
|||
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
|
||||
* Rights Reserved.
|
||||
*
|
||||
* Portions created by Sun Microsystems, Inc. are Copyright (C) 2003
|
||||
* Sun Microsystems, Inc. All Rights Reserved.
|
||||
*
|
||||
* Contributor(s):
|
||||
* Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the
|
||||
* terms of the GNU General Public License Version 2 or later (the
|
||||
|
|
@ -335,6 +339,136 @@ void CERTUTIL_FileForRNG(char *noise)
|
|||
|
||||
}
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
typedef struct curveNameTagPairStr {
|
||||
char *curveName;
|
||||
SECOidTag curveOidTag;
|
||||
} CurveNameTagPair;
|
||||
|
||||
#define DEFAULT_CURVE_OID_TAG SEC_OID_SECG_EC_SECP192R1
|
||||
/* #define DEFAULT_CURVE_OID_TAG SEC_OID_SECG_EC_SECP160R1 */
|
||||
|
||||
static CurveNameTagPair nameTagPair[] =
|
||||
{
|
||||
{ "sect163k1", SEC_OID_SECG_EC_SECT163K1},
|
||||
{ "nistk163", SEC_OID_SECG_EC_SECT163K1},
|
||||
{ "sect163r1", SEC_OID_SECG_EC_SECT163R1},
|
||||
{ "sect163r2", SEC_OID_SECG_EC_SECT163R2},
|
||||
{ "nistb163", SEC_OID_SECG_EC_SECT163R2},
|
||||
{ "sect193r1", SEC_OID_SECG_EC_SECT193R1},
|
||||
{ "sect193r2", SEC_OID_SECG_EC_SECT193R2},
|
||||
{ "sect233k1", SEC_OID_SECG_EC_SECT233K1},
|
||||
{ "nistk233", SEC_OID_SECG_EC_SECT233K1},
|
||||
{ "sect233r1", SEC_OID_SECG_EC_SECT233R1},
|
||||
{ "nistb233", SEC_OID_SECG_EC_SECT233R1},
|
||||
{ "sect239k1", SEC_OID_SECG_EC_SECT239K1},
|
||||
{ "sect283k1", SEC_OID_SECG_EC_SECT283K1},
|
||||
{ "nistk283", SEC_OID_SECG_EC_SECT283K1},
|
||||
{ "sect283r1", SEC_OID_SECG_EC_SECT283R1},
|
||||
{ "nistb283", SEC_OID_SECG_EC_SECT283R1},
|
||||
{ "sect409k1", SEC_OID_SECG_EC_SECT409K1},
|
||||
{ "nistk409", SEC_OID_SECG_EC_SECT409K1},
|
||||
{ "sect409r1", SEC_OID_SECG_EC_SECT409R1},
|
||||
{ "nistb409", SEC_OID_SECG_EC_SECT409R1},
|
||||
{ "sect571k1", SEC_OID_SECG_EC_SECT571K1},
|
||||
{ "nistk571", SEC_OID_SECG_EC_SECT571K1},
|
||||
{ "sect571r1", SEC_OID_SECG_EC_SECT571R1},
|
||||
{ "nistb571", SEC_OID_SECG_EC_SECT571R1},
|
||||
{ "secp160k1", SEC_OID_SECG_EC_SECP160K1},
|
||||
{ "secp160r1", SEC_OID_SECG_EC_SECP160R1},
|
||||
{ "secp160r2", SEC_OID_SECG_EC_SECP160R2},
|
||||
{ "secp192k1", SEC_OID_SECG_EC_SECP192K1},
|
||||
{ "secp192r1", SEC_OID_SECG_EC_SECP192R1},
|
||||
{ "nistp192", SEC_OID_SECG_EC_SECP192R1},
|
||||
{ "secp224k1", SEC_OID_SECG_EC_SECP224K1},
|
||||
{ "secp224r1", SEC_OID_SECG_EC_SECP224R1},
|
||||
{ "nistp224", SEC_OID_SECG_EC_SECP224R1},
|
||||
{ "secp256k1", SEC_OID_SECG_EC_SECP256K1},
|
||||
{ "secp256r1", SEC_OID_SECG_EC_SECP256R1},
|
||||
{ "nistp256", SEC_OID_SECG_EC_SECP256R1},
|
||||
{ "secp384r1", SEC_OID_SECG_EC_SECP384R1},
|
||||
{ "nistp384", SEC_OID_SECG_EC_SECP384R1},
|
||||
{ "secp521r1", SEC_OID_SECG_EC_SECP521R1},
|
||||
{ "nistp521", SEC_OID_SECG_EC_SECP521R1},
|
||||
|
||||
{ "prime192v1", SEC_OID_ANSIX962_EC_PRIME192V1 },
|
||||
{ "prime192v2", SEC_OID_ANSIX962_EC_PRIME192V2 },
|
||||
{ "prime192v3", SEC_OID_ANSIX962_EC_PRIME192V3 },
|
||||
{ "prime239v1", SEC_OID_ANSIX962_EC_PRIME239V1 },
|
||||
{ "prime239v2", SEC_OID_ANSIX962_EC_PRIME239V2 },
|
||||
{ "prime239v3", SEC_OID_ANSIX962_EC_PRIME239V3 },
|
||||
|
||||
{ "c2pnb163v1", SEC_OID_ANSIX962_EC_C2PNB163V1 },
|
||||
{ "c2pnb163v2", SEC_OID_ANSIX962_EC_C2PNB163V2 },
|
||||
{ "c2pnb163v3", SEC_OID_ANSIX962_EC_C2PNB163V3 },
|
||||
{ "c2pnb176v1", SEC_OID_ANSIX962_EC_C2PNB176V1 },
|
||||
{ "c2tnb191v1", SEC_OID_ANSIX962_EC_C2TNB191V1 },
|
||||
{ "c2tnb191v2", SEC_OID_ANSIX962_EC_C2TNB191V2 },
|
||||
{ "c2tnb191v3", SEC_OID_ANSIX962_EC_C2TNB191V3 },
|
||||
{ "c2onb191v4", SEC_OID_ANSIX962_EC_C2ONB191V4 },
|
||||
{ "c2onb191v5", SEC_OID_ANSIX962_EC_C2ONB191V5 },
|
||||
{ "c2pnb208w1", SEC_OID_ANSIX962_EC_C2PNB208W1 },
|
||||
{ "c2tnb239v1", SEC_OID_ANSIX962_EC_C2TNB239V1 },
|
||||
{ "c2tnb239v2", SEC_OID_ANSIX962_EC_C2TNB239V2 },
|
||||
{ "c2tnb239v3", SEC_OID_ANSIX962_EC_C2TNB239V3 },
|
||||
{ "c2onb239v4", SEC_OID_ANSIX962_EC_C2ONB239V4 },
|
||||
{ "c2onb239v5", SEC_OID_ANSIX962_EC_C2ONB239V5 },
|
||||
{ "c2pnb272w1", SEC_OID_ANSIX962_EC_C2PNB272W1 },
|
||||
{ "c2pnb304w1", SEC_OID_ANSIX962_EC_C2PNB304W1 },
|
||||
{ "c2tnb359v1", SEC_OID_ANSIX962_EC_C2TNB359V1 },
|
||||
{ "c2pnb368w1", SEC_OID_ANSIX962_EC_C2PNB368W1 },
|
||||
{ "c2tnb431r1", SEC_OID_ANSIX962_EC_C2TNB431R1 },
|
||||
|
||||
{ "secp112r1", SEC_OID_SECG_EC_SECP112R1},
|
||||
{ "secp112r2", SEC_OID_SECG_EC_SECP112R2},
|
||||
{ "secp128r1", SEC_OID_SECG_EC_SECP128R1},
|
||||
{ "secp128r2", SEC_OID_SECG_EC_SECP128R2},
|
||||
|
||||
{ "sect113r1", SEC_OID_SECG_EC_SECT113R1},
|
||||
{ "sect113r2", SEC_OID_SECG_EC_SECT113R2},
|
||||
{ "sect131r1", SEC_OID_SECG_EC_SECT131R1},
|
||||
{ "sect131r2", SEC_OID_SECG_EC_SECT131R2},
|
||||
};
|
||||
|
||||
static SECKEYECParams *
|
||||
getECParams(char *curve)
|
||||
{
|
||||
SECKEYECParams *ecparams;
|
||||
SECOidData *oidData = NULL;
|
||||
SECOidTag curveOidTag = SEC_OID_UNKNOWN; /* default */
|
||||
int i, numCurves;
|
||||
|
||||
if (curve != NULL) {
|
||||
numCurves = sizeof(nameTagPair)/sizeof(CurveNameTagPair);
|
||||
for (i = 0; ((i < numCurves) && (curveOidTag == SEC_OID_UNKNOWN));
|
||||
i++) {
|
||||
if (PL_strcmp(curve, nameTagPair[i].curveName) == 0)
|
||||
curveOidTag = nameTagPair[i].curveOidTag;
|
||||
}
|
||||
}
|
||||
|
||||
/* Return NULL if curve name is not recognized */
|
||||
if ((curveOidTag == SEC_OID_UNKNOWN) ||
|
||||
(oidData = SECOID_FindOIDByTag(curveOidTag)) == NULL) {
|
||||
fprintf(stderr, "Unrecognized elliptic curve %s\n", curve);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
ecparams = SECITEM_AllocItem(NULL, NULL, (2 + oidData->oid.len));
|
||||
|
||||
/*
|
||||
* ecparams->data needs to contain the ASN encoding of an object ID (OID)
|
||||
* representing the named curve. The actual OID is in
|
||||
* oidData->oid.data so we simply prepend 0x06 and OID length
|
||||
*/
|
||||
ecparams->data[0] = SEC_ASN1_OBJECT_ID;
|
||||
ecparams->data[1] = oidData->oid.len;
|
||||
memcpy(ecparams->data + 2, oidData->oid.data, oidData->oid.len);
|
||||
|
||||
return ecparams;
|
||||
}
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
|
||||
SECKEYPrivateKey *
|
||||
CERTUTIL_GeneratePrivateKey(KeyType keytype, PK11SlotInfo *slot, int size,
|
||||
int publicExponent, char *noise,
|
||||
|
|
@ -390,13 +524,20 @@ CERTUTIL_GeneratePrivateKey(KeyType keytype, PK11SlotInfo *slot, int size,
|
|||
}
|
||||
params = dsaparams;
|
||||
break;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
case ecKey:
|
||||
mechanism = CKM_EC_KEY_PAIR_GEN;
|
||||
/* For EC keys, PQGFile determines EC parameters */
|
||||
if ((params = (void *) getECParams(pqgFile)) == NULL)
|
||||
return NULL;
|
||||
break;
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
default:
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (slot == NULL)
|
||||
return NULL;
|
||||
|
||||
if (PK11_Authenticate(slot, PR_TRUE, pwdata) != SECSuccess)
|
||||
return NULL;
|
||||
|
||||
|
|
|
|||
|
|
@ -49,4 +49,8 @@ REQUIRES = dbm seccmd
|
|||
|
||||
PROGRAM = certutil
|
||||
|
||||
ifdef NSS_ENABLE_ECC
|
||||
DEFINES += -DNSS_ENABLE_ECC
|
||||
endif
|
||||
|
||||
#USE_STATIC_LIBS = 1
|
||||
|
|
|
|||
|
|
@ -51,3 +51,7 @@ CSRCS = secutil.c \
|
|||
|
||||
REQUIRES = nss nspr dbm
|
||||
|
||||
ifdef NSS_ENABLE_ECC
|
||||
DEFINES += -DNSS_ENABLE_ECC
|
||||
endif
|
||||
|
||||
|
|
|
|||
|
|
@ -16,7 +16,11 @@
|
|||
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
|
||||
* Rights Reserved.
|
||||
*
|
||||
* Portions created by Sun Microsystems, Inc. are Copyright (C) 2003
|
||||
* Sun Microsystems, Inc. All Rights Reserved.
|
||||
*
|
||||
* Contributor(s):
|
||||
* Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the
|
||||
* terms of the GNU General Public License Version 2 or later (the
|
||||
|
|
@ -1235,6 +1239,26 @@ secu_PrintDSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level)
|
|||
SECU_PrintInteger(out, &pk->u.dsa.publicValue, "PublicValue", level+1);
|
||||
}
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
static void
|
||||
secu_PrintECPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level)
|
||||
{
|
||||
SECItem curveOID = { siBuffer, NULL, 0};
|
||||
|
||||
SECU_Indent(out, level); fprintf(out, "%s:\n", m);
|
||||
SECU_PrintInteger(out, &pk->u.ec.publicValue, "PublicValue", level+1);
|
||||
/* For named curves, the DEREncodedParams field contains an
|
||||
* ASN Object ID (0x06 is SEC_ASN1_OBJECT_ID).
|
||||
*/
|
||||
if ((pk->u.ec.DEREncodedParams.len > 2) &&
|
||||
(pk->u.ec.DEREncodedParams.data[0] == 0x06)) {
|
||||
curveOID.len = pk->u.ec.DEREncodedParams.data[1];
|
||||
curveOID.data = pk->u.ec.DEREncodedParams.data + 2;
|
||||
SECU_PrintObjectID(out, &curveOID, "Curve", level +1);
|
||||
}
|
||||
}
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
|
||||
static int
|
||||
secu_PrintSubjectPublicKeyInfo(FILE *out, PRArenaPool *arena,
|
||||
CERTSubjectPublicKeyInfo *i, char *msg, int level)
|
||||
|
|
@ -1255,10 +1279,15 @@ secu_PrintSubjectPublicKeyInfo(FILE *out, PRArenaPool *arena,
|
|||
secu_PrintDSAPublicKey(out, pk, "DSA Public Key", level +1);
|
||||
break;
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
case ecKey:
|
||||
secu_PrintECPublicKey(out, pk, "EC Public Key", level +1);
|
||||
break;
|
||||
#endif
|
||||
|
||||
case dhKey:
|
||||
case fortezzaKey:
|
||||
case keaKey:
|
||||
case ecKey:
|
||||
fprintf(out, "unable to format this SPKI algorithm type\n");
|
||||
break;
|
||||
default:
|
||||
|
|
|
|||
|
|
@ -48,4 +48,8 @@ REQUIRES = dbm seccmd
|
|||
|
||||
PROGRAM = pk12util
|
||||
|
||||
ifdef NSS_ENABLE_ECC
|
||||
DEFINES += -DNSS_ENABLE_ECC
|
||||
endif
|
||||
|
||||
# USE_STATIC_LIBS = 1
|
||||
|
|
|
|||
|
|
@ -470,6 +470,7 @@ P12U_ImportPKCS12Object(char *in_file, PK11SlotInfo *slot,
|
|||
p12cxt->file = NULL;
|
||||
/* PK11_FreeSlot(slot); */
|
||||
|
||||
fprintf(stdout, "%s: PKCS12 IMPORT SUCCESSFUL\n", progName);
|
||||
rv = SECSuccess;
|
||||
|
||||
loser:
|
||||
|
|
|
|||
|
|
@ -46,3 +46,7 @@ REQUIRES = seccmd dbm
|
|||
|
||||
PROGRAM = selfserv
|
||||
|
||||
ifdef NSS_ENABLE_ECC
|
||||
DEFINES += -DNSS_ENABLE_ECC
|
||||
endif
|
||||
|
||||
|
|
|
|||
|
|
@ -112,19 +112,19 @@ const int ssl2CipherSuites[] = {
|
|||
* for new SSL3 ciphers. A -1 indicates the cipher
|
||||
* is not currently implemented.
|
||||
*/
|
||||
-1, /* TLS_ECDH_ECDSA_WITH_NULL_SHA, * G */
|
||||
-1, /* TLS_ECDH_ECDSA_WITH_RC4_128_SHA, * H */
|
||||
-1, /* TLS_ECDH_ECDSA_WITH_DES_CBC_SHA, * I */
|
||||
-1, /* TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, * J */
|
||||
-1, /* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, * K */
|
||||
-1, /* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, * L */
|
||||
-1, /* TLS_ECDH_RSA_WITH_NULL_SHA, * M */
|
||||
-1, /* TLS_ECDH_RSA_WITH_RC4_128_SHA, * N */
|
||||
-1, /* TLS_ECDH_RSA_WITH_DES_CBC_SHA, * O */
|
||||
-1, /* TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, * P */
|
||||
-1, /* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, * Q */
|
||||
-1, /* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, * R */
|
||||
-1, /* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, * S */
|
||||
TLS_ECDH_ECDSA_WITH_NULL_SHA, /* G */
|
||||
TLS_ECDH_ECDSA_WITH_RC4_128_SHA, /* H */
|
||||
TLS_ECDH_ECDSA_WITH_DES_CBC_SHA, /* I */
|
||||
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, /* J */
|
||||
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, /* K */
|
||||
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, /* L */
|
||||
TLS_ECDH_RSA_WITH_NULL_SHA, /* M */
|
||||
TLS_ECDH_RSA_WITH_RC4_128_SHA, /* N */
|
||||
TLS_ECDH_RSA_WITH_DES_CBC_SHA, /* O */
|
||||
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, /* P */
|
||||
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, /* Q */
|
||||
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, /* R */
|
||||
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, /* S */
|
||||
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, /* T */
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
0
|
||||
|
|
@ -199,8 +199,13 @@ Usage(const char *progName)
|
|||
fprintf(stderr,
|
||||
|
||||
"Usage: %s -n rsa_nickname -p port [-3DRTbmrvx] [-w password] [-t threads]\n"
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
" [-i pid_file] [-c ciphers] [-d dbdir] [-e ec_nickname] \n"
|
||||
" [-f fortezza_nickname] [-L [seconds]] [-M maxProcs] [-l]\n"
|
||||
#else
|
||||
" [-i pid_file] [-c ciphers] [-d dbdir] [-f fortezza_nickname] \n"
|
||||
" [-L [seconds]] [-M maxProcs] [-l]\n"
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
"-3 means disable SSL v3\n"
|
||||
"-D means disable Nagle delays in TCP\n"
|
||||
"-T means disable TLS\n"
|
||||
|
|
@ -227,6 +232,19 @@ Usage(const char *progName)
|
|||
"E SSL2 DES 64 CBC WITH MD5\n"
|
||||
"F SSL2 DES 192 EDE3 CBC WITH MD5\n"
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
"G TLS ECDH ECDSA WITH NULL SHA\n"
|
||||
"H TLS ECDH ECDSA WITH RC4 128 SHA\n"
|
||||
"I TLS ECDH ECDSA WITH DES CBC SHA\n"
|
||||
"J TLS ECDH ECDSA WITH 3DES EDE CBC SHA\n"
|
||||
"K TLS ECDH ECDSA WITH AES 128 CBC SHA\n"
|
||||
"L TLS ECDH ECDSA WITH AES 256 CBC SHA\n"
|
||||
"M TLS ECDH RSA WITH NULL SHA\n"
|
||||
"N TLS ECDH RSA WITH RC4 128 SHA\n"
|
||||
"O TLS ECDH RSA WITH DES CBC SHA\n"
|
||||
"P TLS ECDH RSA WITH 3DES EDE CBC SHA\n"
|
||||
"Q TLS ECDH RSA WITH AES 128 CBC SHA\n"
|
||||
"R TLS ECDH RSA WITH AES 256 CBC SHA\n"
|
||||
"S TLS ECDHE ECDSA WITH AES 128 CBC SHA\n"
|
||||
"T TLS ECDHE RSA WITH AES 128 CBC SHA\n"
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
"\n"
|
||||
|
|
@ -1424,6 +1442,9 @@ main(int argc, char **argv)
|
|||
{
|
||||
char * progName = NULL;
|
||||
char * nickName = NULL;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
char * ecNickName = NULL;
|
||||
#endif
|
||||
char * fNickName = NULL;
|
||||
const char * fileName = NULL;
|
||||
char * cipherString= NULL;
|
||||
|
|
@ -1460,7 +1481,7 @@ main(int argc, char **argv)
|
|||
** numbers, then capital letters, then lower case, alphabetical.
|
||||
*/
|
||||
optstate = PL_CreateOptState(argc, argv,
|
||||
"2:3DL:M:RTbc:d:f:hi:lmn:op:rt:vw:xy");
|
||||
"2:3DL:M:RTbc:d:e:f:hi:lmn:op:rt:vw:xy");
|
||||
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
|
||||
++optionsFound;
|
||||
switch(optstate->option) {
|
||||
|
|
@ -1496,6 +1517,10 @@ main(int argc, char **argv)
|
|||
|
||||
case 'd': dir = optstate->value; break;
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
case 'e': ecNickName = strdup(optstate->value); break;
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
|
||||
case 'f': fNickName = strdup(optstate->value); break;
|
||||
|
||||
case 'h': Usage(progName); exit(0); break;
|
||||
|
|
@ -1699,6 +1724,17 @@ main(int argc, char **argv)
|
|||
}
|
||||
privKey[kt_fortezza] = PK11_FindKeyByAnyCert(cert[kt_fortezza], NULL);
|
||||
}
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
if (ecNickName) {
|
||||
cert[kt_ecdh] = PK11_FindCertFromNickname(ecNickName, NULL);
|
||||
if (cert[kt_ecdh] == NULL) {
|
||||
fprintf(stderr, "selfserv: Can't find certificate %s\n",
|
||||
ecNickName);
|
||||
exit(13);
|
||||
}
|
||||
privKey[kt_ecdh] = PK11_FindKeyByAnyCert(cert[kt_ecdh], NULL);
|
||||
}
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
|
||||
/* allocate the array of thread slots, and launch the worker threads. */
|
||||
rv = launch_threads(&jobLoop, 0, 0, requestCert, useLocalThreads);
|
||||
|
|
|
|||
|
|
@ -48,3 +48,7 @@ CSRCS = tstclnt.c
|
|||
|
||||
PROGRAM = tstclnt
|
||||
|
||||
ifdef NSS_ENABLE_ECC
|
||||
DEFINES += -DNSS_ENABLE_ECC
|
||||
endif
|
||||
|
||||
|
|
|
|||
|
|
@ -242,13 +242,13 @@ static void Usage(const char *progName)
|
|||
"F SSL2 DES 192 EDE3 CBC WITH MD5\n"
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
"G TLS ECDH ECDSA WITH NULL SHA\n"
|
||||
"H TLS ECDH ECDSA WITH RC4 128 CBC SHA\n"
|
||||
"H TLS ECDH ECDSA WITH RC4 128 SHA\n"
|
||||
"I TLS ECDH ECDSA WITH DES CBC SHA\n"
|
||||
"J TLS ECDH ECDSA WITH 3DES EDE CBC SHA\n"
|
||||
"K TLS ECDH ECDSA WITH AES 128 CBC SHA\n"
|
||||
"L TLS ECDH ECDSA WITH AES 256 CBC SHA\n"
|
||||
"M TLS ECDH RSA WITH NULL SHA\n"
|
||||
"N TLS ECDH RSA WITH RC4 128 CBC SHA\n"
|
||||
"N TLS ECDH RSA WITH RC4 128 SHA\n"
|
||||
"O TLS ECDH RSA WITH DES CBC SHA\n"
|
||||
"P TLS ECDH RSA WITH 3DES EDE CBC SHA\n"
|
||||
"Q TLS ECDH RSA WITH AES 128 CBC SHA\n"
|
||||
|
|
|
|||
|
|
@ -18,7 +18,11 @@
|
|||
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
|
||||
* Rights Reserved.
|
||||
*
|
||||
* Portions created by Sun Microsystems, Inc. are Copyright (C) 2003
|
||||
* Sun Microsystems, Inc. All Rights Reserved.
|
||||
*
|
||||
* Contributor(s):
|
||||
* Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the
|
||||
* terms of the GNU General Public License Version 2 or later (the
|
||||
|
|
@ -32,7 +36,7 @@
|
|||
* may use your version of this file under either the MPL or the
|
||||
* GPL.
|
||||
*
|
||||
* $Id: cryptohi.h,v 1.5 2003/05/24 03:34:48 wtc%netscape.com Exp $
|
||||
* $Id: cryptohi.h,v 1.6 2003/10/17 13:45:32 ian.mcgreer%sun.com Exp $
|
||||
*/
|
||||
|
||||
#ifndef _CRYPTOHI_H_
|
||||
|
|
@ -53,7 +57,7 @@ SEC_BEGIN_PROTOS
|
|||
|
||||
/****************************************/
|
||||
/*
|
||||
** DER encode/decode DSA signatures
|
||||
** DER encode/decode (EC)DSA signatures
|
||||
*/
|
||||
|
||||
/* ANSI X9.57 defines DSA signatures as DER encoded data. Our DSA code (and
|
||||
|
|
@ -63,7 +67,21 @@ SEC_BEGIN_PROTOS
|
|||
extern SECStatus DSAU_EncodeDerSig(SECItem *dest, SECItem *src);
|
||||
extern SECItem *DSAU_DecodeDerSig(SECItem *item);
|
||||
|
||||
|
||||
/*
|
||||
* Unlike DSA, raw ECDSA signatures do not have a fixed length.
|
||||
* Rather they contain two integers r and s whose length depends
|
||||
* on the size of the EC key used for signing.
|
||||
*
|
||||
* We can reuse the DSAU_EncodeDerSig interface to DER encode
|
||||
* raw ECDSA signature keeping in mind that the length of r
|
||||
* is the same as that of s and exactly half of src->len.
|
||||
*
|
||||
* For decoding, we need to pass the length of the desired
|
||||
* raw signature (twice the key size) explicitly.
|
||||
*/
|
||||
extern SECStatus DSAU_EncodeDerSigWithLen(SECItem *dest, SECItem *src,
|
||||
unsigned int len);
|
||||
extern SECItem *DSAU_DecodeDerSigToLen(SECItem *item, unsigned int len);
|
||||
|
||||
/****************************************/
|
||||
/*
|
||||
|
|
|
|||
Некоторые файлы не были показаны из-за слишком большого количества измененных файлов Показать больше
Загрузка…
Ссылка в новой задаче