From 0e2a49491f87c807ea7e855109880019e82c78b7 Mon Sep 17 00:00:00 2001 From: "relyea%netscape.com" Date: Thu, 20 Sep 2001 21:30:48 +0000 Subject: [PATCH] 1) fix compilier warnings on AIX, Solaris, HP, and Linux. 2) remove Dependency on low key structures in the soft token. --- security/nss/lib/cryptohi/dsautil.c | 1 - security/nss/lib/cryptohi/key.h | 3 +- security/nss/lib/cryptohi/keyhi.h | 6 +- security/nss/lib/cryptohi/keyt.h | 5 +- security/nss/lib/cryptohi/keythi.h | 131 ++++++++++++++++++++++++++-- security/nss/lib/cryptohi/seckey.c | 46 +++++----- security/nss/lib/cryptohi/secvfy.c | 7 +- 7 files changed, 155 insertions(+), 44 deletions(-) diff --git a/security/nss/lib/cryptohi/dsautil.c b/security/nss/lib/cryptohi/dsautil.c index ed6f9cec8d6..a364ac3022e 100644 --- a/security/nss/lib/cryptohi/dsautil.c +++ b/security/nss/lib/cryptohi/dsautil.c @@ -66,7 +66,6 @@ DSAU_ConvertUnsignedToSigned(SECItem *dest, SECItem *src) unsigned char *pSrc = src->data; unsigned char *pDst = dest->data; unsigned int cntSrc = src->len; - unsigned int cntDst = dest->len; unsigned char c; /* skip any leading zeros. */ diff --git a/security/nss/lib/cryptohi/key.h b/security/nss/lib/cryptohi/key.h index 874941cd0d9..02554f9d57d 100644 --- a/security/nss/lib/cryptohi/key.h +++ b/security/nss/lib/cryptohi/key.h @@ -32,13 +32,12 @@ * * key.h - public data structures and prototypes for the private key library * - * $Id: key.h,v 1.1 2000-03-31 19:45:14 relyea%netscape.com Exp $ + * $Id: key.h,v 1.2 2001-09-20 21:30:46 relyea%netscape.com Exp $ */ #ifndef _KEY_H_ #define _KEY_H_ #include "keyhi.h" -#include "keylow.h" #endif /* _KEY_H_ */ diff --git a/security/nss/lib/cryptohi/keyhi.h b/security/nss/lib/cryptohi/keyhi.h index 6abaf188a62..6869fd564a7 100644 --- a/security/nss/lib/cryptohi/keyhi.h +++ b/security/nss/lib/cryptohi/keyhi.h @@ -33,7 +33,7 @@ * * key.h - public data structures and prototypes for the private key library * - * $Id: keyhi.h,v 1.5 2001-06-25 19:31:04 nicolson%netscape.com Exp $ + * $Id: keyhi.h,v 1.6 2001-09-20 21:30:46 relyea%netscape.com Exp $ */ #ifndef _KEYHI_H_ @@ -46,7 +46,7 @@ #include "secdert.h" #include "keythi.h" #include "certt.h" -#include "secpkcs5.h" +/*#include "secpkcs5.h" */ SEC_BEGIN_PROTOS @@ -108,7 +108,7 @@ SECKEYPrivateKey *SECKEY_CreateRSAPrivateKey(int keySizeInBits, /* * create a new DH key pair. The private Key is returned... */ -SECKEYPrivateKey *SECKEY_CreateDHPrivateKey(DHParams *param, +SECKEYPrivateKey *SECKEY_CreateDHPrivateKey(SECKEYDHParams *param, SECKEYPublicKey **pubk, void *cx); /* ** Create a subject-public-key-info based on a public key. diff --git a/security/nss/lib/cryptohi/keyt.h b/security/nss/lib/cryptohi/keyt.h index 8f6f5acae09..c987be4b47e 100644 --- a/security/nss/lib/cryptohi/keyt.h +++ b/security/nss/lib/cryptohi/keyt.h @@ -32,15 +32,12 @@ * * keyt.h - public data structures for the private key library * - * $Id: keyt.h,v 1.1 2000-03-31 19:45:30 relyea%netscape.com Exp $ + * $Id: keyt.h,v 1.2 2001-09-20 21:30:47 relyea%netscape.com Exp $ */ #ifndef _KEYT_H_ #define _KEYT_H_ -#include "keytlow.h" -#include "keytboth.h" #include "keythi.h" -#include "keydbt.h" #endif /* _KEYT_H_ */ diff --git a/security/nss/lib/cryptohi/keythi.h b/security/nss/lib/cryptohi/keythi.h index 27add74767e..9191bd7ffa6 100644 --- a/security/nss/lib/cryptohi/keythi.h +++ b/security/nss/lib/cryptohi/keythi.h @@ -33,13 +33,129 @@ #ifndef _KEYTHI_H_ #define _KEYTHI_H_ 1 -#include "keytlow.h" -#include "keytboth.h" #include "plarena.h" #include "pkcs11t.h" #include "secmodt.h" #include "prclist.h" +typedef enum { + nullKey = 0, + rsaKey = 1, + dsaKey = 2, + fortezzaKey = 3, + dhKey = 4, + keaKey = 5 +} KeyType; + +/* +** Template Definitions +**/ +extern const SEC_ASN1Template SECKEY_RSAPublicKeyTemplate[]; +extern const SEC_ASN1Template SECKEY_DSAPublicKeyTemplate[]; +extern const SEC_ASN1Template SECKEY_DHPublicKeyTemplate[]; +extern const SEC_ASN1Template SECKEY_DHParamKeyTemplate[]; +extern const SEC_ASN1Template SECKEY_PQGParamsTemplate[]; +extern const SEC_ASN1Template SECKEY_DSAPrivateKeyExportTemplate[]; + +/* Windows DLL accessor functions */ +extern SEC_ASN1TemplateChooser NSS_Get_SECKEY_DSAPublicKeyTemplate; +extern SEC_ASN1TemplateChooser NSS_Get_SECKEY_RSAPublicKeyTemplate; + + +/* +** RSA Public Key structures +** member names from PKCS#1, section 7.1 +*/ + +struct SECKEYRSAPublicKeyStr { + PRArenaPool * arena; + SECItem modulus; + SECItem publicExponent; +}; +typedef struct SECKEYRSAPublicKeyStr SECKEYRSAPublicKey; + + +/* +** DSA Public Key and related structures +*/ + +struct SECKEYPQGParamsStr { + PRArenaPool *arena; + SECItem prime; /* p */ + SECItem subPrime; /* q */ + SECItem base; /* g */ + /* XXX chrisk: this needs to be expanded to hold j and validationParms (RFC2459 7.3.2) */ +}; +typedef struct SECKEYPQGParamsStr SECKEYPQGParams; + +struct SECKEYDSAPublicKeyStr { + SECKEYPQGParams params; + SECItem publicValue; +}; +typedef struct SECKEYDSAPublicKeyStr SECKEYDSAPublicKey; + + +/* +** Diffie-Hellman Public Key structure +** Structure member names suggested by PKCS#3. +*/ +struct SECKEYDHParamsStr { + PRArenaPool * arena; + SECItem prime; /* p */ + SECItem base; /* g */ +}; +typedef struct SECKEYDHParamsStr SECKEYDHParams; + +struct SECKEYDHPublicKeyStr { + PRArenaPool * arena; + SECItem prime; + SECItem base; + SECItem publicValue; +}; +typedef struct SECKEYDHPublicKeyStr SECKEYDHPublicKey; + + +/* +** FORTEZZA Public Key structures +*/ +struct SECKEYFortezzaPublicKeyStr { + int KEAversion; + int DSSversion; + unsigned char KMID[8]; + SECItem clearance; + SECItem KEApriviledge; + SECItem DSSpriviledge; + SECItem KEAKey; + SECItem DSSKey; + SECKEYPQGParams params; + SECKEYPQGParams keaParams; +}; +typedef struct SECKEYFortezzaPublicKeyStr SECKEYFortezzaPublicKey; + +struct SECKEYDiffPQGParamsStr { + SECKEYPQGParams DiffKEAParams; + SECKEYPQGParams DiffDSAParams; +}; +typedef struct SECKEYDiffPQGParamsStr SECKEYDiffPQGParams; + +struct SECKEYPQGDualParamsStr { + SECKEYPQGParams CommParams; + SECKEYDiffPQGParams DiffParams; +}; +typedef struct SECKEYPQGDualParamsStr SECKEYPQGDualParams; + +struct SECKEYKEAParamsStr { + PLArenaPool *arena; + SECItem hash; +}; +typedef struct SECKEYKEAParamsStr SECKEYKEAParams; + +struct SECKEYKEAPublicKeyStr { + SECKEYKEAParams params; + SECItem publicValue; +}; +typedef struct SECKEYKEAPublicKeyStr SECKEYKEAPublicKey; + /* ** A Generic public key object. */ @@ -49,11 +165,11 @@ struct SECKEYPublicKeyStr { PK11SlotInfo *pkcs11Slot; CK_OBJECT_HANDLE pkcs11ID; union { - RSAPublicKey rsa; - DSAPublicKey dsa; - DHPublicKey dh; - KEAPublicKey kea; - FortezzaPublicKey fortezza; + SECKEYRSAPublicKey rsa; + SECKEYDSAPublicKey dsa; + SECKEYDHPublicKey dh; + SECKEYKEAPublicKey kea; + SECKEYFortezzaPublicKey fortezza; } u; }; typedef struct SECKEYPublicKeyStr SECKEYPublicKey; @@ -92,3 +208,4 @@ typedef struct { } SECKEYPrivateKeyList; #endif /* _KEYTHI_H_ */ + diff --git a/security/nss/lib/cryptohi/seckey.c b/security/nss/lib/cryptohi/seckey.c index 142d14c5760..b486e7352c0 100644 --- a/security/nss/lib/cryptohi/seckey.c +++ b/security/nss/lib/cryptohi/seckey.c @@ -77,10 +77,10 @@ const SEC_ASN1Template SECKEY_DSAPublicKeyTemplate[] = { }; const SEC_ASN1Template SECKEY_PQGParamsTemplate[] = { - { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(PQGParams) }, - { SEC_ASN1_INTEGER, offsetof(PQGParams,prime) }, - { SEC_ASN1_INTEGER, offsetof(PQGParams,subPrime) }, - { SEC_ASN1_INTEGER, offsetof(PQGParams,base) }, + { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECKEYPQGParams) }, + { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,prime) }, + { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,subPrime) }, + { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,base) }, { 0, } }; @@ -99,32 +99,32 @@ const SEC_ASN1Template SECKEY_DHParamKeyTemplate[] = { }; const SEC_ASN1Template SECKEY_FortezzaParameterTemplate[] = { - { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(PQGParams) }, - { SEC_ASN1_OCTET_STRING, offsetof(PQGParams,prime), }, - { SEC_ASN1_OCTET_STRING, offsetof(PQGParams,subPrime), }, - { SEC_ASN1_OCTET_STRING, offsetof(PQGParams,base), }, + { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECKEYPQGParams) }, + { SEC_ASN1_OCTET_STRING, offsetof(SECKEYPQGParams,prime), }, + { SEC_ASN1_OCTET_STRING, offsetof(SECKEYPQGParams,subPrime), }, + { SEC_ASN1_OCTET_STRING, offsetof(SECKEYPQGParams,base), }, { 0 }, }; const SEC_ASN1Template SECKEY_FortezzaDiffParameterTemplate[] = { - { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(DiffPQGParams) }, - { SEC_ASN1_INLINE, offsetof(DiffPQGParams,DiffKEAParams), + { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECKEYDiffPQGParams) }, + { SEC_ASN1_INLINE, offsetof(SECKEYDiffPQGParams,DiffKEAParams), SECKEY_FortezzaParameterTemplate}, - { SEC_ASN1_INLINE, offsetof(DiffPQGParams,DiffDSAParams), + { SEC_ASN1_INLINE, offsetof(SECKEYDiffPQGParams,DiffDSAParams), SECKEY_FortezzaParameterTemplate}, { 0 }, }; const SEC_ASN1Template SECKEY_FortezzaPreParamTemplate[] = { { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | - SEC_ASN1_CONTEXT_SPECIFIC | 1, offsetof(PQGDualParams,CommParams), + SEC_ASN1_CONTEXT_SPECIFIC | 1, offsetof(SECKEYPQGDualParams,CommParams), SECKEY_FortezzaParameterTemplate}, { 0, } }; const SEC_ASN1Template SECKEY_FortezzaAltPreParamTemplate[] = { { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | - SEC_ASN1_CONTEXT_SPECIFIC | 0, offsetof(PQGDualParams,DiffParams), + SEC_ASN1_CONTEXT_SPECIFIC | 0, offsetof(SECKEYPQGDualParams,DiffParams), SECKEY_FortezzaDiffParameterTemplate}, { 0, } }; @@ -139,6 +139,10 @@ const SEC_ASN1Template SECKEY_KEAParamsTemplate[] = { { 0, } }; +SEC_ASN1_CHOOSER_IMPLEMENT(SECKEY_DSAPublicKeyTemplate) +SEC_ASN1_CHOOSER_IMPLEMENT(SECKEY_RSAPublicKeyTemplate) + + /* Create an RSA key pair is any slot able to do so. ** The created keys are "session" (temporary), not "token" (permanent), ** and they are "sensitive", which makes them costly to move to another token. @@ -167,7 +171,7 @@ SECKEY_CreateRSAPrivateKey(int keySizeInBits,SECKEYPublicKey **pubk, void *cx) ** creating a "sensitive" key if necessary. */ SECKEYPrivateKey * -SECKEY_CreateDHPrivateKey(DHParams *param, SECKEYPublicKey **pubk, void *cx) +SECKEY_CreateDHPrivateKey(SECKEYDHParams *param, SECKEYPublicKey **pubk, void *cx) { SECKEYPrivateKey *privk; PK11SlotInfo *slot = PK11_GetBestSlot(CKM_DH_PKCS_KEY_PAIR_GEN,cx); @@ -228,7 +232,7 @@ SECKEY_CopySubjectPublicKeyInfo(PRArenaPool *arena, } SECStatus -SECKEY_KEASetParams(KEAParams * params, SECKEYPublicKey * pubKey) { +SECKEY_KEASetParams(SECKEYKEAParams * params, SECKEYPublicKey * pubKey) { if (pubKey->keyType == fortezzaKey) { /* the key is a fortezza V1 public key */ @@ -259,16 +263,12 @@ SECKEY_KEAParamCompare(CERTCertificate *cert1,CERTCertificate *cert2) { SECStatus rv; - SECOidData *oid=NULL; - CERTSubjectPublicKeyInfo * subjectSpki=NULL; - CERTSubjectPublicKeyInfo * issuerSpki=NULL; - CERTCertificate *issuerCert = NULL; SECKEYPublicKey *pubKey1 = 0; SECKEYPublicKey *pubKey2 = 0; - KEAParams params1; - KEAParams params2; + SECKEYKEAParams params1; + SECKEYKEAParams params2; rv = SECFailure; @@ -486,7 +486,7 @@ SECStatus SECKEY_FortezzaDecodePQGtoOld(PRArenaPool *arena, SECKEYPublicKey *pubk, SECItem *params) { SECStatus rv; - PQGDualParams dual_params; + SECKEYPQGDualParams dual_params; if (params == NULL) return SECFailure; @@ -607,7 +607,7 @@ SECKEY_FortezzaDecodePQGtoOld(PRArenaPool *arena, SECKEYPublicKey *pubk, SECStatus SECKEY_DSADecodePQG(PRArenaPool *arena, SECKEYPublicKey *pubk, SECItem *params) { SECStatus rv; - PQGDualParams dual_params; + SECKEYPQGDualParams dual_params; if (params == NULL) return SECFailure; diff --git a/security/nss/lib/cryptohi/secvfy.c b/security/nss/lib/cryptohi/secvfy.c index d84f57373d1..5ada991d56c 100644 --- a/security/nss/lib/cryptohi/secvfy.c +++ b/security/nss/lib/cryptohi/secvfy.c @@ -32,7 +32,7 @@ * may use your version of this file under either the MPL or the * GPL. * - * $Id: secvfy.c,v 1.5 2001-05-01 23:59:27 relyea%netscape.com Exp $ + * $Id: secvfy.c,v 1.6 2001-09-20 21:30:48 relyea%netscape.com Exp $ */ #include @@ -195,9 +195,9 @@ decodeSigAlg(SECOidTag alg, SECOidTag *hashalg) /* we don't implement MD4 hashes */ case SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION: default: - return SECFailure; + break; } - PR_ASSERT(PR_FALSE); /* shouldn't get here */ + return SECFailure; } VFYContext * @@ -322,7 +322,6 @@ VFY_EndWithSignature(VFYContext *cx, SECItem *sig) unsigned char final[32]; unsigned part; SECItem hash,dsasig; - unsigned char *digest; SECStatus rv; if ((cx->hasSignature == PR_FALSE) && (sig == NULL)) {