本文整理汇总了C++中PK11_FreeSymKey函数的典型用法代码示例。如果您正苦于以下问题:C++ PK11_FreeSymKey函数的具体用法?C++ PK11_FreeSymKey怎么用?C++ PK11_FreeSymKey使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了PK11_FreeSymKey函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的C++代码示例。
示例1: purple_aes_cipher_nss_cleanup
static void
purple_aes_cipher_nss_cleanup(PurpleAESCipherNSSContext *context)
{
g_return_if_fail(context != NULL);
if (context->enc_context != NULL)
PK11_DestroyContext(context->enc_context, TRUE);
if (context->sec_param != NULL)
SECITEM_FreeItem(context->sec_param, TRUE);
if (context->sym_key != NULL)
PK11_FreeSymKey(context->sym_key);
if (context->slot != NULL)
PK11_FreeSlot(context->slot);
memset(context, 0, sizeof(PurpleAESCipherNSSContext));
}
开发者ID:Distrotech,项目名称:pidgin,代码行数:16,代码来源:aescipher.c
示例2: ssl_FreeCipherSpec
static void
ssl_FreeCipherSpec(ssl3CipherSpec *spec)
{
SSL_TRC(10, ("%d: SSL[-]: Freeing %s spec %d. epoch=%d",
SSL_GETPID(), SPEC_DIR(spec), spec, spec->epoch));
PR_REMOVE_LINK(&spec->link);
/* PORT_Assert( ss->opt.noLocks || ssl_HaveSpecWriteLock(ss)); Don't have ss! */
if (spec->cipherContext) {
PK11_DestroyContext(spec->cipherContext, PR_TRUE);
}
PK11_FreeSymKey(spec->masterSecret);
ssl_DestroyKeyMaterial(&spec->keyMaterial);
PORT_ZFree(spec, sizeof(*spec));
}
开发者ID:luke-chang,项目名称:gecko-1,代码行数:17,代码来源:sslspec.c
示例3: PK11_DestroyContext
/*
* Free up a Cipher Context
*/
void
PK11_DestroyContext(PK11Context *context, PRBool freeit)
{
pk11_CloseSession(context->slot, context->session, context->ownSession);
/* initialize the critical fields of the context */
if (context->savedData != NULL)
PORT_Free(context->savedData);
if (context->key)
PK11_FreeSymKey(context->key);
if (context->param && context->param != &pk11_null_params)
SECITEM_FreeItem(context->param, PR_TRUE);
if (context->sessionLock)
PZ_DestroyLock(context->sessionLock);
PK11_FreeSlot(context->slot);
if (freeit)
PORT_Free(context);
}
开发者ID:Wafflespeanut,项目名称:gecko-dev,代码行数:20,代码来源:pk11cxt.c
示例4: DestroyPk11PinStore
/*
* DestroyPk11PinStore
*/
void DestroyPk11PinStore(Pk11PinStore *store)
{
if (store == 0) return;
if (store->params) {
SECITEM_ZfreeItem(store->params, PR_TRUE);
}
if (store->key) {
PK11_FreeSymKey(store->key);
}
if (store->crypt) {
memset(store->crypt, 0, store->length);
free(store->crypt);
}
free(store);
}
开发者ID:shawnwhit,项目名称:httpd_modnss,代码行数:22,代码来源:nss_pcache.c
示例5: oauth_init_nss
char *oauth_sign_hmac_sha1_raw (const char *m, const size_t ml, const char *k, const size_t kl) {
PK11SlotInfo *slot = NULL;
PK11SymKey *pkey = NULL;
PK11Context *context = NULL;
unsigned char digest[20]; // Is there a way to tell how large the output is?
unsigned int len;
SECStatus s;
SECItem keyItem, noParams;
char *rv=NULL;
keyItem.type = siBuffer;
keyItem.data = (unsigned char*) k;
keyItem.len = kl;
noParams.type = siBuffer;
noParams.data = NULL;
noParams.len = 0;
oauth_init_nss();
slot = PK11_GetInternalKeySlot();
if (!slot) goto looser;
pkey = PK11_ImportSymKey(slot, CKM_SHA_1_HMAC, PK11_OriginUnwrap, CKA_SIGN, &keyItem, NULL);
if (!pkey) goto looser;
context = PK11_CreateContextBySymKey(CKM_SHA_1_HMAC, CKA_SIGN, pkey, &noParams);
if (!context) goto looser;
s = PK11_DigestBegin(context);
if (s != SECSuccess) goto looser;
s = PK11_DigestOp(context, (unsigned char*) m, ml);
if (s != SECSuccess) goto looser;
s = PK11_DigestFinal(context, digest, &len, sizeof digest);
if (s != SECSuccess) goto looser;
rv=oauth_encode_base64(len, digest);
looser:
if (context) PK11_DestroyContext(context, PR_TRUE);
if (pkey) PK11_FreeSymKey(pkey);
if (slot) PK11_FreeSlot(slot);
return rv;
}
开发者ID:Aakanksha,项目名称:c-twitter,代码行数:42,代码来源:hash.c
示例6: NSS_CMSEncryptedData_Decode_BeforeData
/*
* NSS_CMSEncryptedData_Decode_BeforeData - find bulk key & set up decryption
*/
SECStatus
NSS_CMSEncryptedData_Decode_BeforeData(NSSCMSEncryptedData *encd)
{
PK11SymKey *bulkkey = NULL;
NSSCMSContentInfo *cinfo;
SECAlgorithmID *bulkalg;
SECStatus rv = SECFailure;
cinfo = &(encd->contentInfo);
bulkalg = NSS_CMSContentInfo_GetContentEncAlg(cinfo);
if (encd->cmsg->decrypt_key_cb == NULL) /* no callback? no key../ */
goto loser;
bulkkey = (*encd->cmsg->decrypt_key_cb)(encd->cmsg->decrypt_key_cb_arg, bulkalg);
if (bulkkey == NULL)
/* no success finding a bulk key */
goto loser;
NSS_CMSContentInfo_SetBulkKey(cinfo, bulkkey);
rv = NSS_CMSContentInfo_Private_Init(cinfo);
if (rv != SECSuccess) {
goto loser;
}
rv = SECFailure;
cinfo->privateInfo->ciphcx = NSS_CMSCipherContext_StartDecrypt(bulkkey, bulkalg);
if (cinfo->privateInfo->ciphcx == NULL)
goto loser; /* error has been set by NSS_CMSCipherContext_StartDecrypt */
/* we are done with (this) bulkkey now. */
PK11_FreeSymKey(bulkkey);
rv = SECSuccess;
loser:
return rv;
}
开发者ID:AOSC-Dev,项目名称:nss-purified,代码行数:44,代码来源:cmsencdata.c
示例7: JSS_PK11_wrapSymKey
/***********************************************************************
*
* J S S _ P K 1 1 _ w r a p S y m K e y
* Puts a Symmetric Key into a Java object.
* (Does NOT perform a cryptographic "wrap" operation.)
* symKey: will be stored in a Java wrapper.
* Returns: a new PK11SymKey, or NULL if an exception occurred.
*/
jobject
JSS_PK11_wrapSymKey(JNIEnv *env, PK11SymKey **symKey)
{
jclass keyClass;
jmethodID constructor;
jbyteArray ptrArray;
jobject Key=NULL;
PR_ASSERT(env!=NULL && symKey!=NULL && *symKey!=NULL);
/* find the class */
keyClass = (*env)->FindClass(env, PK11SYMKEY_CLASS_NAME);
if( keyClass == NULL ) {
ASSERT_OUTOFMEM(env);
goto finish;
}
/* find the constructor */
constructor = (*env)->GetMethodID(env, keyClass,
PLAIN_CONSTRUCTOR,
PK11SYMKEY_CONSTRUCTOR_SIG);
if(constructor == NULL) {
ASSERT_OUTOFMEM(env);
goto finish;
}
/* convert the pointer to a byte array */
ptrArray = JSS_ptrToByteArray(env, (void*)*symKey);
if( ptrArray == NULL ) {
goto finish;
}
/* call the constructor */
Key = (*env)->NewObject(env, keyClass, constructor, ptrArray);
finish:
if(Key == NULL) {
PK11_FreeSymKey(*symKey);
}
*symKey = NULL;
return Key;
}
开发者ID:rhencke,项目名称:mozilla-cvs-history,代码行数:50,代码来源:PK11SymKey.c
示例8: PK11_CreateContextBySymKey
/*
* Create a context from a key. We really should make sure we aren't using
* the same key in multiple session!
*/
PK11Context *
PK11_CreateContextBySymKey(CK_MECHANISM_TYPE type, CK_ATTRIBUTE_TYPE operation,
PK11SymKey *symKey, SECItem *param)
{
PK11SymKey *newKey;
PK11Context *context;
/* if this slot doesn't support the mechanism, go to a slot that does */
newKey = pk11_ForceSlot(symKey, type, operation);
if (newKey == NULL) {
PK11_ReferenceSymKey(symKey);
} else {
symKey = newKey;
}
/* Context Adopts the symKey.... */
context = pk11_CreateNewContextInSlot(type, symKey->slot, operation, symKey,
param);
PK11_FreeSymKey(symKey);
return context;
}
开发者ID:Wafflespeanut,项目名称:gecko-dev,代码行数:25,代码来源:pk11cxt.c
示例9: switch
void
nsKeyObject::CleanUp()
{
switch (mKeyType) {
case nsIKeyObject::SYM_KEY:
PK11_FreeSymKey(mSymKey);
break;
case nsIKeyObject::PRIVATE_KEY:
PK11_DeleteTokenPrivateKey(mPrivateKey, PR_TRUE /* force */);
break;
case nsIKeyObject::PUBLIC_KEY:
PK11_DeleteTokenPublicKey(mPublicKey);
break;
default:
// probably not initialized, do nothing
break;
}
mKeyType = 0;
}
开发者ID:rn10950,项目名称:RetroZilla,代码行数:22,代码来源:nsKeyModule.cpp
示例10: ListKeys
SECStatus
ListKeys(PK11SlotInfo *slot, int *printLabel, void *pwd) {
PK11SymKey *keyList;
SECStatus rv = PK11_Authenticate(slot, PR_FALSE, pwd);
if (rv != SECSuccess) {
return rv;;
}
keyList = PK11_ListFixedKeysInSlot(slot, NULL, pwd);
if (keyList) {
if (*printLabel) {
printf(" Name Len Strength Type Data\n");
*printLabel = 0;
}
printf("%s:\n",PK11_GetTokenName(slot));
}
while (keyList) {
PK11SymKey *freeKey = keyList;
PrintKey(keyList);
keyList = PK11_GetNextSymKey(keyList);
PK11_FreeSymKey(freeKey);
}
return SECSuccess;
}
开发者ID:FunkyVerb,项目名称:devtools-window,代码行数:24,代码来源:symkeyutil.c
示例11: __PK11_CreateContextByRawKey
/*
* put together the various PK11_Create_Context calls used by different
* parts of libsec.
*/
PK11Context *
__PK11_CreateContextByRawKey(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
PK11Origin origin, CK_ATTRIBUTE_TYPE operation, SECItem *key,
SECItem *param, void *wincx)
{
PK11SymKey *symKey = NULL;
PK11Context *context = NULL;
/* first get a slot */
if (slot == NULL) {
slot = PK11_GetBestSlot(type, wincx);
if (slot == NULL) {
PORT_SetError(SEC_ERROR_NO_MODULE);
goto loser;
}
} else {
PK11_ReferenceSlot(slot);
}
/* now import the key */
symKey = PK11_ImportSymKey(slot, type, origin, operation, key, wincx);
if (symKey == NULL)
goto loser;
context = PK11_CreateContextBySymKey(type, operation, symKey, param);
loser:
if (symKey) {
PK11_FreeSymKey(symKey);
}
if (slot) {
PK11_FreeSlot(slot);
}
return context;
}
开发者ID:Wafflespeanut,项目名称:gecko-dev,代码行数:40,代码来源:pk11cxt.c
示例12: NSS_CMSContentInfo_Destroy
/*
* NSS_CMSContentInfo_Destroy - destroy a CMS contentInfo and all of its sub-pieces.
*/
void
NSS_CMSContentInfo_Destroy(NSSCMSContentInfo *cinfo)
{
SECOidTag kind;
if (cinfo == NULL) {
return;
}
kind = NSS_CMSContentInfo_GetContentTypeTag(cinfo);
switch (kind) {
case SEC_OID_PKCS7_ENVELOPED_DATA:
NSS_CMSEnvelopedData_Destroy(cinfo->content.envelopedData);
break;
case SEC_OID_PKCS7_SIGNED_DATA:
NSS_CMSSignedData_Destroy(cinfo->content.signedData);
break;
case SEC_OID_PKCS7_ENCRYPTED_DATA:
NSS_CMSEncryptedData_Destroy(cinfo->content.encryptedData);
break;
case SEC_OID_PKCS7_DIGESTED_DATA:
NSS_CMSDigestedData_Destroy(cinfo->content.digestedData);
break;
default:
NSS_CMSGenericWrapperData_Destroy(kind, cinfo->content.genericData);
/* XXX Anything else that needs to be "manually" freed/destroyed? */
break;
}
if (cinfo->privateInfo) {
nss_cmsContentInfo_private_destroy(cinfo->privateInfo);
cinfo->privateInfo = NULL;
}
if (cinfo->bulkkey) {
PK11_FreeSymKey(cinfo->bulkkey);
}
}
开发者ID:franziskuskiefer,项目名称:nss,代码行数:39,代码来源:cmscinfo.c
示例13: crypto_decrypt
//.........这里部分代码省略.........
_("Failed to set symmetric key for decryption."));
goto out;
}
key_item.data = (unsigned char *) iv;
key_item.len = real_iv_len;
sec_param = PK11_ParamFromIV (cipher_mech, &key_item);
if (!sec_param) {
g_set_error (error, NM_CRYPTO_ERROR,
NM_CRYPTO_ERROR_DECRYPTION_FAILED,
_("Failed to set IV for decryption."));
goto out;
}
ctx = PK11_CreateContextBySymKey (cipher_mech, CKA_DECRYPT, sym_key, sec_param);
if (!ctx) {
g_set_error (error, NM_CRYPTO_ERROR,
NM_CRYPTO_ERROR_DECRYPTION_FAILED,
_("Failed to initialize the decryption context."));
goto out;
}
s = PK11_CipherOp (ctx,
(unsigned char *) output,
&decrypted_len,
data_len,
data,
data_len);
if (s != SECSuccess) {
g_set_error (error, NM_CRYPTO_ERROR,
NM_CRYPTO_ERROR_DECRYPTION_FAILED,
_("Failed to decrypt the private key: %d."),
PORT_GetError ());
goto out;
}
if (decrypted_len > data_len) {
g_set_error (error, NM_CRYPTO_ERROR,
NM_CRYPTO_ERROR_DECRYPTION_FAILED,
_("Failed to decrypt the private key: decrypted data too large."));
goto out;
}
s = PK11_DigestFinal (ctx,
(unsigned char *) (output + decrypted_len),
&extra,
data_len - decrypted_len);
if (s != SECSuccess) {
g_set_error (error, NM_CRYPTO_ERROR,
NM_CRYPTO_ERROR_DECRYPTION_FAILED,
_("Failed to finalize decryption of the private key: %d."),
PORT_GetError ());
goto out;
}
decrypted_len += extra;
pad_len = data_len - decrypted_len;
/* Check if the padding at the end of the decrypted data is valid */
if (pad_len == 0 || pad_len > real_iv_len) {
g_set_error (error, NM_CRYPTO_ERROR,
NM_CRYPTO_ERROR_DECRYPTION_FAILED,
_("Failed to decrypt the private key: unexpected padding length."));
goto out;
}
/* Validate tail padding; last byte is the padding size, and all pad bytes
* should contain the padding size.
*/
for (i = pad_len; i > 0; i--) {
if (output[data_len - i] != pad_len) {
g_set_error (error, NM_CRYPTO_ERROR,
NM_CRYPTO_ERROR_DECRYPTION_FAILED,
_("Failed to decrypt the private key."));
goto out;
}
}
*out_len = decrypted_len;
success = TRUE;
out:
if (ctx)
PK11_DestroyContext (ctx, PR_TRUE);
if (sym_key)
PK11_FreeSymKey (sym_key);
if (sec_param)
SECITEM_FreeItem (sec_param, PR_TRUE);
if (slot)
PK11_FreeSlot (slot);
if (!success) {
if (output) {
/* Don't expose key material */
memset (output, 0, data_len);
g_free (output);
output = NULL;
}
}
return output;
}
开发者ID:gunchleoc,项目名称:NetworkManager,代码行数:101,代码来源:crypto_nss.c
示例14: hmac_init
void
hmac_init(struct hmac_ctx *ctx,
const struct hash_desc *h,
const u_char *key, size_t key_len)
{
#ifndef HAVE_LIBNSS
int k;
#endif
ctx->h = h;
ctx->hmac_digest_len = h->hash_digest_len;
#ifdef HAVE_LIBNSS
/* DBG(DBG_CRYPT, DBG_log("NSS: hmac init")); */
SECStatus status;
PK11SymKey *symkey=NULL, *tkey1=NULL;
/* PK11SymKey *tkey1=NULL; */
unsigned int klen;
chunk_t hmac_opad, hmac_ipad, hmac_pad;
memcpy(&symkey, key, key_len);
klen = PK11_GetKeyLength(symkey);
hmac_opad = hmac_pads(HMAC_OPAD,HMAC_BUFSIZE);
hmac_ipad = hmac_pads(HMAC_IPAD,HMAC_BUFSIZE);
hmac_pad = hmac_pads(0x00,HMAC_BUFSIZE-klen);
if(klen > HMAC_BUFSIZE)
{
tkey1 = PK11_Derive_osw(symkey, nss_key_derivation_mech(h)
, NULL, CKM_CONCATENATE_BASE_AND_DATA, CKA_DERIVE, 0);
}
else
{
tkey1 = symkey;
}
PK11SymKey *tkey2 = pk11_derive_wrapper_osw(tkey1, CKM_CONCATENATE_BASE_AND_DATA
, hmac_pad,CKM_XOR_BASE_AND_DATA, CKA_DERIVE, HMAC_BUFSIZE);
PR_ASSERT(tkey2!=NULL);
ctx->ikey = pk11_derive_wrapper_osw(tkey2, CKM_XOR_BASE_AND_DATA
, hmac_ipad,nss_hash_mech(h), CKA_DIGEST, 0);
PR_ASSERT(ctx->ikey !=NULL);
ctx->okey = pk11_derive_wrapper_osw(tkey2, CKM_XOR_BASE_AND_DATA
, hmac_opad,nss_hash_mech(h), CKA_DIGEST, 0);
PR_ASSERT(ctx->okey !=NULL);
if(tkey1!=symkey) {
PK11_FreeSymKey(tkey1);
}
PK11_FreeSymKey(tkey2);
freeanychunk(hmac_opad);
freeanychunk(hmac_ipad);
freeanychunk(hmac_pad);
ctx->ctx_nss = PK11_CreateDigestContext(nss_hash_oid(h));
PR_ASSERT(ctx->ctx_nss!=NULL);
status=PK11_DigestBegin(ctx->ctx_nss);
PR_ASSERT(status==SECSuccess);
status=PK11_DigestKey(ctx->ctx_nss, ctx->ikey);
PR_ASSERT(status==SECSuccess);
#else
/* Prepare the two pads for the HMAC */
memset(ctx->buf1, '\0', HMAC_BUFSIZE);
if (key_len <= HMAC_BUFSIZE)
{
memcpy(ctx->buf1, key, key_len);
}
else
{
h->hash_init(&ctx->hash_ctx);
h->hash_update(&ctx->hash_ctx, key, key_len);
h->hash_final(ctx->buf1, &ctx->hash_ctx);
}
memcpy(ctx->buf2, ctx->buf1, HMAC_BUFSIZE);
for (k = 0; k < HMAC_BUFSIZE; k++)
{
ctx->buf1[k] ^= HMAC_IPAD;
ctx->buf2[k] ^= HMAC_OPAD;
}
hmac_reinit(ctx);
#endif
}
开发者ID:JasonCC,项目名称:Openswan,代码行数:94,代码来源:hmac.c
示例15: aes_decrypt_buf
static SECStatus
aes_decrypt_buf(
const unsigned char *key, unsigned int keysize,
const unsigned char *iv, unsigned int ivsize,
unsigned char *output, unsigned int *outputlen, unsigned int maxoutputlen,
const unsigned char *input, unsigned int inputlen,
const unsigned char *aad, unsigned int aadlen,
const unsigned char *tag, unsigned int tagsize)
{
SECStatus rv = SECFailure;
unsigned char concatenated[11*16]; /* 1 to 11 blocks */
SECItem key_item;
PK11SlotInfo *slot = NULL;
PK11SymKey *symKey = NULL;
CK_GCM_PARAMS gcm_params;
SECItem param;
if (inputlen + tagsize > sizeof(concatenated)) {
fprintf(stderr, "aes_decrypt_buf: local buffer too small\n");
goto loser;
}
memcpy(concatenated, input, inputlen);
memcpy(concatenated + inputlen, tag, tagsize);
/* Import key into NSS. */
key_item.type = siBuffer;
key_item.data = (unsigned char *) key; /* const cast */
key_item.len = keysize;
slot = PK11_GetInternalSlot();
symKey = PK11_ImportSymKey(slot, CKM_AES_GCM, PK11_OriginUnwrap,
CKA_DECRYPT, &key_item, NULL);
PK11_FreeSlot(slot);
slot = NULL;
if (!symKey) {
fprintf(stderr, "PK11_ImportSymKey failed\n");
goto loser;
}
gcm_params.pIv = (unsigned char *) iv;
gcm_params.ulIvLen = ivsize;
gcm_params.pAAD = (unsigned char *) aad;
gcm_params.ulAADLen = aadlen;
gcm_params.ulTagBits = tagsize * 8;
param.type = siBuffer;
param.data = (unsigned char *) &gcm_params;
param.len = sizeof(gcm_params);
if (PK11_Decrypt(symKey, CKM_AES_GCM, ¶m,
output, outputlen, maxoutputlen,
concatenated, inputlen + tagsize) != SECSuccess) {
goto loser;
}
rv = SECSuccess;
loser:
if (symKey != NULL) {
PK11_FreeSymKey(symKey);
}
return rv;
}
开发者ID:MekliCZ,项目名称:positron,代码行数:62,代码来源:pk11gcmtest.c
示例16: PK11_DigestKey
/*
* Digest a key if possible./
*/
SECStatus
PK11_DigestKey(PK11Context *context, PK11SymKey *key)
{
CK_RV crv = CKR_OK;
SECStatus rv = SECSuccess;
PK11SymKey *newKey = NULL;
if (!context || !key) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
/* if we ran out of session, we need to restore our previously stored
* state.
*/
if (context->slot != key->slot) {
newKey = pk11_CopyToSlot(context->slot,CKM_SSL3_SHA1_MAC,CKA_SIGN,key);
} else {
newKey = PK11_ReferenceSymKey(key);
}
context->init = PR_FALSE;
PK11_EnterContextMonitor(context);
if (!context->ownSession) {
rv = pk11_restoreContext(context,context->savedData,
context->savedLength);
if (rv != SECSuccess) {
PK11_ExitContextMonitor(context);
PK11_FreeSymKey(newKey);
return rv;
}
}
if (newKey == NULL) {
crv = CKR_KEY_TYPE_INCONSISTENT;
if (key->data.data) {
crv=PK11_GETTAB(context->slot)->C_DigestUpdate(context->session,
key->data.data,key->data.len);
}
} else {
crv=PK11_GETTAB(context->slot)->C_DigestKey(context->session,
newKey->objectID);
}
if (crv != CKR_OK) {
PORT_SetError( PK11_MapError(crv) );
rv = SECFailure;
}
/*
* handle session starvation case.. use our last session to multiplex
*/
if (!context->ownSession) {
context->savedData = pk11_saveContext(context,context->savedData,
&context->savedLength);
if (context->savedData == NULL) rv = SECFailure;
/* clear out out session for others to use */
pk11_Finalize(context);
}
PK11_ExitContextMonitor(context);
if (newKey) PK11_FreeSymKey(newKey);
return rv;
}
开发者ID:rhencke,项目名称:mozilla-cvs-history,代码行数:68,代码来源:pk11cxt.c
示例17: tls13_HkdfExtract
SECStatus
tls13_HkdfExtract(PK11SymKey *ikm1, PK11SymKey *ikm2in, SSLHashType baseHash,
PK11SymKey **prkp)
{
CK_NSS_HKDFParams params;
SECItem paramsi;
SECStatus rv;
SECItem *salt;
PK11SymKey *prk;
static const PRUint8 zeroKeyBuf[HASH_LENGTH_MAX];
PK11SymKey *zeroKey = NULL;
PK11SlotInfo *slot = NULL;
PK11SymKey *ikm2;
params.bExtract = CK_TRUE;
params.bExpand = CK_FALSE;
params.pInfo = NULL;
params.ulInfoLen = 0UL;
if (ikm1) {
/* TODO([email protected]): This violates the PKCS#11 key boundary
* but is imposed on us by the present HKDF interface. */
rv = PK11_ExtractKeyValue(ikm1);
if (rv != SECSuccess)
return rv;
salt = PK11_GetKeyData(ikm1);
if (!salt)
return SECFailure;
params.pSalt = salt->data;
params.ulSaltLen = salt->len;
PORT_Assert(salt->len > 0);
} else {
/* Per documentation for CKM_NSS_HKDF_*:
*
* If the optional salt is given, it is used; otherwise, the salt is
* set to a sequence of zeros equal in length to the HMAC output.
*/
params.pSalt = NULL;
params.ulSaltLen = 0UL;
}
paramsi.data = (unsigned char *)¶ms;
paramsi.len = sizeof(params);
PORT_Assert(kTlsHkdfInfo[baseHash].pkcs11Mech);
PORT_Assert(kTlsHkdfInfo[baseHash].hashSize);
PORT_Assert(kTlsHkdfInfo[baseHash].hash == baseHash);
/* A zero ikm2 is a key of hash-length 0s. */
if (!ikm2in) {
SECItem zeroItem = {
siBuffer,
(unsigned char *)zeroKeyBuf,
kTlsHkdfInfo[baseHash].hashSize
};
slot = PK11_GetInternalSlot();
if (!slot) {
return SECFailure;
}
zeroKey = PK11_ImportSymKey(slot,
kTlsHkdfInfo[baseHash].pkcs11Mech,
PK11_OriginUnwrap,
CKA_DERIVE, &zeroItem, NULL);
if (!zeroKey)
return SECFailure;
ikm2 = zeroKey;
} else {
ikm2 = ikm2in;
}
PORT_Assert(ikm2);
PRINT_BUF(50, (NULL, "HKDF Extract: IKM1/Salt", params.pSalt, params.ulSaltLen));
PRINT_KEY(50, (NULL, "HKDF Extract: IKM2", ikm2));
prk = PK11_Derive(ikm2, kTlsHkdfInfo[baseHash].pkcs11Mech,
¶msi, kTlsHkdfInfo[baseHash].pkcs11Mech,
CKA_DERIVE, kTlsHkdfInfo[baseHash].hashSize);
if (zeroKey)
PK11_FreeSymKey(zeroKey);
if (slot)
PK11_FreeSlot(slot);
if (!prk)
return SECFailure;
PRINT_KEY(50, (NULL, "HKDF Extract", prk));
*prkp = prk;
return SECSuccess;
}
开发者ID:biddyweb,项目名称:switch-oss,代码行数:90,代码来源:tls13hkdf.c
示例18: crypto_encrypt
//.........这里部分代码省略.........
}
ctx = PK11_CreateContextBySymKey (cipher_mech, CKA_ENCRYPT, sym_key, sec_param);
if (!ctx) {
g_set_error (error, NM_CRYPTO_ERROR,
NM_CRYPTO_ERROR_ENCRYPTION_FAILED,
_("Failed to initialize the encryption context."));
goto out;
}
ret = PK11_CipherOp (ctx, output, &encrypted_len, output_len, padded_buf, padded_buf_len);
if (ret != SECSuccess) {
g_set_error (error, NM_CRYPTO_ERROR,
NM_CRYPTO_ERROR_ENCRYPTION_FAILED,
_("Failed to encrypt: %d."),
PORT_GetError ());
goto out;
}
if (encrypted_len != output_len) {
g_set_error (error, NM_CRYPTO_ERROR,
NM_CRYPTO_ERROR_ENCRYPTION_FAILED,
_("Unexpected amount of data after encrypting."));
goto out;
}
*out_len = encrypted_len;
success = TRUE;
out:
if (ctx)
PK11_DestroyContext (ctx, PR_TRUE);
if (sym_key)
PK11_FreeSymKey (sym_key);
if (sec_param)
SECITEM_FreeItem (sec_param, PR_TRUE);
if (slot)
PK11_FreeSlot (slot);
memset (padded_buf, 0, padded_buf_len);
g_free (padded_buf);
if (!success) {
memset (output, 0, output_len);
g_free (output);
output = NULL;
}
return (char *) output;
}
NMCryptoFileFormat
crypto_verify_cert (const unsigned char *data,
gsize len,
GError **error)
{
CERTCertificate *cert;
if (!crypto_init (error))
return NM_CRYPTO_FILE_FORMAT_UNKNOWN;
/* Try DER/PEM first */
cert = CERT_DecodeCertFromPackage ((char *) data, len);
if (!cert) {
g_set_error (error, NM_CRYPTO_ERROR,
NM_CRYPTO_ERROR_INVALID_DATA,
_("Couldn't decode certificate: %d"),
开发者ID:gunchleoc,项目名称:NetworkManager,代码行数:67,代码来源:crypto_nss.c
示例19: sm_encrypt
//.........这里部分代码省略.........
if (NSS_CMSContentInfo_SetContent_EnvelopedData(cmsg, cinfo, envd) != SECSuccess) {
camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, _("Cannot attach CMS Enveloped data"));
goto fail;
}
cinfo = NSS_CMSEnvelopedData_GetContentInfo(envd);
if (NSS_CMSContentInfo_SetContent_Data(cmsg, cinfo, NULL, PR_FALSE) != SECSuccess) {
camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, _("Cannot attach CMS data object"));
goto fail;
}
/* add recipient certs */
for (i=0;recipient_certs[i];i++) {
NSSCMSRecipientInfo *ri = NSS_CMSRecipientInfo_Create(cmsg, recipient_certs[i]);
if (ri == NULL) {
camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, _("Cannot create CMS Recipient information"));
goto fail;
}
if (NSS_CMSEnvelopedData_AddRecipient(envd, ri) != SECSuccess) {
camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, _("Cannot add CMS Recipient information"));
goto fail;
}
}
/* dump it out */
ostream = camel_stream_mem_new();
enc = NSS_CMSEncoder_Start(cmsg,
sm_write_stream, ostream,
NULL, NULL,
NULL, NULL,
sm_decrypt_key, bulkkey,
NULL, NULL);
if (enc == NULL) {
camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, _("Cannot create encoder context"));
goto fail;
}
/* FIXME: Stream the input */
/* FIXME: Canonicalise the input? */
mem = (CamelStreamMem *)camel_stream_mem_new();
camel_data_wrapper_write_to_stream((CamelDataWrapper *)ipart, (CamelStream *)mem);
if (NSS_CMSEncoder_Update(enc, (char *) mem->buffer->data, mem->buffer->len) != SECSuccess) {
NSS_CMSEncoder_Cancel(enc);
camel_object_unref(mem);
camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, _("Failed to add data to encoder"));
goto fail;
}
camel_object_unref(mem);
if (NSS_CMSEncoder_Finish(enc) != SECSuccess) {
camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, _("Failed to encode data"));
goto fail;
}
PK11_FreeSymKey(bulkkey);
NSS_CMSMessage_Destroy(cmsg);
for (i=0;recipient_certs[i];i++)
CERT_DestroyCertificate(recipient_certs[i]);
PORT_FreeArena(poolp, PR_FALSE);
dw = camel_data_wrapper_new();
camel_data_wrapper_construct_from_stream(dw, ostream);
camel_object_unref(ostream);
dw->encoding = CAMEL_TRANSFER_ENCODING_BINARY;
ct = camel_content_type_new("application", "x-pkcs7-mime");
camel_content_type_set_param(ct, "name", "smime.p7m");
camel_content_type_set_param(ct, "smime-type", "enveloped-data");
camel_data_wrapper_set_mime_type_field(dw, ct);
camel_content_type_unref(ct);
camel_medium_set_content_object((CamelMedium *)opart, dw);
camel_object_unref(dw);
camel_mime_part_set_disposition(opart, "attachment");
camel_mime_part_set_filename(opart, "smime.p7m");
camel_mime_part_set_description(opart, "S/MIME Encrypted Message");
camel_mime_part_set_encoding(opart, CAMEL_TRANSFER_ENCODING_BASE64);
return 0;
fail:
if (ostream)
camel_object_unref(ostream);
if (cmsg)
NSS_CMSMessage_Destroy(cmsg);
if (bulkkey)
PK11_FreeSymKey(bulkkey);
if (recipient_certs) {
for (i=0;recipient_certs[i];i++)
CERT_DestroyCertificate(recipient_certs[i]);
}
PORT_FreeArena(poolp, PR_FALSE);
return -1;
}
开发者ID:Codeminded,项目名称:tinymail,代码行数:101,代码来源:camel-smime-context.c
示例20: xmlSecNssKWAesOp
//.........这里部分代码省略.........
xmlSecAssert2(outSize >= inSize + 8, -1);
if (enc == 1) {
aeskey = xmlSecNssMakeAesKey(key, keySize, enc);
if(aeskey == NULL) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecNssMakeAesKey",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
goto done;
}
/* prepend magic block */
if(in != out) {
memcpy(out + XMLSEC_NSS_KW_AES_MAGIC_BLOCK_SIZE, in, inSize);
} else {
memmove(out + XMLSEC_NSS_KW_AES_MAGIC_BLOCK_SIZE, out, inSize);
}
memcpy(out, xmlSecNssKWAesMagicBlock, XMLSEC_NSS_KW_AES_MAGIC_BLOCK_SIZE);
N = (inSize / 8);
if(N == 1) {
xmlSecNssAesOp(aeskey, out, out, enc);
} else {
for(j = 0; j <= 5; ++j) {
for(i = 1; i <= N; ++i) {
t = i + (j * N);
p = out + i * 8;
memcpy(block, out, 8);
memcpy(block + 8, p, 8);
xmlSecNssAesOp(aeskey, block, block, enc);
block[7] ^= t;
memcpy(out, block, 8);
memcpy(p, block + 8, 8);
}
}
}
result = inSize + 8;
} else {
aeskey = xmlSecNssMakeAesKey(key, keySize, enc);
if(aeskey == NULL) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecNssMakeAesKey",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
goto done;
}
/* copy input */
if(in != out) {
memcpy(out, in, inSize);
}
N = (inSize / 8) - 1;
if(N == 1) {
xmlSecNssAesOp(aeskey, out, out, enc);
} else {
for(j = 5; j >= 0; --j) {
for(i = N; i > 0; --i) {
t = i + (j * N);
p = out + i * 8;
memcpy(block, out, 8);
memcpy(block + 8, p, 8);
block[7] ^= t;
xmlSecNssAesOp(aeskey, block, block, enc);
memcpy(out, block, 8);
memcpy(p, block + 8, 8);
}
}
}
/* do not left data in memory */
memset(block, 0, sizeof(block));
if(memcmp(xmlSecNssKWAesMagicBlock, out, XMLSEC_NSS_KW_AES_MAGIC_BLOCK_SIZE) != 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
NULL,
XMLSEC_ERRORS_R_INVALID_DATA,
"bad magic block");
goto done;
}
memmove(out, out + XMLSEC_NSS_KW_AES_MAGIC_BLOCK_SIZE, inSize - XMLSEC_NSS_KW_AES_MAGIC_BLOCK_SIZE);
result = (inSize - XMLSEC_NSS_KW_AES_MAGIC_BLOCK_SIZE);
}
done:
if (aeskey != NULL) {
PK11_FreeSymKey(aeskey);
}
return (result);
}
开发者ID:Arcenciel,项目名称:DDReader,代码行数:101,代码来源:kw_aes.c
注:本文中的PK11_FreeSymKey函数示例由纯净天空整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
请发表评论