Fix 128172: function to convert a session key to a token key.

2024-10-12 21:05:36 +00:00 · 2002-09-28 00:48:32 +00:00 · 2002-09-28 00:48:32 +00:00 · 0654510b0b
commit 0654510b0b
parent 25c5e7fa5e
3 changed files with 66 additions and 0 deletions
--- a/security/nss/lib/nss/nss.def
+++ b/security/nss/lib/nss/nss.def
@ -697,6 +697,8 @@ CERT_VerifyCACertForUsage;
 CERT_VerifyCertificate;
 CERT_VerifyCertificateNow;
 CERT_VerifyOCSPResponseSignature;
+PK11_ConvertSessionPrivKeyToTokenPrivKey;
+PK11_ConvertSessionSymKeyToTokenSymKey;
 PK11_GetModInfo;
 PK11_GetPBEIV;
 PK11_ImportCRL;
--- a/security/nss/lib/pk11wrap/pk11func.h
+++ b/security/nss/lib/pk11wrap/pk11func.h
@ -376,6 +376,11 @@ SECKEYPQGParams *PK11_GetPQGParamsFromPrivateKey(SECKEYPrivateKey *privKey);
 /* depricated */
 SECKEYPrivateKeyList* PK11_ListPrivateKeysInSlot(PK11SlotInfo *slot);

+PK11SymKey *PK11_ConvertSessionSymKeyToTokenSymKey(PK11SymKey *symk,
+	void *wincx);
+SECKEYPrivateKey *PK11_ConvertSessionPrivKeyToTokenPrivKey(
+	SECKEYPrivateKey *privk, void* wincx);
+
 /**********************************************************************
 *                   Certs
 **********************************************************************/
--- a/security/nss/lib/pk11wrap/pk11skey.c
+++ b/security/nss/lib/pk11wrap/pk11skey.c
@ -5096,3 +5096,62 @@ PK11_GetNextSymKey(PK11SymKey *symKey)
 {
    return symKey ? symKey->next : NULL;
 }
+
+
+SECKEYPrivateKey*
+PK11_ConvertSessionPrivKeyToTokenPrivKey(SECKEYPrivateKey *privk, void* wincx)
+{
+    PK11SlotInfo* slot = privk->pkcs11Slot;
+    CK_ATTRIBUTE template[1];
+    CK_ATTRIBUTE *attrs = template;
+    CK_BBOOL cktrue = CK_TRUE;
+    CK_RV crv;
+    CK_OBJECT_HANDLE newKeyID;
+    SECKEYPrivateKey *newKey=NULL;
+    CK_SESSION_HANDLE rwsession;
+
+    PK11_SETATTRS(attrs, CKA_TOKEN, &cktrue, sizeof(cktrue)); attrs++;
+
+    PK11_Authenticate(slot, PR_TRUE, wincx);
+    rwsession = PK11_GetRWSession(slot);
+    crv = PK11_GETTAB(slot)->C_CopyObject(rwsession, privk->pkcs11ID,
+        template, 1, &newKeyID);
+    PK11_RestoreROSession(slot, rwsession);
+
+    if (crv != CKR_OK) {
+        PORT_SetError( PK11_MapError(crv) );
+        return NULL;
+    }
+
+    return PK11_MakePrivKey(slot, nullKey /*KeyType*/, PR_FALSE /*isTemp*/,
+        newKeyID, NULL /*wincx*/);
+}
+
+PK11SymKey*
+PK11_ConvertSessionSymKeyToTokenSymKey(PK11SymKey *symk, void *wincx)
+{
+    PK11SlotInfo* slot = symk->slot;
+    CK_ATTRIBUTE template[1];
+    CK_ATTRIBUTE *attrs = template;
+    CK_BBOOL cktrue = CK_TRUE;
+    CK_RV crv;
+    CK_OBJECT_HANDLE newKeyID;
+    PK11SymKey *newKey=NULL;
+    CK_SESSION_HANDLE rwsession;
+
+    PK11_SETATTRS(attrs, CKA_TOKEN, &cktrue, sizeof(cktrue)); attrs++;
+
+    PK11_Authenticate(slot, PR_TRUE, wincx);
+    rwsession = PK11_GetRWSession(slot);
+    crv = PK11_GETTAB(slot)->C_CopyObject(rwsession, symk->objectID,
+        template, 1, &newKeyID);
+    PK11_RestoreROSession(slot, rwsession);
+
+    if (crv != CKR_OK) {
+        PORT_SetError( PK11_MapError(crv) );
+        return NULL;
+    }
+
+    return PK11_SymKeyFromHandle(slot, NULL /*parent*/, symk->origin,
+        symk->type, newKeyID, PR_FALSE /*owner*/, NULL /*wincx*/);
+}