Fix a crash. An attempt to move a sensitive key longer than 48 bytes

from one token to another will no longer crash.  Instead, it will fail
with the new error code SEC_ERROR_CANNOT_MOVE_SENSITIVE_KEY.  Bug 97887.
In addition, DHE key pairs are now generated with CKA_SENSITIVE false.
This commit is contained in:
nelsonb%netscape.com 2001-09-06 03:00:39 +00:00
parent 8b2a4593b8
commit e17976568a
4 changed files with 33 additions and 15 deletions

View File

@ -355,7 +355,8 @@ ER3(SEC_ERROR_BAD_NICKNAME, (SEC_ERROR_BASE + 103),
ER3(SEC_ERROR_NOT_FORTEZZA_ISSUER, (SEC_ERROR_BASE + 104),
"Peer FORTEZZA chain has a non-FORTEZZA Certificate.")
/* ER3(SEC_ERROR_UNKNOWN, (SEC_ERROR_BASE + 105), */
ER3(SEC_ERROR_CANNOT_MOVE_SENSITIVE_KEY, (SEC_ERROR_BASE + 105),
"A sensitive key cannot be moved to the slot where it is needed.")
ER3(SEC_ERROR_JS_INVALID_MODULE_NAME, (SEC_ERROR_BASE + 106),
"Invalid module name.")

View File

@ -139,11 +139,10 @@ const SEC_ASN1Template SECKEY_KEAParamsTemplate[] = {
{ 0, }
};
/*
* NOTE: This only generates RSA Private Key's. If you need more,
* We need to pass in some more params...
*/
/* Create an RSA key pair is any slot able to do so.
** The created keys are "session" (temporary), not "token" (permanent),
** and they are "sensitive", which makes them costly to move to another token.
*/
SECKEYPrivateKey *
SECKEY_CreateRSAPrivateKey(int keySizeInBits,SECKEYPublicKey **pubk, void *cx)
{
@ -160,14 +159,25 @@ SECKEY_CreateRSAPrivateKey(int keySizeInBits,SECKEYPublicKey **pubk, void *cx)
return(privk);
}
/* Create a DH key pair in any slot able to do so,
** This is a "session" (temporary), not "token" (permanent) key.
** Because of the high probability that this key will need to be moved to
** another token, and the high cost of moving "sensitive" keys, we attempt
** to create this key pair without the "sensitive" attribute, but revert to
** creating a "sensitive" key if necessary.
*/
SECKEYPrivateKey *
SECKEY_CreateDHPrivateKey(DHParams *param, SECKEYPublicKey **pubk, void *cx)
{
SECKEYPrivateKey *privk;
PK11SlotInfo *slot = PK11_GetBestSlot(CKM_DH_PKCS_KEY_PAIR_GEN,cx);
privk = PK11_GenerateKeyPair(slot,CKM_DH_PKCS_KEY_PAIR_GEN,param,pubk,
PR_FALSE, PR_TRUE, cx);
privk = PK11_GenerateKeyPair(slot, CKM_DH_PKCS_KEY_PAIR_GEN, param,
pubk, PR_FALSE, PR_FALSE, cx);
if (!privk)
privk = PK11_GenerateKeyPair(slot, CKM_DH_PKCS_KEY_PAIR_GEN, param,
pubk, PR_FALSE, PR_TRUE, cx);
PK11_FreeSlot(slot);
return(privk);
}

View File

@ -99,18 +99,25 @@ pk11_KeyExchange(PK11SlotInfo *slot,CK_MECHANISM_TYPE type,
privKeyHandle = PK11_MatchItem(slot,pubKeyHandle,CKO_PRIVATE_KEY);
}
/* if no key exits, generate a key pair */
/* if no key exists, generate a key pair */
if (privKeyHandle == CK_INVALID_KEY) {
unsigned int keyLength = PK11_GetKeyLength(symKey);
unsigned int symKeyLength = PK11_GetKeyLength(symKey);
PK11RSAGenParams rsaParams;
if (symKeyLength > 60) /* bytes */ {
/* we'd have to generate an RSA key pair > 512 bits long,
** and that's too costly. Don't even try.
*/
PORT_SetError( SEC_ERROR_CANNOT_MOVE_SENSITIVE_KEY );
goto rsa_failed;
}
rsaParams.keySizeInBits =
((keyLength == 0) || (keyLength > 16)) ? 512 : 256;
(symKeyLength > 28 || symKeyLength == 0) ? 512 : 256;
rsaParams.pe = 0x10001;
privKey = PK11_GenerateKeyPair(slot,CKM_RSA_PKCS_KEY_PAIR_GEN,
&rsaParams, &pubKey,PR_FALSE,PR_TRUE,symKey->cx);
&rsaParams, &pubKey,PR_FALSE,PR_TRUE,symKey->cx);
} else {
/* if key's exist, build SECKEY data structures for them */
/* if keys exist, build SECKEY data structures for them */
privKey = PK11_MakePrivKey(slot,nullKey, PR_TRUE, privKeyHandle,
symKey->cx);
if (privKey != NULL) {

View File

@ -149,7 +149,7 @@ SEC_ERROR_INVALID_PASSWORD = (SEC_ERROR_BASE + 101),
SEC_ERROR_RETRY_OLD_PASSWORD = (SEC_ERROR_BASE + 102),
SEC_ERROR_BAD_NICKNAME = (SEC_ERROR_BASE + 103),
SEC_ERROR_NOT_FORTEZZA_ISSUER = (SEC_ERROR_BASE + 104),
/* UNUSED (SEC_ERROR_BASE + 105) */
SEC_ERROR_CANNOT_MOVE_SENSITIVE_KEY = (SEC_ERROR_BASE + 105),
SEC_ERROR_JS_INVALID_MODULE_NAME = (SEC_ERROR_BASE + 106),
SEC_ERROR_JS_INVALID_DLL = (SEC_ERROR_BASE + 107),
SEC_ERROR_JS_ADD_MOD_FAILURE = (SEC_ERROR_BASE + 108),