mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-12 04:45:45 +00:00
Bug 1215779 - Remove broken (non-EC) DSA keygen code. r=keeler
This commit is contained in:
parent
ca59daf031
commit
f21d36e95a
4
config/external/nss/nss.def
vendored
4
config/external/nss/nss.def
vendored
@ -403,9 +403,6 @@ PK11_NeedLogin
|
||||
PK11_NeedUserInit
|
||||
PK11_ParamFromIV
|
||||
PK11_PBEKeyGen
|
||||
PK11_PQG_DestroyParams
|
||||
PK11_PQG_DestroyVerify
|
||||
PK11_PQG_ParamGen
|
||||
PK11_PrivDecrypt
|
||||
PK11_PrivDecryptPKCS1
|
||||
PK11_ProtectedAuthenticationPath
|
||||
@ -685,4 +682,3 @@ VFY_VerifyData
|
||||
VFY_VerifyDataWithAlgorithmID
|
||||
VFY_VerifyDigestDirect
|
||||
_SGN_VerifyPKCS1DigestInfo
|
||||
PK11_PQG_ParamGenV2
|
||||
|
@ -12,7 +12,6 @@
|
||||
#include "cryptohi.h"
|
||||
#include "base64.h"
|
||||
#include "secasn1.h"
|
||||
#include "pk11pqg.h"
|
||||
#include "nsKeygenHandler.h"
|
||||
#include "nsKeygenHandlerContent.h"
|
||||
#include "nsIServiceManager.h"
|
||||
@ -32,7 +31,6 @@
|
||||
//These defines are taken from the PKCS#11 spec
|
||||
#define CKM_RSA_PKCS_KEY_PAIR_GEN 0x00000000
|
||||
#define CKM_DH_PKCS_KEY_PAIR_GEN 0x00000020
|
||||
#define CKM_DSA_KEY_PAIR_GEN 0x00000010
|
||||
|
||||
DERTemplate SECAlgorithmIDTemplate[] = {
|
||||
{ DER_SEQUENCE,
|
||||
@ -63,72 +61,6 @@ DERTemplate CERTPublicKeyAndChallengeTemplate[] =
|
||||
{ 0, }
|
||||
};
|
||||
|
||||
const SEC_ASN1Template SECKEY_PQGParamsTemplate[] = {
|
||||
{ SEC_ASN1_SEQUENCE, 0, nullptr, sizeof(PQGParams) },
|
||||
{ SEC_ASN1_INTEGER, offsetof(PQGParams,prime) },
|
||||
{ SEC_ASN1_INTEGER, offsetof(PQGParams,subPrime) },
|
||||
{ SEC_ASN1_INTEGER, offsetof(PQGParams,base) },
|
||||
{ 0, }
|
||||
};
|
||||
|
||||
static PQGParams *
|
||||
decode_pqg_params(char *aStr)
|
||||
{
|
||||
unsigned char *buf = nullptr;
|
||||
unsigned int len;
|
||||
PLArenaPool *arena = nullptr;
|
||||
PQGParams *params = nullptr;
|
||||
SECStatus status;
|
||||
|
||||
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
|
||||
if (!arena)
|
||||
return nullptr;
|
||||
|
||||
params = static_cast<PQGParams*>(PORT_ArenaZAlloc(arena, sizeof(PQGParams)));
|
||||
if (!params)
|
||||
goto loser;
|
||||
params->arena = arena;
|
||||
|
||||
buf = ATOB_AsciiToData(aStr, &len);
|
||||
if ((!buf) || (len == 0))
|
||||
goto loser;
|
||||
|
||||
status = SEC_ASN1Decode(arena, params, SECKEY_PQGParamsTemplate, (const char*)buf, len);
|
||||
if (status != SECSuccess)
|
||||
goto loser;
|
||||
|
||||
return params;
|
||||
|
||||
loser:
|
||||
if (arena) {
|
||||
PORT_FreeArena(arena, false);
|
||||
}
|
||||
if (buf) {
|
||||
PR_Free(buf);
|
||||
}
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
static int
|
||||
pqg_prime_bits(char *str)
|
||||
{
|
||||
PQGParams *params = nullptr;
|
||||
int primeBits = 0, i;
|
||||
|
||||
params = decode_pqg_params(str);
|
||||
if (!params)
|
||||
goto done; /* lose */
|
||||
|
||||
for (i = 0; params->prime.data[i] == 0; i++)
|
||||
/* empty */;
|
||||
primeBits = (params->prime.len - i) * 8;
|
||||
|
||||
done:
|
||||
if (params)
|
||||
PK11_PQG_DestroyParams(params);
|
||||
return primeBits;
|
||||
}
|
||||
|
||||
typedef struct curveNameTagPairStr {
|
||||
const char *curveName;
|
||||
SECOidTag curveOidTag;
|
||||
@ -325,15 +257,12 @@ uint32_t MapGenMechToAlgoMech(uint32_t mechanism)
|
||||
/* We are interested in slots based on the ability to perform
|
||||
a given algorithm, not on their ability to generate keys usable
|
||||
by that algorithm. Therefore, map keygen-specific mechanism tags
|
||||
to tags for the corresponding crypto algorthm. */
|
||||
to tags for the corresponding crypto algorithm. */
|
||||
switch(mechanism)
|
||||
{
|
||||
case CKM_RSA_PKCS_KEY_PAIR_GEN:
|
||||
searchMech = CKM_RSA_PKCS;
|
||||
break;
|
||||
case CKM_DSA_KEY_PAIR_GEN:
|
||||
searchMech = CKM_DSA;
|
||||
break;
|
||||
case CKM_RC4_KEY_GEN:
|
||||
searchMech = CKM_RC4;
|
||||
break;
|
||||
@ -509,8 +438,8 @@ GatherKeygenTelemetry(uint32_t keyGenMechanism, int keysize, char* curve)
|
||||
mozilla::Telemetry::KEYGEN_GENERATED_KEY_TYPE, NS_LITERAL_CSTRING("other_ec"));
|
||||
}
|
||||
}
|
||||
} else if (keyGenMechanism == CKM_DSA_KEY_PAIR_GEN) {
|
||||
MOZ_CRASH("DSA key generation is currently unimplemented");
|
||||
} else {
|
||||
MOZ_CRASH("Unknown keygen algorithm");
|
||||
return;
|
||||
}
|
||||
}
|
||||
@ -525,9 +454,8 @@ nsKeygenFormProcessor::GetPublicKey(const nsAString& aValue,
|
||||
nsNSSShutDownPreventionLock locker;
|
||||
nsresult rv = NS_ERROR_FAILURE;
|
||||
char *keystring = nullptr;
|
||||
char *keyparamsString = nullptr, *str = nullptr;
|
||||
char *keyparamsString = nullptr;
|
||||
uint32_t keyGenMechanism;
|
||||
int32_t primeBits;
|
||||
PK11SlotInfo *slot = nullptr;
|
||||
PK11RSAGenParams rsaParams;
|
||||
SECOidTag algTag;
|
||||
@ -546,7 +474,7 @@ nsKeygenFormProcessor::GetPublicKey(const nsAString& aValue,
|
||||
nsIGeneratingKeypairInfoDialogs * dialogs;
|
||||
nsKeygenThread *KeygenRunnable = 0;
|
||||
nsCOMPtr<nsIKeygenThread> runnable;
|
||||
|
||||
|
||||
// permanent and sensitive flags for keygen
|
||||
PK11AttrFlags attrFlags = PK11_ATTR_TOKEN | PK11_ATTR_SENSITIVE | PK11_ATTR_PRIVATE;
|
||||
|
||||
@ -569,33 +497,6 @@ nsKeygenFormProcessor::GetPublicKey(const nsAString& aValue,
|
||||
// Set the keygen mechanism
|
||||
if (aKeyType.IsEmpty() || aKeyType.LowerCaseEqualsLiteral("rsa")) {
|
||||
keyGenMechanism = CKM_RSA_PKCS_KEY_PAIR_GEN;
|
||||
} else if (aKeyType.LowerCaseEqualsLiteral("dsa")) {
|
||||
char * end;
|
||||
keyparamsString = ToNewCString(aKeyParams);
|
||||
if (!keyparamsString) {
|
||||
rv = NS_ERROR_OUT_OF_MEMORY;
|
||||
goto loser;
|
||||
}
|
||||
|
||||
keyGenMechanism = CKM_DSA_KEY_PAIR_GEN;
|
||||
if (strcmp(keyparamsString, "null") == 0)
|
||||
goto loser;
|
||||
str = keyparamsString;
|
||||
bool found_match = false;
|
||||
do {
|
||||
end = strchr(str, ',');
|
||||
if (end)
|
||||
*end = '\0';
|
||||
primeBits = pqg_prime_bits(str);
|
||||
if (keysize == primeBits) {
|
||||
found_match = true;
|
||||
break;
|
||||
}
|
||||
str = end + 1;
|
||||
} while (end);
|
||||
if (!found_match) {
|
||||
goto loser;
|
||||
}
|
||||
} else if (aKeyType.LowerCaseEqualsLiteral("ec")) {
|
||||
keyparamsString = ToNewCString(aKeyParams);
|
||||
if (!keyparamsString) {
|
||||
@ -621,9 +522,6 @@ nsKeygenFormProcessor::GetPublicKey(const nsAString& aValue,
|
||||
algTag = DEFAULT_RSA_KEYGEN_ALG;
|
||||
params = &rsaParams;
|
||||
break;
|
||||
case CKM_DSA_KEY_PAIR_GEN:
|
||||
// XXX Fix this! XXX //
|
||||
goto loser;
|
||||
case CKM_EC_KEY_PAIR_GEN:
|
||||
/* XXX We ought to rethink how the KEYGEN tag is
|
||||
* displayed. The pulldown selections presented
|
||||
|
Loading…
Reference in New Issue
Block a user