1
/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil -*- */
4
* Functions used by https servers to send (download) pre-encrypted files
5
* over SSL connections that use Fortezza ciphersuites.
7
* The contents of this file are subject to the Mozilla Public
8
* License Version 1.1 (the "License"); you may not use this file
9
* except in compliance with the License. You may obtain a copy of
10
* the License at http://www.mozilla.org/MPL/
12
* Software distributed under the License is distributed on an "AS
13
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
14
* implied. See the License for the specific language governing
15
* rights and limitations under the License.
17
* The Original Code is the Netscape security libraries.
19
* The Initial Developer of the Original Code is Netscape
20
* Communications Corporation. Portions created by Netscape are
21
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
26
* Alternatively, the contents of this file may be used under the
27
* terms of the GNU General Public License Version 2 or later (the
28
* "GPL"), in which case the provisions of the GPL are applicable
29
* instead of those above. If you wish to allow use of your
30
* version of this file only under the terms of the GPL and not to
31
* allow others to use your version of this file under the MPL,
32
* indicate your decision by deleting the provisions above and
33
* replace them with the notice and other provisions required by
34
* the GPL. If you do not delete the provisions above, a recipient
35
* may use your version of this file under either the MPL or the
38
* $Id: prelib.c,v 1.2 2001/02/09 02:11:30 nelsonb%netscape.com Exp $
50
static unsigned char fromHex(char x) {
51
if ((x >= '0') && (x <= '9')) return x-'0';
52
if ((x >= 'a') && (x <= 'f')) return x-'a'+10;
56
PEHeader *SSL_PreencryptedStreamToFile(PRFileDesc *fd, PEHeader *inHeader,
59
PK11SymKey *key, *tek, *Ks;
70
/* XXX set an error */
74
ss = ssl_FindSocket(fd);
79
PORT_Assert(ss->ssl3 != NULL);
80
if (ss->ssl3 == NULL) {
84
if (GetInt2(inHeader->magic) != PRE_MAGIC) {
88
oldHeaderSize = GetInt2(inHeader->len);
89
header = (PEHeader *) PORT_ZAlloc(oldHeaderSize);
94
switch (GetInt2(inHeader->type)) {
95
case PRE_FORTEZZA_FILE:
96
case PRE_FORTEZZA_GEN_STREAM:
100
*headerSize = oldHeaderSize;
101
PORT_Memcpy(header,inHeader,oldHeaderSize);
104
case PRE_FORTEZZA_STREAM:
105
*headerSize = PE_BASE_HEADER_LEN + sizeof(PEFortezzaHeader);
106
PutInt2(header->magic,PRE_MAGIC);
107
PutInt2(header->len,*headerSize);
108
PutInt2(header->type, PRE_FORTEZZA_FILE);
109
PORT_Memcpy(header->version,inHeader->version,sizeof(header->version));
110
PORT_Memcpy(header->u.fortezza.hash,inHeader->u.fortezza.hash,
111
sizeof(header->u.fortezza.hash));
112
PORT_Memcpy(header->u.fortezza.iv,inHeader->u.fortezza.iv,
113
sizeof(header->u.fortezza.iv));
115
/* get the kea context from the session */
116
tek = ss->ssl3->fortezza.tek;
123
/* get the slot and the serial number */
124
slot = PK11_GetSlotFromKey(tek);
129
rv = PK11_GetTokenInfo(slot,&info);
130
if (rv != SECSuccess) {
136
/* Look up the Token Fixed Key */
137
Ks = PK11_FindFixedKey(slot, CKM_SKIPJACK_WRAP, NULL, ss->pkcs11PinArg);
144
/* unwrap the key with the TEK */
145
item.data = inHeader->u.fortezza.key;
146
item.len = sizeof(inHeader->u.fortezza.key);
147
key = PK11_UnwrapSymKey(tek,CKM_SKIPJACK_WRAP,
148
NULL, &item, CKM_SKIPJACK_CBC64, CKA_DECRYPT, 0);
155
/* rewrap with the local Ks */
156
item.data = header->u.fortezza.key;
157
item.len = sizeof(header->u.fortezza.key);
158
rv = PK11_WrapSymKey(CKM_SKIPJACK_WRAP, NULL, Ks, key, &item);
160
PK11_FreeSymKey(key);
161
if (rv != SECSuccess) {
166
/* copy our local serial number into header */
167
for (i=0; i < sizeof(header->u.fortezza.serial); i++) {
168
header->u.fortezza.serial[i] =
169
(fromHex(info.serialNumber[i*2]) << 4) |
170
fromHex(info.serialNumber[i*2 + 1]);
173
case PRE_FIXED_STREAM:
174
/* not implemented yet */
183
* this one needs to allocate space and work for RSA & FIXED key files as well
185
PEHeader *SSL_PreencryptedFileToStream(PRFileDesc *fd, PEHeader *header,
188
PK11SymKey *key, *tek, *Ks;
194
*headerSize = 0; /* hack */
197
/* XXX set an error */
201
ss = ssl_FindSocket(fd);
206
PORT_Assert(ss->ssl3 != NULL);
207
if (ss->ssl3 == NULL) {
211
/* get the kea context from the session */
212
tek = ss->ssl3->fortezza.tek;
217
slot = PK11_GetSlotFromKey(tek);
218
if (slot == NULL) return NULL;
219
Ks = PK11_FindFixedKey(slot, CKM_SKIPJACK_WRAP, NULL, PK11_GetWindow(tek));
221
if (Ks == NULL) return NULL;
224
/* unwrap with the local Ks */
225
item.data = header->u.fortezza.key;
226
item.len = sizeof(header->u.fortezza.key);
227
/* rewrap the key with the TEK */
228
key = PK11_UnwrapSymKey(Ks,CKM_SKIPJACK_WRAP,
229
NULL, &item, CKM_SKIPJACK_CBC64, CKA_DECRYPT, 0);
235
rv = PK11_WrapSymKey(CKM_SKIPJACK_WRAP, NULL, tek, key, &item);
237
PK11_FreeSymKey(key);
238
if (rv != SECSuccess) {
242
/* copy over our local serial number */
243
PORT_Memset(header->u.fortezza.serial,0,sizeof(header->u.fortezza.serial));
245
/* change type to stream */
246
PutInt2(header->type, PRE_FORTEZZA_STREAM);