My NSS version is 3.10. Because of I did some modifications on nss. I try to
add a new cipher to nss, but obviously i made some mistakes.
I don't know what's wrong. How to avoid that error? I list my modifications
here. Do I miss anything?
-------------------------------------------------------------------------------
sslsock.c modifications:
......
static cipherPolicy ssl_ciphers[] = { /* Export France */
......
#ifdef NSS_ENABLE_ECC
......
#endif /* NSS_ENABLE_ECC */
/*add for ssf33 support*/
{ SSL_RSA_WITH_SSF33_ECB_SHA, SSL_ALLOWED, SSL_NOT_ALLOWED},
//If I delete this code NSS_SetDomesticPolicy() will return SECSuccess.
/*end add*/
{ 0, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }
};
------------------------------------------------------------------------------
sslproto.h modifications:
......
#endif /* NSS_ENABLE_ECC */
/*add for ssf33 support*/
#define SSL_RSA_WITH_SSF33_ECB_SHA 0x8009
/*end add*/
/* Netscape "experimental" cipher suites. */
#define SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA 0xffe0
#define SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA 0xffe1
/* New non-experimental openly spec'ed versions of those cipher suites. */
#define SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA 0xfeff
#define SSL_RSA_FIPS_WITH_DES_CBC_SHA 0xfefe
#endif /* __sslproto_h_ */
---------------------------------------------------------------------------------
sslenum.c modifications:
const PRUint16 SSL_ImplementedCiphers[] = {
......
#ifdef NSS_ENABLE_ECC
......
#endif /* NSS_ENABLE_ECC */
......
#ifdef NSS_ENABLE_ECC
......
#endif /* NSS_ENABLE_ECC */
......
#ifdef NSS_ENABLE_ECC
......
#endif /* NSS_ENABLE_ECC */
......
#ifdef NSS_ENABLE_ECC
......
#endif /* NSS_ENABLE_ECC */
......
#ifdef NSS_ENABLE_ECC
......
#endif /* NSS_ENABLE_ECC */
......
/*add for ssf33 support*/
SSL_RSA_WITH_SSF33_ECB_SHA,
/*end add*/
0
};
-------------------------------------------------------------------------------
sslinfo.c modifications:
......
#define C_SSF33_ECB "SSF33_ECB",calg_ssf33_ecb
......
static const SSLCipherSuiteInfo suiteInfo[] = {
/* <------ Cipher suite --------------------> <auth> <KEA> <bulk cipher>
<MAC> <FIPS> */
......
/*add for ssf33 support*/
{0,CS(SSL_RSA_WITH_SSF33_ECB_SHA), S_RSA, K_RSA, C_SSF33_ECB,
B_128, M_SHA, 1, 0, 0, }
/*end add*/
};
-------------------------------------------------------------------------------
sslimpl.h
......
#define calg_ssf33_ecb ssl_calg_ssf33_ecb
......
/*modi for ssf33 support*/
#ifdef NSS_ENABLE_ECC
#define ssl_V3_SUITES_IMPLEMENTED 41/*40*/
#else
#define ssl_V3_SUITES_IMPLEMENTED 27/*26*/
#endif /* NSS_ENABLE_ECC */
/*end modify*/
......
/* The SSL bulk cipher definition */
typedef enum {
......
......
/*add for ssf33 support*/
cipher_ssf33_ecb,
/*end add*/
cipher_missing /* reserved for no such supported cipher */
/* This enum must match ssl3_cipherName[] in ssl3con.c. */
} SSL3BulkCipher;
-------------------------------------------------------------------------------
sslt.h modifications:
......
typedef enum {
ssl_calg_null = 0,
ssl_calg_rc4 = 1,
ssl_calg_rc2 = 2,
ssl_calg_des = 3,
ssl_calg_3des = 4,
ssl_calg_idea = 5,
ssl_calg_fortezza = 6, /* skipjack */
ssl_calg_aes = 7, /* coming soon */
/*add for ssf33 support*/
ssl_calg_ssf33_ecb = 8
/*end add*/
} SSLCipherAlgorithm;
......
-------------------------------------------------------------------------------
ssl3con.c modifications:
/*add for ssf33 support*/
#define CKM_SSF33_ECB CKM_VENDOR_DEFINED+33
PK11SlotInfo *ssf33KeySlot=NULL;
/*end add*/
static const SSLCipher2Mech alg2Mech[] = {
......
/*add for ssf33 support*/
{ calg_ssf33_ecb , CKM_SSF33_ECB }
/*end add*/
/* { calg_init , (CK_MECHANISM_TYPE)0x7fffffffL } */
};
......
void ssl_SetSSF33Slot(PK11SlotInfo *slot) {
if (slot != NULL)
ssf33KeySlot = slot;
}
......
static SECStatus
ssl3_GenerateSessionKeys(sslSocket *ss, const PK11SymKey *pms)
{
......
/*add for ssf33 support*/
if ((ssf33KeySlot)&&(pwSpec->client.write_key->type == CKM_SSF33_ECB)) {
newKey = pwSpec->client.write_key;
pwSpec->client.write_key = pk11_CopyToSlot(ssf33KeySlot, newKey->type,
CKA_ENCRYPT, newKey);
PK11_FreeSymKey(newKey);
}
/*end add*/
pwSpec->server.write_key =
PK11_SymKeyFromHandle(slot, symKey, PK11_OriginDerive,
bulk_mechanism, returnedKeys.hServerKey, PR_TRUE, pwArg);
if (pwSpec->server.write_key == NULL ) {
goto loser; /* loser sets err */
}
/*add for ssf33 support*/
if ((ssf33KeySlot)&&(pwSpec->server.write_key->type == CKM_SSF33_ECB)) {
newKey = pwSpec->server.write_key;
pwSpec->server.write_key = pk11_CopyToSlot(ssf33KeySlot, newKey->type,
CKA_ENCRYPT, newKey);
PK11_FreeSymKey(newKey);
}
/*end add*/
}
PK11_FreeSymKey(symKey);
return SECSuccess;
loser:
if (symKey) PK11_FreeSymKey(symKey);
ssl_MapLowLevelError(SSL_ERROR_SESSION_KEY_GEN_FAILURE);
return SECFailure;
}
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
