void P12Coder::macParse(
const NSS_P12_MacData &macData,
SecNssCoder &localCdr)
{
p12DecodeLog("macParse");
algIdParse(macData.mac.digestAlgorithm, NULL, localCdr);
const CSSM_DATA &iter = macData.iterations;
if(iter.Length > 4) {
p12ErrorLog("malformed iteration length (%u)\n",
(unsigned)iter.Length);
P12_THROW_DECODE;
}
}
/*
* Parse a NSS_P7_EncryptedData - specifically in the context
* of a P12 in password privacy mode. (The latter assumption is
* to enable us to infer CSSM_X509_ALGORITHM_IDENTIFIER.parameters
* format).
*/
void P12Coder::encryptedDataParse(
const NSS_P7_EncryptedData &edata,
SecNssCoder &localCdr,
NSS_P12_PBE_Params *pbep) // optional, RETURNED
{
p12DecodeLog("encryptedDataParse");
/*
* Parse the alg ID, save PBE params for when we do the decrypt
* key unwrap
*/
const NSS_P7_EncrContentInfo &ci = edata.contentInfo;
const CSSM_X509_ALGORITHM_IDENTIFIER &algId = ci.encrAlg;
algIdParse(algId, pbep, localCdr);
}
static int p12Decrypt(pkcs12_context * context, const SecAsn1AlgId *algId,
const SecAsn1Item *cipherText, SecAsn1Item *plainText)
{
NSS_P12_PBE_Params pbep;
// XXX/cs not requiring decoding, but if pbep is uninit this will fail later
algIdParse(context, algId, &pbep);
CCAlgorithm alg = 0;
uint32_t keySizeInBits = 0;
uint32_t blockSizeInBytes = 0; // for IV, optional
CCOptions options = 0;
require_noerr_quiet(pkcsOidToParams(&algId->algorithm, &alg, &keySizeInBits,
&blockSizeInBytes, &options), out);
uint32_t iterCount = 0;
require_noerr(p12DataToInt(&pbep.iterations, &iterCount), out);
/* P12 style key derivation */
SecAsn1Item key = {0, NULL};
if(keySizeInBits)
alloc_item(context, &key, (keySizeInBits+7)/8);
require_noerr(p12_pbe_gen(context->passphrase, pbep.salt.Data, pbep.salt.Length,
iterCount, PBE_ID_Key, key.Data, key.Length), out);
/* P12 style IV derivation, optional */
SecAsn1Item iv = {0, NULL};
if(blockSizeInBytes) {
alloc_item(context, &iv, blockSizeInBytes);
require_noerr(p12_pbe_gen(context->passphrase, pbep.salt.Data, pbep.salt.Length,
iterCount, PBE_ID_IV, iv.Data, iv.Length), out);
}
SecAsn1Item ourPtext = {0, NULL};
alloc_item(context, &ourPtext, cipherText->Length);
require_noerr(CCCrypt(kCCDecrypt, alg, options/*kCCOptionPKCS7Padding*/,
key.Data, key.Length, iv.Data, cipherText->Data, cipherText->Length,
ourPtext.Data, ourPtext.Length, &ourPtext.Length), out);
*plainText = ourPtext;
return 0;
out:
return -1;
}
/*
* ShroudedKeyBag parser w/decrypt
*/
void P12Coder::shroudedKeyBagParse(
const NSS_P12_SafeBag &safeBag,
SecNssCoder &localCdr)
{
p12DecodeLog("Found shrouded key bag");
if(mPrivKeyImportState == PKIS_NoMore) {
CssmError::throwMe(errSecMultiplePrivKeys);
}
const NSS_P12_ShroudedKeyBag *keyBag = safeBag.bagValue.shroudedKeyBag;
const CSSM_X509_ALGORITHM_IDENTIFIER &algId = keyBag->algorithm;
NSS_P12_PBE_Params pbep;
algIdParse(algId, &pbep, localCdr);
/*
* Prepare for decryption
*/
CSSM_ALGORITHMS keyAlg; // e.g., CSSM_ALGID_DES
CSSM_ALGORITHMS encrAlg; // e.g., CSSM_ALGID_3DES_3KEY_EDE
CSSM_ALGORITHMS pbeHashAlg; // SHA1 or MD5
uint32 keySizeInBits;
uint32 blockSizeInBytes; // for IV, optional
CSSM_PADDING padding; // CSSM_PADDING_PKCS7, etc.
CSSM_ENCRYPT_MODE mode; // CSSM_ALGMODE_CBCPadIV8, etc.
PKCS_Which pkcs;
bool found = pkcsOidToParams(&algId.algorithm,
keyAlg, encrAlg, pbeHashAlg, keySizeInBits, blockSizeInBytes,
padding, mode, pkcs);
if(!found || (pkcs != PW_PKCS12)) {
p12ErrorLog("ShroudedKeyBag encrAlg not understood\n");
CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
}
uint32 iterCount;
if(!p12DataToInt(pbep.iterations, iterCount)) {
p12ErrorLog("ShroudedKeyBag: badly formed iterCount\n");
P12_THROW_DECODE;
}
const CSSM_DATA *encrPhrase = getEncrPassPhrase();
const CSSM_KEY *passKey = getEncrPassKey();
if((encrPhrase == NULL) && (passKey == NULL)) {
p12ErrorLog("no passphrase set\n");
CssmError::throwMe(CSSMERR_CSP_MISSING_ATTR_PASSPHRASE);
}
/* We'll own the actual CSSM_KEY memory */
CSSM_KEY_PTR privKey = (CSSM_KEY_PTR)mCoder.malloc(sizeof(CSSM_KEY));
memset(privKey, 0, sizeof(CSSM_KEY));
CSSM_DATA labelData;
p12GenLabel(labelData, localCdr);
CSSM_RETURN crtn = p12UnwrapKey(mCspHand,
mDlDbHand.DLHandle ? &mDlDbHand : NULL,
mImportFlags & kSecImportKeys,
keyBag->encryptedData,
keyAlg, encrAlg, pbeHashAlg,
keySizeInBits, blockSizeInBytes,
padding, mode,
iterCount, pbep.salt,
encrPhrase,
passKey,
localCdr,
labelData,
mAccess,
mNoAcl,
mKeyUsage,
mKeyAttrs,
privKey);
if(crtn) {
p12ErrorLog("Error unwrapping private key\n");
CssmError::throwMe(crtn);
}
p12DecodeLog("unwrapped shrouded key bag");
P12KeyBag *p12bag = new P12KeyBag(privKey, mCspHand,
safeBag.bagAttrs, labelData, mCoder);
addKey(p12bag);
if(mPrivKeyImportState == PKIS_AllowOne) {
mPrivKeyImportState = PKIS_NoMore;
}
}
