/*
* Digest contexts don't need keys, but the do need to find a slot.
* Macing should use PK11_CreateContextBySymKey.
*/
PK11Context *
PK11_CreateDigestContext(SECOidTag hashAlg)
{
/* digesting has to work without authentication to the slot */
CK_MECHANISM_TYPE type;
PK11SlotInfo *slot;
PK11Context *context;
SECItem param;
type = PK11_AlgtagToMechanism(hashAlg);
slot = PK11_GetBestSlot(type, NULL);
if (slot == NULL) {
PORT_SetError( SEC_ERROR_NO_MODULE );
return NULL;
}
/* maybe should really be PK11_GenerateNewParam?? */
param.data = NULL;
param.len = 0;
param.type = 0;
context = pk11_CreateNewContextInSlot(type, slot, CKA_DIGEST, NULL, ¶m);
PK11_FreeSlot(slot);
return context;
}
/*
* NSS_CMSUtil_DecryptSymKey_RSA - unwrap a RSA-wrapped symmetric key
*
* this function takes an RSA-wrapped symmetric key and unwraps it, returning a symmetric
* key handle. Please note that the actual unwrapped key data may not be allowed to leave
* a hardware token...
*/
PK11SymKey *
NSS_CMSUtil_DecryptSymKey_RSA(SECKEYPrivateKey *privkey, SECItem *encKey, SECOidTag bulkalgtag)
{
/* that's easy */
CK_MECHANISM_TYPE target;
PORT_Assert(bulkalgtag != SEC_OID_UNKNOWN);
target = PK11_AlgtagToMechanism(bulkalgtag);
if (bulkalgtag == SEC_OID_UNKNOWN || target == CKM_INVALID_MECHANISM) {
PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
return NULL;
}
return PK11_PubUnwrapSymKey(privkey, encKey, target, CKA_DECRYPT, 0);
}
CK_MECHANISM_TYPE
crmf_get_mechanism_from_public_key(SECKEYPublicKey *inPubKey)
{
CERTSubjectPublicKeyInfo *spki = NULL;
SECOidTag tag;
spki = SECKEY_CreateSubjectPublicKeyInfo(inPubKey);
if (spki == NULL) {
return CKM_INVALID_MECHANISM;
}
tag = SECOID_FindOIDTag(&spki->algorithm.algorithm);
SECKEY_DestroySubjectPublicKeyInfo(spki);
spki = NULL;
return PK11_AlgtagToMechanism(tag);
}
SECStatus
NSS_CMSUtil_EncryptSymKey_RSAPubKey(PLArenaPool *poolp,
SECKEYPublicKey *publickey,
PK11SymKey *bulkkey, SECItem *encKey)
{
SECStatus rv;
int data_len;
KeyType keyType;
void *mark = NULL;
mark = PORT_ArenaMark(poolp);
if (!mark)
goto loser;
/* sanity check */
keyType = SECKEY_GetPublicKeyType(publickey);
PORT_Assert(keyType == rsaKey);
if (keyType != rsaKey) {
goto loser;
}
/* allocate memory for the encrypted key */
data_len = SECKEY_PublicKeyStrength(publickey); /* block size (assumed to be > keylen) */
encKey->data = (unsigned char*)PORT_ArenaAlloc(poolp, data_len);
encKey->len = data_len;
if (encKey->data == NULL)
goto loser;
/* encrypt the key now */
rv = PK11_PubWrapSymKey(PK11_AlgtagToMechanism(SEC_OID_PKCS1_RSA_ENCRYPTION),
publickey, bulkkey, encKey);
if (rv != SECSuccess)
goto loser;
PORT_ArenaUnmark(poolp, mark);
return SECSuccess;
loser:
if (mark) {
PORT_ArenaRelease(poolp, mark);
}
return SECFailure;
}
/*
* Create a cipher object to do encryption, based on the given bulk
* encryption key and algorithm tag. Fill in the algorithm identifier
* (which may include an iv) appropriately.
*
* XXX This interface, or one similar, would be really nice available
* in general... I tried to keep the pkcs7-specific stuff (mostly
* having to do with padding) out of here.
*
* XXX Once both are working, it might be nice to combine this and the
* function above (for starting up decryption) into one routine, and just
* have two simple cover functions which call it.
*/
sec_PKCS7CipherObject *
sec_PKCS7CreateEncryptObject (PRArenaPool *poolp, PK11SymKey *key,
SECOidTag algtag, SECAlgorithmID *algid)
{
sec_PKCS7CipherObject *result;
void *ciphercx;
SECStatus rv;
CK_MECHANISM_TYPE cryptoMechType;
PK11SlotInfo *slot;
SECItem *param = NULL;
PRBool needToEncodeAlgid = PR_FALSE;
result = (struct sec_pkcs7_cipher_object*)
PORT_ZAlloc (sizeof(struct sec_pkcs7_cipher_object));
if (result == NULL)
return NULL;
ciphercx = NULL;
if (SEC_PKCS5IsAlgorithmPBEAlg(algid)) {
SECItem *pwitem;
pwitem = (SECItem *)PK11_GetSymKeyUserData(key);
if (!pwitem) {
PORT_Free(result);
return NULL;
}
cryptoMechType = PK11_GetPBECryptoMechanism(algid, ¶m, pwitem);
if (cryptoMechType == CKM_INVALID_MECHANISM) {
PORT_Free(result);
SECITEM_FreeItem(param,PR_TRUE);
return NULL;
}
} else {
cryptoMechType = PK11_AlgtagToMechanism(algtag);
param = PK11_GenerateNewParam(cryptoMechType, key);
if (param == NULL) {
PORT_Free(result);
return NULL;
}
needToEncodeAlgid = PR_TRUE;
}
result->pad_size = PK11_GetBlockSize(cryptoMechType,param);
slot = PK11_GetSlotFromKey(key);
result->block_size = PK11_IsHW(slot) ? BLOCK_SIZE : result->pad_size;
PK11_FreeSlot(slot);
ciphercx = PK11_CreateContextBySymKey(cryptoMechType, CKA_ENCRYPT,
key, param);
if (ciphercx == NULL) {
PORT_Free (result);
SECITEM_FreeItem(param,PR_TRUE);
return NULL;
}
/*
* These are placed after the CreateContextBySymKey() because some
* mechanisms have to generate their IVs from their card (i.e. FORTEZZA).
* Don't move it from here.
*/
if (needToEncodeAlgid) {
rv = PK11_ParamToAlgid(algtag,param,poolp,algid);
if(rv != SECSuccess) {
PORT_Free (result);
SECITEM_FreeItem(param,PR_TRUE);
return NULL;
}
}
SECITEM_FreeItem(param,PR_TRUE);
result->cx = ciphercx;
result->doit = (sec_pkcs7_cipher_function) PK11_CipherOp;
result->destroy = (sec_pkcs7_cipher_destroy) PK11_DestroyContext;
result->encrypt = PR_TRUE;
result->pending_count = 0;
return result;
}
static int
sm_encrypt(CamelCipherContext *context, const char *userid, GPtrArray *recipients, CamelMimePart *ipart, CamelMimePart *opart, CamelException *ex)
{
struct _CamelSMIMEContextPrivate *p = ((CamelSMIMEContext *)context)->priv;
/*NSSCMSRecipientInfo **recipient_infos;*/
CERTCertificate **recipient_certs = NULL;
NSSCMSContentInfo *cinfo;
PK11SymKey *bulkkey = NULL;
SECOidTag bulkalgtag;
int bulkkeysize, i;
CK_MECHANISM_TYPE type;
PK11SlotInfo *slot;
PLArenaPool *poolp;
NSSCMSMessage *cmsg = NULL;
NSSCMSEnvelopedData *envd;
NSSCMSEncoderContext *enc = NULL;
CamelStreamMem *mem;
CamelStream *ostream = NULL;
CamelDataWrapper *dw;
CamelContentType *ct;
poolp = PORT_NewArena(1024);
if (poolp == NULL) {
camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, g_strerror (ENOMEM));
return -1;
}
/* Lookup all recipients certs, for later working */
recipient_certs = (CERTCertificate **)PORT_ArenaZAlloc(poolp, sizeof(*recipient_certs[0])*(recipients->len + 1));
if (recipient_certs == NULL) {
camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, g_strerror (ENOMEM));
goto fail;
}
for (i=0;i<recipients->len;i++) {
recipient_certs[i] = CERT_FindCertByNicknameOrEmailAddr(p->certdb, recipients->pdata[i]);
if (recipient_certs[i] == NULL) {
camel_exception_setv(ex, CAMEL_EXCEPTION_SYSTEM, _("Cannot find certificate for `%s'"), recipients->pdata[i]);
goto fail;
}
}
/* Find a common algorithm, probably 3DES anyway ... */
if (NSS_SMIMEUtil_FindBulkAlgForRecipients(recipient_certs, &bulkalgtag, &bulkkeysize) != SECSuccess) {
camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, _("Cannot find common bulk encryption algorithm"));
goto fail;
}
/* Generate a new bulk key based on the common algorithm - expensive */
type = PK11_AlgtagToMechanism(bulkalgtag);
slot = PK11_GetBestSlot(type, context);
if (slot == NULL) {
/* PORT_GetError(); ?? */
camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, _("Cannot allocate slot for encryption bulk key"));
goto fail;
}
bulkkey = PK11_KeyGen(slot, type, NULL, bulkkeysize/8, context);
PK11_FreeSlot(slot);
/* Now we can start building the message */
/* msg->envelopedData->data */
cmsg = NSS_CMSMessage_Create(NULL);
if (cmsg == NULL) {
camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, _("Cannot create CMS Message"));
goto fail;
}
envd = NSS_CMSEnvelopedData_Create(cmsg, bulkalgtag, bulkkeysize);
if (envd == NULL) {
camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, _("Cannot create CMS Enveloped data"));
goto fail;
}
cinfo = NSS_CMSMessage_GetContentInfo(cmsg);
if (NSS_CMSContentInfo_SetContent_EnvelopedData(cmsg, cinfo, envd) != SECSuccess) {
camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, _("Cannot attach CMS Enveloped data"));
goto fail;
}
cinfo = NSS_CMSEnvelopedData_GetContentInfo(envd);
if (NSS_CMSContentInfo_SetContent_Data(cmsg, cinfo, NULL, PR_FALSE) != SECSuccess) {
camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, _("Cannot attach CMS data object"));
goto fail;
}
/* add recipient certs */
for (i=0;recipient_certs[i];i++) {
NSSCMSRecipientInfo *ri = NSS_CMSRecipientInfo_Create(cmsg, recipient_certs[i]);
if (ri == NULL) {
camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, _("Cannot create CMS Recipient information"));
goto fail;
}
if (NSS_CMSEnvelopedData_AddRecipient(envd, ri) != SECSuccess) {
camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, _("Cannot add CMS Recipient information"));
goto fail;
}
}
/* dump it out */
ostream = camel_stream_mem_new();
enc = NSS_CMSEncoder_Start(cmsg,
sm_write_stream, ostream,
NULL, NULL,
NULL, NULL,
sm_decrypt_key, bulkkey,
NULL, NULL);
if (enc == NULL) {
camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, _("Cannot create encoder context"));
goto fail;
}
/* FIXME: Stream the input */
/* FIXME: Canonicalise the input? */
mem = (CamelStreamMem *)camel_stream_mem_new();
camel_data_wrapper_write_to_stream((CamelDataWrapper *)ipart, (CamelStream *)mem);
if (NSS_CMSEncoder_Update(enc, (char *) mem->buffer->data, mem->buffer->len) != SECSuccess) {
NSS_CMSEncoder_Cancel(enc);
camel_object_unref(mem);
camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, _("Failed to add data to encoder"));
goto fail;
}
camel_object_unref(mem);
if (NSS_CMSEncoder_Finish(enc) != SECSuccess) {
camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, _("Failed to encode data"));
goto fail;
}
PK11_FreeSymKey(bulkkey);
NSS_CMSMessage_Destroy(cmsg);
for (i=0;recipient_certs[i];i++)
CERT_DestroyCertificate(recipient_certs[i]);
PORT_FreeArena(poolp, PR_FALSE);
dw = camel_data_wrapper_new();
camel_data_wrapper_construct_from_stream(dw, ostream);
camel_object_unref(ostream);
dw->encoding = CAMEL_TRANSFER_ENCODING_BINARY;
ct = camel_content_type_new("application", "x-pkcs7-mime");
camel_content_type_set_param(ct, "name", "smime.p7m");
camel_content_type_set_param(ct, "smime-type", "enveloped-data");
camel_data_wrapper_set_mime_type_field(dw, ct);
camel_content_type_unref(ct);
camel_medium_set_content_object((CamelMedium *)opart, dw);
camel_object_unref(dw);
camel_mime_part_set_disposition(opart, "attachment");
camel_mime_part_set_filename(opart, "smime.p7m");
camel_mime_part_set_description(opart, "S/MIME Encrypted Message");
camel_mime_part_set_encoding(opart, CAMEL_TRANSFER_ENCODING_BASE64);
return 0;
fail:
if (ostream)
camel_object_unref(ostream);
if (cmsg)
NSS_CMSMessage_Destroy(cmsg);
if (bulkkey)
PK11_FreeSymKey(bulkkey);
if (recipient_certs) {
for (i=0;recipient_certs[i];i++)
CERT_DestroyCertificate(recipient_certs[i]);
}
PORT_FreeArena(poolp, PR_FALSE);
return -1;
}
/*
* NSS_CMSEnvelopedData_Encode_BeforeStart - prepare this envelopedData for encoding
*
* at this point, we need
* - recipientinfos set up with recipient's certificates
* - a content encryption algorithm (if none, 3DES will be used)
*
* this function will generate a random content encryption key (aka bulk key),
* initialize the recipientinfos with certificate identification and wrap the bulk key
* using the proper algorithm for every certificiate.
* it will finally set the bulk algorithm and key so that the encode step can find it.
*/
SECStatus
NSS_CMSEnvelopedData_Encode_BeforeStart(NSSCMSEnvelopedData *envd)
{
int version;
NSSCMSRecipientInfo **recipientinfos;
NSSCMSContentInfo *cinfo;
PK11SymKey *bulkkey = NULL;
SECOidTag bulkalgtag;
CK_MECHANISM_TYPE type;
PK11SlotInfo *slot;
SECStatus rv;
SECItem *dummy;
PLArenaPool *poolp;
extern const SEC_ASN1Template NSSCMSRecipientInfoTemplate[];
void *mark = NULL;
int i;
poolp = envd->cmsg->poolp;
cinfo = &(envd->contentInfo);
recipientinfos = envd->recipientInfos;
if (recipientinfos == NULL) {
PORT_SetError(SEC_ERROR_BAD_DATA);
#if 0
PORT_SetErrorString("Cannot find recipientinfos to encode.");
#endif
goto loser;
}
version = NSS_CMS_ENVELOPED_DATA_VERSION_REG;
if (envd->originatorInfo != NULL || envd->unprotectedAttr != NULL) {
version = NSS_CMS_ENVELOPED_DATA_VERSION_ADV;
} else {
for (i = 0; recipientinfos[i] != NULL; i++) {
if (NSS_CMSRecipientInfo_GetVersion(recipientinfos[i]) != 0) {
version = NSS_CMS_ENVELOPED_DATA_VERSION_ADV;
break;
}
}
}
dummy = SEC_ASN1EncodeInteger(poolp, &(envd->version), version);
if (dummy == NULL)
goto loser;
/* now we need to have a proper content encryption algorithm
* on the SMIME level, we would figure one out by looking at SMIME capabilities
* we cannot do that on our level, so if none is set already, we'll just go
* with one of the mandatory algorithms (3DES) */
if ((bulkalgtag = NSS_CMSContentInfo_GetContentEncAlgTag(cinfo)) == SEC_OID_UNKNOWN) {
rv = NSS_CMSContentInfo_SetContentEncAlg(poolp, cinfo, SEC_OID_DES_EDE3_CBC, NULL, 168);
if (rv != SECSuccess)
goto loser;
bulkalgtag = SEC_OID_DES_EDE3_CBC;
}
/* generate a random bulk key suitable for content encryption alg */
type = PK11_AlgtagToMechanism(bulkalgtag);
slot = PK11_GetBestSlot(type, envd->cmsg->pwfn_arg);
if (slot == NULL)
goto loser; /* error has been set by PK11_GetBestSlot */
/* this is expensive... */
bulkkey = PK11_KeyGen(slot, type, NULL, NSS_CMSContentInfo_GetBulkKeySize(cinfo) / 8, envd->cmsg->pwfn_arg);
PK11_FreeSlot(slot);
if (bulkkey == NULL)
goto loser; /* error has been set by PK11_KeyGen */
mark = PORT_ArenaMark(poolp);
/* Encrypt the bulk key with the public key of each recipient. */
for (i = 0; recipientinfos[i] != NULL; i++) {
rv = NSS_CMSRecipientInfo_WrapBulkKey(recipientinfos[i], bulkkey, bulkalgtag);
if (rv != SECSuccess)
goto loser; /* error has been set by NSS_CMSRecipientInfo_EncryptBulkKey */
/* could be: alg not supported etc. */
}
/* the recipientinfos are all finished. now sort them by DER for SET OF encoding */
rv = NSS_CMSArray_SortByDER((void **)envd->recipientInfos, NSSCMSRecipientInfoTemplate, NULL);
if (rv != SECSuccess)
goto loser; /* error has been set by NSS_CMSArray_SortByDER */
/* store the bulk key in the contentInfo so that the encoder can find it */
NSS_CMSContentInfo_SetBulkKey(cinfo, bulkkey);
PORT_ArenaUnmark(poolp, mark);
PK11_FreeSymKey(bulkkey);
return SECSuccess;
loser:
if (mark != NULL)
PORT_ArenaRelease (poolp, mark);
if (bulkkey)
PK11_FreeSymKey(bulkkey);
return SECFailure;
}
SECStatus
NSS_CMSUtil_EncryptSymKey_ESDH(PLArenaPool *poolp, CERTCertificate *cert, PK11SymKey *key,
SECItem *encKey, SECItem **ukm, SECAlgorithmID *keyEncAlg,
SECItem *pubKey)
{
#if 0 /* not yet done */
SECOidTag certalgtag; /* the certificate's encryption algorithm */
SECOidTag encalgtag; /* the algorithm used for key exchange/agreement */
SECStatus rv;
SECItem *params = NULL;
int data_len;
SECStatus err;
PK11SymKey *tek;
CERTCertificate *ourCert;
SECKEYPublicKey *ourPubKey;
NSSCMSKEATemplateSelector whichKEA = NSSCMSKEAInvalid;
certalgtag = SECOID_GetAlgorithmTag(&(cert->subjectPublicKeyInfo.algorithm));
PORT_Assert(certalgtag == SEC_OID_X942_DIFFIE_HELMAN_KEY);
/* We really want to show our KEA tag as the key exchange algorithm tag. */
encalgtag = SEC_OID_CMS_EPHEMERAL_STATIC_DIFFIE_HELLMAN;
/* Get the public key of the recipient. */
publickey = CERT_ExtractPublicKey(cert);
if (publickey == NULL) goto loser;
/* XXXX generate a DH key pair on a PKCS11 module (XXX which parameters?) */
/* XXXX */ourCert = PK11_FindBestKEAMatch(cert, wincx);
if (ourCert == NULL) goto loser;
arena = PORT_NewArena(1024);
if (arena == NULL) goto loser;
/* While we're here, extract the key pair's public key data and copy it into */
/* the outgoing parameters. */
/* XXXX */ourPubKey = CERT_ExtractPublicKey(ourCert);
if (ourPubKey == NULL)
{
goto loser;
}
SECITEM_CopyItem(arena, pubKey, /* XXX */&(ourPubKey->u.fortezza.KEAKey));
SECKEY_DestroyPublicKey(ourPubKey); /* we only need the private key from now on */
ourPubKey = NULL;
/* Extract our private key in order to derive the KEA key. */
ourPrivKey = PK11_FindKeyByAnyCert(ourCert,wincx);
CERT_DestroyCertificate(ourCert); /* we're done with this */
if (!ourPrivKey) goto loser;
/* If ukm desired, prepare it - allocate enough space (filled with zeros). */
if (ukm) {
ukm->data = (unsigned char*)PORT_ArenaZAlloc(arena,/* XXXX */);
ukm->len = /* XXXX */;
}
/* Generate the KEK (key exchange key) according to RFC2631 which we use
* to wrap the bulk encryption key. */
kek = PK11_PubDerive(ourPrivKey, publickey, PR_TRUE,
ukm, NULL,
/* XXXX */CKM_KEA_KEY_DERIVE, /* XXXX */CKM_SKIPJACK_WRAP,
CKA_WRAP, 0, wincx);
SECKEY_DestroyPublicKey(publickey);
SECKEY_DestroyPrivateKey(ourPrivKey);
publickey = NULL;
ourPrivKey = NULL;
if (!kek)
goto loser;
/* allocate space for the encrypted CEK (bulk key) */
encKey->data = (unsigned char*)PORT_ArenaAlloc(poolp, SMIME_FORTEZZA_MAX_KEY_SIZE);
encKey->len = SMIME_FORTEZZA_MAX_KEY_SIZE;
if (encKey->data == NULL)
{
PK11_FreeSymKey(kek);
goto loser;
}
/* Wrap the bulk key using CMSRC2WRAP or CMS3DESWRAP, depending on the */
/* bulk encryption algorithm */
switch (/* XXXX */PK11_AlgtagToMechanism(enccinfo->encalg))
{
case /* XXXX */CKM_SKIPJACK_CFB8:
err = PK11_WrapSymKey(/* XXXX */CKM_CMS3DES_WRAP, NULL, kek, bulkkey, encKey);
whichKEA = NSSCMSKEAUsesSkipjack;
break;
case /* XXXX */CKM_SKIPJACK_CFB8:
err = PK11_WrapSymKey(/* XXXX */CKM_CMSRC2_WRAP, NULL, kek, bulkkey, encKey);
whichKEA = NSSCMSKEAUsesSkipjack;
break;
default:
/* XXXX what do we do here? Neither RC2 nor 3DES... */
err = SECFailure;
/* set error */
break;
}
PK11_FreeSymKey(kek); /* we do not need the KEK anymore */
if (err != SECSuccess)
goto loser;
PORT_Assert(whichKEA != NSSCMSKEAInvalid);
/* see RFC2630 12.3.1.1 "keyEncryptionAlgorithm must be ..." */
/* params is the DER encoded key wrap algorithm (with parameters!) (XXX) */
params = SEC_ASN1EncodeItem(arena, NULL, &keaParams, sec_pkcs7_get_kea_template(whichKEA));
if (params == NULL)
goto loser;
/* now set keyEncAlg */
rv = SECOID_SetAlgorithmID(poolp, keyEncAlg, SEC_OID_CMS_EPHEMERAL_STATIC_DIFFIE_HELLMAN, params);
if (rv != SECSuccess)
goto loser;
/* XXXXXXX this is not right yet */
loser:
if (arena) {
PORT_FreeArena(arena, PR_FALSE);
}
if (publickey) {
SECKEY_DestroyPublicKey(publickey);
}
if (ourPrivKey) {
SECKEY_DestroyPrivateKey(ourPrivKey);
}
#endif
return SECFailure;
}
/**
* @brief Create a key from the given passphrase. By default, the PBKDF2
* algorithm is used to generate the key from the passphrase. It is expected
* that the same pass phrase will generate the same key, regardless of the
* backend crypto platform used. The key is cleaned up when the context
* is cleaned, and may be reused with multiple encryption or decryption
* operations.
* @note If *key is NULL, a apr_crypto_key_t will be created from a pool. If
* *key is not NULL, *key must point at a previously created structure.
* @param key The key returned, see note.
* @param ivSize The size of the initialisation vector will be returned, based
* on whether an IV is relevant for this type of crypto.
* @param pass The passphrase to use.
* @param passLen The passphrase length in bytes
* @param salt The salt to use.
* @param saltLen The salt length in bytes
* @param type 3DES_192, AES_128, AES_192, AES_256.
* @param mode Electronic Code Book / Cipher Block Chaining.
* @param doPad Pad if necessary.
* @param iterations Iteration count
* @param f The context to use.
* @param p The pool to use.
* @return Returns APR_ENOKEY if the pass phrase is missing or empty, or if a backend
* error occurred while generating the key. APR_ENOCIPHER if the type or mode
* is not supported by the particular backend. APR_EKEYTYPE if the key type is
* not known. APR_EPADDING if padding was requested but is not supported.
* APR_ENOTIMPL if not implemented.
*/
static apr_status_t crypto_passphrase(apr_crypto_key_t **k, apr_size_t *ivSize,
const char *pass, apr_size_t passLen, const unsigned char * salt,
apr_size_t saltLen, const apr_crypto_block_key_type_e type,
const apr_crypto_block_key_mode_e mode, const int doPad,
const int iterations, const apr_crypto_t *f, apr_pool_t *p)
{
apr_status_t rv = APR_SUCCESS;
PK11SlotInfo * slot;
SECItem passItem;
SECItem saltItem;
SECAlgorithmID *algid;
void *wincx = NULL; /* what is wincx? */
apr_crypto_key_t *key = *k;
if (!key) {
*k = key = apr_array_push(f->keys);
}
if (!key) {
return APR_ENOMEM;
}
key->f = f;
key->provider = f->provider;
/* decide on what cipher mechanism we will be using */
switch (type) {
case (APR_KEY_3DES_192):
if (APR_MODE_CBC == mode) {
key->cipherOid = SEC_OID_DES_EDE3_CBC;
}
else if (APR_MODE_ECB == mode) {
return APR_ENOCIPHER;
/* No OID for CKM_DES3_ECB; */
}
break;
case (APR_KEY_AES_128):
if (APR_MODE_CBC == mode) {
key->cipherOid = SEC_OID_AES_128_CBC;
}
else {
key->cipherOid = SEC_OID_AES_128_ECB;
}
break;
case (APR_KEY_AES_192):
if (APR_MODE_CBC == mode) {
key->cipherOid = SEC_OID_AES_192_CBC;
}
else {
key->cipherOid = SEC_OID_AES_192_ECB;
}
break;
case (APR_KEY_AES_256):
if (APR_MODE_CBC == mode) {
key->cipherOid = SEC_OID_AES_256_CBC;
}
else {
key->cipherOid = SEC_OID_AES_256_ECB;
}
break;
default:
/* unknown key type, give up */
return APR_EKEYTYPE;
}
/* AES_128_CBC --> CKM_AES_CBC --> CKM_AES_CBC_PAD */
key->cipherMech = PK11_AlgtagToMechanism(key->cipherOid);
if (key->cipherMech == CKM_INVALID_MECHANISM) {
return APR_ENOCIPHER;
}
if (doPad) {
CK_MECHANISM_TYPE paddedMech;
paddedMech = PK11_GetPadMechanism(key->cipherMech);
if (CKM_INVALID_MECHANISM == paddedMech || key->cipherMech
== paddedMech) {
return APR_EPADDING;
}
key->cipherMech = paddedMech;
}
/* Turn the raw passphrase and salt into SECItems */
passItem.data = (unsigned char*) pass;
passItem.len = passLen;
saltItem.data = (unsigned char*) salt;
saltItem.len = saltLen;
/* generate the key */
/* pbeAlg and cipherAlg are the same. NSS decides the keylength. */
algid = PK11_CreatePBEV2AlgorithmID(key->cipherOid, key->cipherOid,
SEC_OID_HMAC_SHA1, 0, iterations, &saltItem);
if (algid) {
slot = PK11_GetBestSlot(key->cipherMech, wincx);
if (slot) {
key->symKey = PK11_PBEKeyGen(slot, algid, &passItem, PR_FALSE,
wincx);
PK11_FreeSlot(slot);
}
SECOID_DestroyAlgorithmID(algid, PR_TRUE);
}
/* sanity check? */
if (!key->symKey) {
PRErrorCode perr = PORT_GetError();
if (perr) {
f->result->rc = perr;
f->result->msg = PR_ErrorToName(perr);
rv = APR_ENOKEY;
}
}
key->ivSize = PK11_GetIVLength(key->cipherMech);
if (ivSize) {
*ivSize = key->ivSize;
}
return rv;
}
/*
* NSS_CMSCipherContext_StartEncrypt - create a cipher object to do encryption,
* based on the given bulk encryption key and algorithm tag. Fill in the
* algorithm identifier (which may include an iv) appropriately.
*
* XXX Once both are working, it might be nice to combine this and the
* function above (for starting up decryption) into one routine, and just
* have two simple cover functions which call it.
*/
NSSCMSCipherContext *
NSS_CMSCipherContext_StartEncrypt(PLArenaPool *poolp, PK11SymKey *key, SECAlgorithmID *algid)
{
NSSCMSCipherContext *cc;
void *ciphercx;
SECStatus rv;
CK_MECHANISM_TYPE cryptoMechType;
PK11SlotInfo *slot;
SECItem *param = NULL;
PRBool needToEncodeAlgid = PR_FALSE;
SECOidTag algtag = SECOID_GetAlgorithmTag(algid);
/* set param and mechanism */
if (SEC_PKCS5IsAlgorithmPBEAlg(algid)) {
SECItem *pwitem;
pwitem = PK11_GetSymKeyUserData(key);
if (!pwitem)
return NULL;
cryptoMechType = PK11_GetPBECryptoMechanism(algid, ¶m, pwitem);
if (cryptoMechType == CKM_INVALID_MECHANISM) {
SECITEM_FreeItem(param,PR_TRUE);
return NULL;
}
} else {
cryptoMechType = PK11_AlgtagToMechanism(algtag);
if ((param = PK11_GenerateNewParam(cryptoMechType, key)) == NULL)
return NULL;
needToEncodeAlgid = PR_TRUE;
}
cc = (NSSCMSCipherContext *)PORT_ZAlloc(sizeof(NSSCMSCipherContext));
if (cc == NULL) {
goto loser;
}
/* now find pad and block sizes for our mechanism */
cc->pad_size = PK11_GetBlockSize(cryptoMechType, param);
slot = PK11_GetSlotFromKey(key);
cc->block_size = PK11_IsHW(slot) ? BLOCK_SIZE : cc->pad_size;
PK11_FreeSlot(slot);
/* and here we go, creating a PK11 cipher context */
ciphercx = PK11_CreateContextBySymKey(cryptoMechType, CKA_ENCRYPT,
key, param);
if (ciphercx == NULL) {
PORT_Free(cc);
cc = NULL;
goto loser;
}
/*
* These are placed after the CreateContextBySymKey() because some
* mechanisms have to generate their IVs from their card (i.e. FORTEZZA).
* Don't move it from here.
* XXX is that right? the purpose of this is to get the correct algid
* containing the IVs etc. for encoding. this means we need to set this up
* BEFORE encoding the algid in the contentInfo, right?
*/
if (needToEncodeAlgid) {
rv = PK11_ParamToAlgid(algtag, param, poolp, algid);
if(rv != SECSuccess) {
PORT_Free(cc);
cc = NULL;
goto loser;
}
}
cc->cx = ciphercx;
cc->doit = (nss_cms_cipher_function)PK11_CipherOp;
cc->destroy = (nss_cms_cipher_destroy)PK11_DestroyContext;
cc->encrypt = PR_TRUE;
cc->pending_count = 0;
loser:
SECITEM_FreeItem(param, PR_TRUE);
return cc;
}
/* turn a PKCS #11 parameter into a DER Encoded Algorithm ID */
SECStatus
PK11_ParamToAlgid(SECOidTag algTag, SECItem *param,
PRArenaPool *arena, SECAlgorithmID *algid) {
CK_RC2_CBC_PARAMS *rc2_params;
sec_rc2cbcParameter rc2;
CK_RC5_CBC_PARAMS *rc5_params;
sec_rc5cbcParameter rc5;
CK_MECHANISM_TYPE type = PK11_AlgtagToMechanism(algTag);
SECItem *newParams = NULL;
SECStatus rv = SECFailure;
unsigned long rc2version;
switch (type) {
case CKM_RC4:
case CKM_SEED_ECB:
case CKM_CAMELLIA_ECB:
case CKM_AES_ECB:
case CKM_DES_ECB:
case CKM_DES3_ECB:
case CKM_IDEA_ECB:
case CKM_CDMF_ECB:
case CKM_CAST_ECB:
case CKM_CAST3_ECB:
case CKM_CAST5_ECB:
newParams = NULL;
rv = SECSuccess;
break;
case CKM_RC2_ECB:
break;
case CKM_RC2_CBC:
case CKM_RC2_CBC_PAD:
rc2_params = (CK_RC2_CBC_PARAMS *)param->data;
rc2version = rc2_unmap(rc2_params->ulEffectiveBits);
if (SEC_ASN1EncodeUnsignedInteger (NULL, &(rc2.rc2ParameterVersion),
rc2version) == NULL)
break;
rc2.iv.data = rc2_params->iv;
rc2.iv.len = sizeof(rc2_params->iv);
newParams = SEC_ASN1EncodeItem (NULL, NULL, &rc2,
sec_rc2cbc_parameter_template);
PORT_Free(rc2.rc2ParameterVersion.data);
if (newParams == NULL)
break;
rv = SECSuccess;
break;
case CKM_RC5_ECB: /* well not really... */
break;
case CKM_RC5_CBC:
case CKM_RC5_CBC_PAD:
rc5_params = (CK_RC5_CBC_PARAMS *)param->data;
if (SEC_ASN1EncodeUnsignedInteger (NULL, &rc5.version, RC5_V10) == NULL)
break;
if (SEC_ASN1EncodeUnsignedInteger (NULL, &rc5.blockSizeInBits,
rc5_params->ulWordsize*8) == NULL) {
PORT_Free(rc5.version.data);
break;
}
if (SEC_ASN1EncodeUnsignedInteger (NULL, &rc5.rounds,
rc5_params->ulWordsize*8) == NULL) {
PORT_Free(rc5.blockSizeInBits.data);
PORT_Free(rc5.version.data);
break;
}
rc5.iv.data = rc5_params->pIv;
rc5.iv.len = rc5_params->ulIvLen;
newParams = SEC_ASN1EncodeItem (NULL, NULL, &rc5,
sec_rc5cbc_parameter_template);
PORT_Free(rc5.version.data);
PORT_Free(rc5.blockSizeInBits.data);
PORT_Free(rc5.rounds.data);
if (newParams == NULL)
break;
rv = SECSuccess;
break;
case CKM_PBE_MD2_DES_CBC:
case CKM_PBE_MD5_DES_CBC:
case CKM_NETSCAPE_PBE_SHA1_DES_CBC:
case CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC:
case CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC:
case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC:
case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC:
case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4:
case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4:
case CKM_PBE_SHA1_DES3_EDE_CBC:
case CKM_PBE_SHA1_DES2_EDE_CBC:
case CKM_PBE_SHA1_RC2_40_CBC:
case CKM_PBE_SHA1_RC2_128_CBC:
case CKM_PBE_SHA1_RC4_40:
case CKM_PBE_SHA1_RC4_128:
return PBE_PK11ParamToAlgid(algTag, param, arena, algid);
default:
if (pk11_lookup(type)->iv == 0) {
rv = SECSuccess;
newParams = NULL;
break;
}
case CKM_SEED_CBC:
case CKM_CAMELLIA_CBC:
case CKM_AES_CBC:
case CKM_DES_CBC:
case CKM_DES3_CBC:
case CKM_IDEA_CBC:
case CKM_CDMF_CBC:
case CKM_CAST_CBC:
case CKM_CAST3_CBC:
case CKM_CAST5_CBC:
case CKM_DES_CBC_PAD:
case CKM_DES3_CBC_PAD:
case CKM_IDEA_CBC_PAD:
case CKM_CDMF_CBC_PAD:
case CKM_CAST_CBC_PAD:
case CKM_CAST3_CBC_PAD:
case CKM_CAST5_CBC_PAD:
case CKM_SKIPJACK_CBC64:
case CKM_SKIPJACK_ECB64:
case CKM_SKIPJACK_OFB64:
case CKM_SKIPJACK_CFB64:
case CKM_SKIPJACK_CFB32:
case CKM_SKIPJACK_CFB16:
case CKM_SKIPJACK_CFB8:
case CKM_BATON_ECB128:
case CKM_BATON_ECB96:
case CKM_BATON_CBC128:
case CKM_BATON_COUNTER:
case CKM_BATON_SHUFFLE:
case CKM_JUNIPER_ECB128:
case CKM_JUNIPER_CBC128:
case CKM_JUNIPER_COUNTER:
case CKM_JUNIPER_SHUFFLE:
newParams = SEC_ASN1EncodeItem(NULL,NULL,param,
SEC_ASN1_GET(SEC_OctetStringTemplate) );
if (newParams == NULL)
break;
rv = SECSuccess;
break;
}
if (rv != SECSuccess) {
if (newParams) SECITEM_FreeItem(newParams,PR_TRUE);
return rv;
}
rv = SECOID_SetAlgorithmID(arena, algid, algTag, newParams);
SECITEM_FreeItem(newParams,PR_TRUE);
return rv;
}
/* Generate a mechaism param from a type, and iv. */
SECItem *
PK11_ParamFromAlgid(SECAlgorithmID *algid)
{
CK_RC2_CBC_PARAMS * rc2_cbc_params = NULL;
CK_RC2_PARAMS * rc2_ecb_params = NULL;
CK_RC5_CBC_PARAMS * rc5_cbc_params = NULL;
CK_RC5_PARAMS * rc5_ecb_params = NULL;
PRArenaPool * arena = NULL;
SECItem * mech = NULL;
SECOidTag algtag;
SECStatus rv;
CK_MECHANISM_TYPE type;
/* initialize these to prevent UMRs in the ASN1 decoder. */
SECItem iv = {siBuffer, NULL, 0};
sec_rc2cbcParameter rc2 = { {siBuffer, NULL, 0}, {siBuffer, NULL, 0} };
sec_rc5cbcParameter rc5 = { {siBuffer, NULL, 0}, {siBuffer, NULL, 0},
{siBuffer, NULL, 0}, {siBuffer, NULL, 0} };
algtag = SECOID_GetAlgorithmTag(algid);
type = PK11_AlgtagToMechanism(algtag);
mech = PORT_New(SECItem);
if (mech == NULL) {
return NULL;
}
mech->type = siBuffer;
mech->data = NULL;
mech->len = 0;
arena = PORT_NewArena(1024);
if (!arena) {
goto loser;
}
/* handle the complicated cases */
switch (type) {
case CKM_RC2_ECB:
rv = SEC_ASN1DecodeItem(arena, &rc2 ,sec_rc2ecb_parameter_template,
&(algid->parameters));
if (rv != SECSuccess) {
goto loser;
}
rc2_ecb_params = PORT_New(CK_RC2_PARAMS);
if (rc2_ecb_params == NULL) {
goto loser;
}
*rc2_ecb_params = rc2_map(&rc2.rc2ParameterVersion);
mech->data = (unsigned char *) rc2_ecb_params;
mech->len = sizeof *rc2_ecb_params;
break;
case CKM_RC2_CBC:
case CKM_RC2_CBC_PAD:
rv = SEC_ASN1DecodeItem(arena, &rc2 ,sec_rc2cbc_parameter_template,
&(algid->parameters));
if (rv != SECSuccess) {
goto loser;
}
rc2_cbc_params = PORT_New(CK_RC2_CBC_PARAMS);
if (rc2_cbc_params == NULL) {
goto loser;
}
mech->data = (unsigned char *) rc2_cbc_params;
mech->len = sizeof *rc2_cbc_params;
rc2_cbc_params->ulEffectiveBits = rc2_map(&rc2.rc2ParameterVersion);
if (rc2.iv.len != sizeof rc2_cbc_params->iv) {
PORT_SetError(SEC_ERROR_INPUT_LEN);
goto loser;
}
PORT_Memcpy(rc2_cbc_params->iv, rc2.iv.data, rc2.iv.len);
break;
case CKM_RC5_ECB:
rv = SEC_ASN1DecodeItem(arena, &rc5 ,sec_rc5ecb_parameter_template,
&(algid->parameters));
if (rv != SECSuccess) {
goto loser;
}
rc5_ecb_params = PORT_New(CK_RC5_PARAMS);
if (rc5_ecb_params == NULL) {
goto loser;
}
rc5_ecb_params->ulRounds = DER_GetInteger(&rc5.rounds);
rc5_ecb_params->ulWordsize = DER_GetInteger(&rc5.blockSizeInBits)/8;
mech->data = (unsigned char *) rc5_ecb_params;
mech->len = sizeof *rc5_ecb_params;
break;
case CKM_RC5_CBC:
case CKM_RC5_CBC_PAD:
rv = SEC_ASN1DecodeItem(arena, &rc5 ,sec_rc5cbc_parameter_template,
&(algid->parameters));
if (rv != SECSuccess) {
goto loser;
}
rc5_cbc_params = (CK_RC5_CBC_PARAMS *)
PORT_Alloc(sizeof(CK_RC5_CBC_PARAMS) + rc5.iv.len);
if (rc5_cbc_params == NULL) {
goto loser;
}
mech->data = (unsigned char *) rc5_cbc_params;
mech->len = sizeof *rc5_cbc_params;
rc5_cbc_params->ulRounds = DER_GetInteger(&rc5.rounds);
rc5_cbc_params->ulWordsize = DER_GetInteger(&rc5.blockSizeInBits)/8;
rc5_cbc_params->pIv = ((CK_BYTE_PTR)rc5_cbc_params)
+ sizeof(CK_RC5_CBC_PARAMS);
rc5_cbc_params->ulIvLen = rc5.iv.len;
PORT_Memcpy(rc5_cbc_params->pIv, rc5.iv.data, rc5.iv.len);
break;
case CKM_PBE_MD2_DES_CBC:
case CKM_PBE_MD5_DES_CBC:
case CKM_NETSCAPE_PBE_SHA1_DES_CBC:
case CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC:
case CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC:
case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC:
case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC:
case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4:
case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4:
case CKM_PBE_SHA1_DES2_EDE_CBC:
case CKM_PBE_SHA1_DES3_EDE_CBC:
case CKM_PBE_SHA1_RC2_40_CBC:
case CKM_PBE_SHA1_RC2_128_CBC:
case CKM_PBE_SHA1_RC4_40:
case CKM_PBE_SHA1_RC4_128:
case CKM_PKCS5_PBKD2:
rv = pbe_PK11AlgidToParam(algid,mech);
if (rv != SECSuccess) {
goto loser;
}
break;
case CKM_RC4:
case CKM_SEED_ECB:
case CKM_CAMELLIA_ECB:
case CKM_AES_ECB:
case CKM_DES_ECB:
case CKM_DES3_ECB:
case CKM_IDEA_ECB:
case CKM_CDMF_ECB:
case CKM_CAST_ECB:
case CKM_CAST3_ECB:
case CKM_CAST5_ECB:
break;
default:
if (pk11_lookup(type)->iv == 0) {
break;
}
/* FALL THROUGH */
case CKM_SEED_CBC:
case CKM_CAMELLIA_CBC:
case CKM_AES_CBC:
case CKM_DES_CBC:
case CKM_DES3_CBC:
case CKM_IDEA_CBC:
case CKM_CDMF_CBC:
case CKM_CAST_CBC:
case CKM_CAST3_CBC:
case CKM_CAST5_CBC:
case CKM_SEED_CBC_PAD:
case CKM_CAMELLIA_CBC_PAD:
case CKM_AES_CBC_PAD:
case CKM_DES_CBC_PAD:
case CKM_DES3_CBC_PAD:
case CKM_IDEA_CBC_PAD:
case CKM_CDMF_CBC_PAD:
case CKM_CAST_CBC_PAD:
case CKM_CAST3_CBC_PAD:
case CKM_CAST5_CBC_PAD:
case CKM_SKIPJACK_CBC64:
case CKM_SKIPJACK_ECB64:
case CKM_SKIPJACK_OFB64:
case CKM_SKIPJACK_CFB64:
case CKM_SKIPJACK_CFB32:
case CKM_SKIPJACK_CFB16:
case CKM_SKIPJACK_CFB8:
case CKM_BATON_ECB128:
case CKM_BATON_ECB96:
case CKM_BATON_CBC128:
case CKM_BATON_COUNTER:
case CKM_BATON_SHUFFLE:
case CKM_JUNIPER_ECB128:
case CKM_JUNIPER_CBC128:
case CKM_JUNIPER_COUNTER:
case CKM_JUNIPER_SHUFFLE:
/* simple cases are simply octet string encoded IVs */
rv = SEC_ASN1DecodeItem(arena, &iv,
SEC_ASN1_GET(SEC_OctetStringTemplate),
&(algid->parameters));
if (rv != SECSuccess || iv.data == NULL) {
goto loser;
}
/* XXX Should be some IV length sanity check here. */
mech->data = (unsigned char*)PORT_Alloc(iv.len);
if (mech->data == NULL) {
goto loser;
}
PORT_Memcpy(mech->data, iv.data, iv.len);
mech->len = iv.len;
break;
}
PORT_FreeArena(arena, PR_FALSE);
return mech;
loser:
if (arena)
PORT_FreeArena(arena, PR_FALSE);
SECITEM_FreeItem(mech,PR_TRUE);
return NULL;
}
/*
* SecCmsCipherContextStartEncrypt - create a cipher object to do encryption,
* based on the given bulk encryption key and algorithm tag. Fill in the algorithm
* identifier (which may include an iv) appropriately.
*
* XXX Once both are working, it might be nice to combine this and the
* function above (for starting up decryption) into one routine, and just
* have two simple cover functions which call it.
*/
SecCmsCipherContext *
SecCmsCipherContextStartEncrypt(PRArenaPool *poolp, SecSymmetricKeyRef key, SECAlgorithmID *algid)
{
return SecCmsCipherContextStart(poolp, key, algid, PR_TRUE);
#if 0
SecCmsCipherContext *cc;
void *ciphercx;
CSSM_DATA *param;
OSStatus rv;
CK_MECHANISM_TYPE mechanism;
PK11SlotInfo *slot;
PRBool needToEncodeAlgid = PR_FALSE;
SECOidTag algtag = SECOID_GetAlgorithmTag(algid);
/* set param and mechanism */
if (SEC_PKCS5IsAlgorithmPBEAlg(algid)) {
CK_MECHANISM pbeMech, cryptoMech;
CSSM_DATA *pbeParams;
SEC_PKCS5KeyAndPassword *keyPwd;
PORT_Memset(&pbeMech, 0, sizeof(CK_MECHANISM));
PORT_Memset(&cryptoMech, 0, sizeof(CK_MECHANISM));
/* HACK ALERT!
* in this case, key is not actually a SecSymmetricKeyRef, but a SEC_PKCS5KeyAndPassword *
*/
keyPwd = (SEC_PKCS5KeyAndPassword *)key;
key = keyPwd->key;
/* find correct PK11 mechanism and parameters to initialize pbeMech */
pbeMech.mechanism = PK11_AlgtagToMechanism(algtag);
pbeParams = PK11_ParamFromAlgid(algid);
if (!pbeParams)
return NULL;
pbeMech.pParameter = pbeParams->Data;
pbeMech.ulParameterLen = pbeParams->Length;
/* now map pbeMech to cryptoMech */
if (PK11_MapPBEMechanismToCryptoMechanism(&pbeMech, &cryptoMech, keyPwd->pwitem,
PR_FALSE) != CKR_OK) {
SECITEM_ZfreeItem(pbeParams, PR_TRUE);
return NULL;
}
SECITEM_ZfreeItem(pbeParams, PR_TRUE);
/* and use it to initialize param & mechanism */
if ((param = (CSSM_DATA *)PORT_ZAlloc(sizeof(CSSM_DATA))) == NULL)
return NULL;
param->Data = (unsigned char *)cryptoMech.pParameter;
param->Length = cryptoMech.ulParameterLen;
mechanism = cryptoMech.mechanism;
} else {
mechanism = PK11_AlgtagToMechanism(algtag);
if ((param = PK11_GenerateNewParam(mechanism, key)) == NULL)
return NULL;
needToEncodeAlgid = PR_TRUE;
}
cc = (SecCmsCipherContext *)PORT_ZAlloc(sizeof(SecCmsCipherContext));
if (cc == NULL)
return NULL;
/* now find pad and block sizes for our mechanism */
cc->pad_size = PK11_GetBlockSize(mechanism,param);
slot = PK11_GetSlotFromKey(key);
cc->block_size = PK11_IsHW(slot) ? BLOCK_SIZE : cc->pad_size;
PK11_FreeSlot(slot);
/* and here we go, creating a PK11 cipher context */
ciphercx = PK11_CreateContextBySymKey(mechanism, CKA_ENCRYPT, key, param);
if (ciphercx == NULL) {
PORT_Free(cc);
cc = NULL;
goto loser;
}
/*
* These are placed after the CreateContextBySymKey() because some
* mechanisms have to generate their IVs from their card (i.e. FORTEZZA).
* Don't move it from here.
* XXX is that right? the purpose of this is to get the correct algid
* containing the IVs etc. for encoding. this means we need to set this up
* BEFORE encoding the algid in the contentInfo, right?
*/
if (needToEncodeAlgid) {
rv = PK11_ParamToAlgid(algtag, param, poolp, algid);
if(rv != SECSuccess) {
PORT_Free(cc);
cc = NULL;
goto loser;
}
}
cc->cx = ciphercx;
cc->doit = (nss_cms_cipher_function)PK11_CipherOp;
cc->destroy = (nss_cms_cipher_destroy)PK11_DestroyContext;
cc->encrypt = PR_TRUE;
cc->pending_count = 0;
loser:
SECITEM_FreeItem(param, PR_TRUE);
return cc;
#endif
}
/*
* SecCmsCipherContextStartDecrypt - create a cipher context to do decryption
* based on the given bulk * encryption key and algorithm identifier (which may include an iv).
*
* XXX Once both are working, it might be nice to combine this and the
* function below (for starting up encryption) into one routine, and just
* have two simple cover functions which call it.
*/
SecCmsCipherContext *
SecCmsCipherContextStartDecrypt(SecSymmetricKeyRef key, SECAlgorithmID *algid)
{
return SecCmsCipherContextStart(NULL, key, algid, PR_FALSE);
#if 0
SecCmsCipherContext *cc;
void *ciphercx;
CK_MECHANISM_TYPE mechanism;
CSSM_DATA *param;
PK11SlotInfo *slot;
SECOidTag algtag;
algtag = SECOID_GetAlgorithmTag(algid);
/* set param and mechanism */
if (SEC_PKCS5IsAlgorithmPBEAlg(algid)) {
CK_MECHANISM pbeMech, cryptoMech;
CSSM_DATA *pbeParams;
SEC_PKCS5KeyAndPassword *keyPwd;
PORT_Memset(&pbeMech, 0, sizeof(CK_MECHANISM));
PORT_Memset(&cryptoMech, 0, sizeof(CK_MECHANISM));
/* HACK ALERT!
* in this case, key is not actually a SecSymmetricKeyRef, but a SEC_PKCS5KeyAndPassword *
*/
keyPwd = (SEC_PKCS5KeyAndPassword *)key;
key = keyPwd->key;
/* find correct PK11 mechanism and parameters to initialize pbeMech */
pbeMech.mechanism = PK11_AlgtagToMechanism(algtag);
pbeParams = PK11_ParamFromAlgid(algid);
if (!pbeParams)
return NULL;
pbeMech.pParameter = pbeParams->Data;
pbeMech.ulParameterLen = pbeParams->Length;
/* now map pbeMech to cryptoMech */
if (PK11_MapPBEMechanismToCryptoMechanism(&pbeMech, &cryptoMech, keyPwd->pwitem,
PR_FALSE) != CKR_OK) {
SECITEM_ZfreeItem(pbeParams, PR_TRUE);
return NULL;
}
SECITEM_ZfreeItem(pbeParams, PR_TRUE);
/* and use it to initialize param & mechanism */
if ((param = (CSSM_DATA *)PORT_ZAlloc(sizeof(CSSM_DATA))) == NULL)
return NULL;
param->Data = (unsigned char *)cryptoMech.pParameter;
param->Length = cryptoMech.ulParameterLen;
mechanism = cryptoMech.mechanism;
} else {
mechanism = PK11_AlgtagToMechanism(algtag);
if ((param = PK11_ParamFromAlgid(algid)) == NULL)
return NULL;
}
cc = (SecCmsCipherContext *)PORT_ZAlloc(sizeof(SecCmsCipherContext));
if (cc == NULL) {
SECITEM_FreeItem(param,PR_TRUE);
return NULL;
}
/* figure out pad and block sizes */
cc->pad_size = PK11_GetBlockSize(mechanism, param);
slot = PK11_GetSlotFromKey(key);
cc->block_size = PK11_IsHW(slot) ? BLOCK_SIZE : cc->pad_size;
PK11_FreeSlot(slot);
/* create PK11 cipher context */
ciphercx = PK11_CreateContextBySymKey(mechanism, CKA_DECRYPT, key, param);
SECITEM_FreeItem(param, PR_TRUE);
if (ciphercx == NULL) {
PORT_Free (cc);
return NULL;
}
cc->cx = ciphercx;
cc->doit = (nss_cms_cipher_function) PK11_CipherOp;
cc->destroy = (nss_cms_cipher_destroy) PK11_DestroyContext;
cc->encrypt = PR_FALSE;
cc->pending_count = 0;
return cc;
#endif
}
static gchar*
cipher_pbkdf2_nss_sha1(const gchar *passphrase, const gchar *salt,
guint iter_count, guint out_len)
{
PK11SlotInfo *slot;
SECAlgorithmID *algorithm = NULL;
PK11SymKey *symkey = NULL;
const SECItem *symkey_data = NULL;
SECItem salt_item, passphrase_item;
guchar *passphrase_buff, *salt_buff;
gchar *ret;
g_return_val_if_fail(passphrase != NULL, NULL);
g_return_val_if_fail(iter_count > 0, NULL);
g_return_val_if_fail(out_len > 0, NULL);
NSS_NoDB_Init(NULL);
slot = PK11_GetBestSlot(PK11_AlgtagToMechanism(SEC_OID_PKCS5_PBKDF2),
NULL);
if (slot == NULL) {
purple_debug_error("cipher-test", "NSS: couldn't get slot: "
"%d\n", PR_GetError());
return NULL;
}
salt_buff = (guchar*)g_strdup(salt ? salt : "");
salt_item.type = siBuffer;
salt_item.data = salt_buff;
salt_item.len = salt ? strlen(salt) : 0;
algorithm = PK11_CreatePBEV2AlgorithmID(SEC_OID_PKCS5_PBKDF2,
SEC_OID_AES_256_CBC, SEC_OID_HMAC_SHA1, out_len, iter_count,
&salt_item);
if (algorithm == NULL) {
purple_debug_error("cipher-test", "NSS: couldn't create "
"algorithm ID: %d\n", PR_GetError());
PK11_FreeSlot(slot);
g_free(salt_buff);
return NULL;
}
passphrase_buff = (guchar*)g_strdup(passphrase);
passphrase_item.type = siBuffer;
passphrase_item.data = passphrase_buff;
passphrase_item.len = strlen(passphrase);
symkey = PK11_PBEKeyGen(slot, algorithm, &passphrase_item, PR_FALSE,
NULL);
if (symkey == NULL) {
purple_debug_error("cipher-test", "NSS: Couldn't generate key: "
"%d\n", PR_GetError());
SECOID_DestroyAlgorithmID(algorithm, PR_TRUE);
PK11_FreeSlot(slot);
g_free(passphrase_buff);
g_free(salt_buff);
return NULL;
}
if (PK11_ExtractKeyValue(symkey) == SECSuccess)
symkey_data = PK11_GetKeyData(symkey);
if (symkey_data == NULL || symkey_data->data == NULL) {
purple_debug_error("cipher-test", "NSS: Couldn't extract key "
"value: %d\n", PR_GetError());
PK11_FreeSymKey(symkey);
SECOID_DestroyAlgorithmID(algorithm, PR_TRUE);
PK11_FreeSlot(slot);
g_free(passphrase_buff);
g_free(salt_buff);
return NULL;
}
if (symkey_data->len != out_len) {
purple_debug_error("cipher-test", "NSS: Invalid key length: %d "
"(should be %d)\n", symkey_data->len, out_len);
PK11_FreeSymKey(symkey);
SECOID_DestroyAlgorithmID(algorithm, PR_TRUE);
PK11_FreeSlot(slot);
g_free(passphrase_buff);
g_free(salt_buff);
return NULL;
}
ret = purple_base16_encode(symkey_data->data, symkey_data->len);
PK11_FreeSymKey(symkey);
SECOID_DestroyAlgorithmID(algorithm, PR_TRUE);
PK11_FreeSlot(slot);
g_free(passphrase_buff);
g_free(salt_buff);
return ret;
}
/*
* Create a cipher object to do decryption, based on the given bulk
* encryption key and algorithm identifier (which may include an iv).
*
* XXX This interface, or one similar, would be really nice available
* in general... I tried to keep the pkcs7-specific stuff (mostly
* having to do with padding) out of here.
*
* XXX Once both are working, it might be nice to combine this and the
* function below (for starting up encryption) into one routine, and just
* have two simple cover functions which call it.
*/
sec_PKCS7CipherObject *
sec_PKCS7CreateDecryptObject (PK11SymKey *key, SECAlgorithmID *algid)
{
sec_PKCS7CipherObject *result;
SECOidTag algtag;
void *ciphercx;
CK_MECHANISM_TYPE cryptoMechType;
PK11SlotInfo *slot;
SECItem *param = NULL;
result = (struct sec_pkcs7_cipher_object*)
PORT_ZAlloc (sizeof(struct sec_pkcs7_cipher_object));
if (result == NULL)
return NULL;
ciphercx = NULL;
algtag = SECOID_GetAlgorithmTag (algid);
if (SEC_PKCS5IsAlgorithmPBEAlg(algid)) {
SECItem *pwitem;
pwitem = (SECItem *)PK11_GetSymKeyUserData(key);
if (!pwitem) {
PORT_Free(result);
return NULL;
}
cryptoMechType = PK11_GetPBECryptoMechanism(algid, ¶m, pwitem);
if (cryptoMechType == CKM_INVALID_MECHANISM) {
PORT_Free(result);
SECITEM_FreeItem(param,PR_TRUE);
return NULL;
}
} else {
cryptoMechType = PK11_AlgtagToMechanism(algtag);
param = PK11_ParamFromAlgid(algid);
if (param == NULL) {
PORT_Free(result);
return NULL;
}
}
result->pad_size = PK11_GetBlockSize(cryptoMechType, param);
slot = PK11_GetSlotFromKey(key);
result->block_size = PK11_IsHW(slot) ? BLOCK_SIZE : result->pad_size;
PK11_FreeSlot(slot);
ciphercx = PK11_CreateContextBySymKey(cryptoMechType, CKA_DECRYPT,
key, param);
SECITEM_FreeItem(param,PR_TRUE);
if (ciphercx == NULL) {
PORT_Free (result);
return NULL;
}
result->cx = ciphercx;
result->doit = (sec_pkcs7_cipher_function) PK11_CipherOp;
result->destroy = (sec_pkcs7_cipher_destroy) PK11_DestroyContext;
result->encrypt = PR_FALSE;
result->pending_count = 0;
return result;
}
SECStatus
NSS_CMSUtil_EncryptSymKey_MISSI(PLArenaPool *poolp, CERTCertificate *cert, PK11SymKey *bulkkey,
SECOidTag symalgtag, SECItem *encKey, SECItem **pparams, void *pwfn_arg)
{
SECOidTag certalgtag; /* the certificate's encryption algorithm */
SECOidTag encalgtag; /* the algorithm used for key exchange/agreement */
SECStatus rv = SECFailure;
SECItem *params = NULL;
SECStatus err;
PK11SymKey *tek;
CERTCertificate *ourCert;
SECKEYPublicKey *ourPubKey, *publickey = NULL;
SECKEYPrivateKey *ourPrivKey = NULL;
NSSCMSKEATemplateSelector whichKEA = NSSCMSKEAInvalid;
NSSCMSSMIMEKEAParameters keaParams;
PLArenaPool *arena = NULL;
extern const SEC_ASN1Template *nss_cms_get_kea_template(NSSCMSKEATemplateSelector whichTemplate);
/* Clear keaParams, since cleanup code checks the lengths */
(void) memset(&keaParams, 0, sizeof(keaParams));
certalgtag = SECOID_GetAlgorithmTag(&(cert->subjectPublicKeyInfo.algorithm));
PORT_Assert(certalgtag == SEC_OID_MISSI_KEA_DSS_OLD ||
certalgtag == SEC_OID_MISSI_KEA_DSS ||
certalgtag == SEC_OID_MISSI_KEA);
#define SMIME_FORTEZZA_RA_LENGTH 128
#define SMIME_FORTEZZA_IV_LENGTH 24
#define SMIME_FORTEZZA_MAX_KEY_SIZE 256
/* We really want to show our KEA tag as the key exchange algorithm tag. */
encalgtag = SEC_OID_NETSCAPE_SMIME_KEA;
/* Get the public key of the recipient. */
publickey = CERT_ExtractPublicKey(cert);
if (publickey == NULL) goto loser;
/* Find our own cert, and extract its keys. */
ourCert = PK11_FindBestKEAMatch(cert, pwfn_arg);
if (ourCert == NULL) goto loser;
arena = PORT_NewArena(1024);
if (arena == NULL)
goto loser;
ourPubKey = CERT_ExtractPublicKey(ourCert);
if (ourPubKey == NULL) {
CERT_DestroyCertificate(ourCert);
goto loser;
}
/* While we're here, copy the public key into the outgoing
* KEA parameters. */
SECITEM_CopyItem(arena, &(keaParams.originatorKEAKey), &(ourPubKey->u.fortezza.KEAKey));
SECKEY_DestroyPublicKey(ourPubKey);
ourPubKey = NULL;
/* Extract our private key in order to derive the KEA key. */
ourPrivKey = PK11_FindKeyByAnyCert(ourCert, pwfn_arg);
CERT_DestroyCertificate(ourCert); /* we're done with this */
if (!ourPrivKey)
goto loser;
/* Prepare raItem with 128 bytes (filled with zeros). */
keaParams.originatorRA.data = (unsigned char *)PORT_ArenaAlloc(arena,SMIME_FORTEZZA_RA_LENGTH);
keaParams.originatorRA.len = SMIME_FORTEZZA_RA_LENGTH;
/* Generate the TEK (token exchange key) which we use
* to wrap the bulk encryption key. (keaparams.originatorRA) will be
* filled with a random seed which we need to send to
* the recipient. (user keying material in RFC2630/DSA speak) */
tek = PK11_PubDerive(ourPrivKey, publickey, PR_TRUE,
&keaParams.originatorRA, NULL,
CKM_KEA_KEY_DERIVE, CKM_SKIPJACK_WRAP,
CKA_WRAP, 0, pwfn_arg);
SECKEY_DestroyPublicKey(publickey);
SECKEY_DestroyPrivateKey(ourPrivKey);
publickey = NULL;
ourPrivKey = NULL;
if (!tek)
goto loser;
/* allocate space for the wrapped key data */
encKey->data = (unsigned char *)PORT_ArenaAlloc(poolp, SMIME_FORTEZZA_MAX_KEY_SIZE);
encKey->len = SMIME_FORTEZZA_MAX_KEY_SIZE;
if (encKey->data == NULL) {
PK11_FreeSymKey(tek);
goto loser;
}
/* Wrap the bulk key. What we do with the resulting data
depends on whether we're using Skipjack to wrap the key. */
switch (PK11_AlgtagToMechanism(symalgtag)) {
case CKM_SKIPJACK_CBC64:
case CKM_SKIPJACK_ECB64:
case CKM_SKIPJACK_OFB64:
case CKM_SKIPJACK_CFB64:
case CKM_SKIPJACK_CFB32:
case CKM_SKIPJACK_CFB16:
case CKM_SKIPJACK_CFB8:
/* SKIPJACK, we use the wrap mechanism because we can do it on the hardware */
err = PK11_WrapSymKey(CKM_SKIPJACK_WRAP, NULL, tek, bulkkey, encKey);
whichKEA = NSSCMSKEAUsesSkipjack;
break;
default:
/* Not SKIPJACK, we encrypt the raw key data */
keaParams.nonSkipjackIV.data =
(unsigned char *)PORT_ArenaAlloc(arena, SMIME_FORTEZZA_IV_LENGTH);
keaParams.nonSkipjackIV.len = SMIME_FORTEZZA_IV_LENGTH;
err = PK11_WrapSymKey(CKM_SKIPJACK_CBC64, &keaParams.nonSkipjackIV, tek, bulkkey, encKey);
if (err != SECSuccess)
goto loser;
if (encKey->len != PK11_GetKeyLength(bulkkey)) {
/* The size of the encrypted key is not the same as
that of the original bulk key, presumably due to
padding. Encode and store the real size of the
bulk key. */
if (SEC_ASN1EncodeInteger(arena, &keaParams.bulkKeySize, PK11_GetKeyLength(bulkkey)) == NULL)
err = (SECStatus)PORT_GetError();
else
/* use full template for encoding */
whichKEA = NSSCMSKEAUsesNonSkipjackWithPaddedEncKey;
}
else
/* enc key length == bulk key length */
whichKEA = NSSCMSKEAUsesNonSkipjack;
break;
}
PK11_FreeSymKey(tek);
if (err != SECSuccess)
goto loser;
PORT_Assert(whichKEA != NSSCMSKEAInvalid);
/* Encode the KEA parameters into the recipient info. */
params = SEC_ASN1EncodeItem(poolp, NULL, &keaParams, nss_cms_get_kea_template(whichKEA));
if (params == NULL)
goto loser;
/* pass back the algorithm params */
*pparams = params;
rv = SECSuccess;
loser:
if (arena)
PORT_FreeArena(arena, PR_FALSE);
if (publickey)
SECKEY_DestroyPublicKey(publickey);
if (ourPrivKey)
SECKEY_DestroyPrivateKey(ourPrivKey);
return rv;
}
PK11SymKey *
NSS_CMSUtil_DecryptSymKey_MISSI(SECKEYPrivateKey *privkey, SECItem *encKey, SECAlgorithmID *keyEncAlg, SECOidTag bulkalgtag, void *pwfn_arg)
{
/* fortezza: do a key exchange */
SECStatus err;
CK_MECHANISM_TYPE bulkType;
PK11SymKey *tek;
SECKEYPublicKey *originatorPubKey;
NSSCMSSMIMEKEAParameters keaParams;
PK11SymKey *bulkkey;
int bulkLength;
(void) memset(&keaParams, 0, sizeof(keaParams));
/* NOTE: this uses the SMIME v2 recipientinfo for compatibility.
All additional KEA parameters are DER-encoded in the encryption algorithm parameters */
/* Decode the KEA algorithm parameters. */
err = SEC_ASN1DecodeItem(NULL, &keaParams, NSS_SMIMEKEAParamTemplateAllParams,
&(keyEncAlg->parameters));
if (err != SECSuccess)
goto loser;
/* get originator's public key */
originatorPubKey = PK11_MakeKEAPubKey(keaParams.originatorKEAKey.data,
keaParams.originatorKEAKey.len);
if (originatorPubKey == NULL)
goto loser;
/* Generate the TEK (token exchange key) which we use to unwrap the bulk encryption key.
The Derive function generates a shared secret and combines it with the originatorRA
data to come up with an unique session key */
tek = PK11_PubDerive(privkey, originatorPubKey, PR_FALSE,
&keaParams.originatorRA, NULL,
CKM_KEA_KEY_DERIVE, CKM_SKIPJACK_WRAP,
CKA_WRAP, 0, pwfn_arg);
SECKEY_DestroyPublicKey(originatorPubKey); /* not needed anymore */
if (tek == NULL)
goto loser;
/* Now that we have the TEK, unwrap the bulk key
with which to decrypt the message. We have to
do one of two different things depending on
whether Skipjack was used for *bulk* encryption
of the message. */
bulkType = PK11_AlgtagToMechanism(bulkalgtag);
switch (bulkType) {
case CKM_SKIPJACK_CBC64:
case CKM_SKIPJACK_ECB64:
case CKM_SKIPJACK_OFB64:
case CKM_SKIPJACK_CFB64:
case CKM_SKIPJACK_CFB32:
case CKM_SKIPJACK_CFB16:
case CKM_SKIPJACK_CFB8:
/* Skipjack is being used as the bulk encryption algorithm.*/
/* Unwrap the bulk key. */
bulkkey = PK11_UnwrapSymKey(tek, CKM_SKIPJACK_WRAP, NULL,
encKey, CKM_SKIPJACK_CBC64, CKA_DECRYPT, 0);
break;
default:
/* Skipjack was not used for bulk encryption of this
message. Use Skipjack CBC64, with the nonSkipjackIV
part of the KEA key parameters, to decrypt
the bulk key. If the optional parameter bulkKeySize is present,
bulk key size is different than the encrypted key size */
if (keaParams.bulkKeySize.len > 0) {
err = SEC_ASN1DecodeItem(NULL, &bulkLength,
SEC_ASN1_GET(SEC_IntegerTemplate),
&keaParams.bulkKeySize);
if (err != SECSuccess)
goto loser;
}
bulkkey = PK11_UnwrapSymKey(tek, CKM_SKIPJACK_CBC64, &keaParams.nonSkipjackIV,
encKey, bulkType, CKA_DECRYPT, bulkLength);
break;
}
return bulkkey;
loser:
return NULL;
}
/*
* NSS_CMSCipherContext_StartDecrypt - create a cipher context to do decryption
* based on the given bulk encryption key and algorithm identifier (which
* may include an iv).
*
* XXX Once both are working, it might be nice to combine this and the
* function below (for starting up encryption) into one routine, and just
* have two simple cover functions which call it.
*/
NSSCMSCipherContext *
NSS_CMSCipherContext_StartDecrypt(PK11SymKey *key, SECAlgorithmID *algid)
{
NSSCMSCipherContext *cc;
void *ciphercx;
CK_MECHANISM_TYPE cryptoMechType;
PK11SlotInfo *slot;
SECOidTag algtag;
SECItem *param = NULL;
algtag = SECOID_GetAlgorithmTag(algid);
/* set param and mechanism */
if (SEC_PKCS5IsAlgorithmPBEAlg(algid)) {
SECItem *pwitem;
pwitem = PK11_GetSymKeyUserData(key);
if (!pwitem)
return NULL;
cryptoMechType = PK11_GetPBECryptoMechanism(algid, ¶m, pwitem);
if (cryptoMechType == CKM_INVALID_MECHANISM) {
SECITEM_FreeItem(param,PR_TRUE);
return NULL;
}
} else {
cryptoMechType = PK11_AlgtagToMechanism(algtag);
if ((param = PK11_ParamFromAlgid(algid)) == NULL)
return NULL;
}
cc = (NSSCMSCipherContext *)PORT_ZAlloc(sizeof(NSSCMSCipherContext));
if (cc == NULL) {
SECITEM_FreeItem(param,PR_TRUE);
return NULL;
}
/* figure out pad and block sizes */
cc->pad_size = PK11_GetBlockSize(cryptoMechType, param);
slot = PK11_GetSlotFromKey(key);
cc->block_size = PK11_IsHW(slot) ? BLOCK_SIZE : cc->pad_size;
PK11_FreeSlot(slot);
/* create PK11 cipher context */
ciphercx = PK11_CreateContextBySymKey(cryptoMechType, CKA_DECRYPT,
key, param);
SECITEM_FreeItem(param, PR_TRUE);
if (ciphercx == NULL) {
PORT_Free (cc);
return NULL;
}
cc->cx = ciphercx;
cc->doit = (nss_cms_cipher_function) PK11_CipherOp;
cc->destroy = (nss_cms_cipher_destroy) PK11_DestroyContext;
cc->encrypt = PR_FALSE;
cc->pending_count = 0;
return cc;
}
static sec_PKCS7CipherObject *
sec_pkcs7_encoder_start_encrypt (SEC_PKCS7ContentInfo *cinfo,
PK11SymKey *orig_bulkkey)
{
SECOidTag kind;
sec_PKCS7CipherObject *encryptobj;
SEC_PKCS7RecipientInfo **recipientinfos, *ri;
SEC_PKCS7EncryptedContentInfo *enccinfo;
SECKEYPublicKey *publickey = NULL;
SECKEYPrivateKey *ourPrivKey = NULL;
PK11SymKey *bulkkey;
void *mark, *wincx;
int i;
PLArenaPool *arena = NULL;
/* Get the context in case we need it below. */
wincx = cinfo->pwfn_arg;
kind = SEC_PKCS7ContentType (cinfo);
switch (kind) {
default:
case SEC_OID_PKCS7_DATA:
case SEC_OID_PKCS7_DIGESTED_DATA:
case SEC_OID_PKCS7_SIGNED_DATA:
recipientinfos = NULL;
enccinfo = NULL;
break;
case SEC_OID_PKCS7_ENCRYPTED_DATA:
{
SEC_PKCS7EncryptedData *encdp;
/* To do EncryptedData we *must* be given a bulk key. */
PORT_Assert (orig_bulkkey != NULL);
if (orig_bulkkey == NULL) {
/* XXX error? */
return NULL;
}
encdp = cinfo->content.encryptedData;
recipientinfos = NULL;
enccinfo = &(encdp->encContentInfo);
}
break;
case SEC_OID_PKCS7_ENVELOPED_DATA:
{
SEC_PKCS7EnvelopedData *envdp;
envdp = cinfo->content.envelopedData;
recipientinfos = envdp->recipientInfos;
enccinfo = &(envdp->encContentInfo);
}
break;
case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA:
{
SEC_PKCS7SignedAndEnvelopedData *saedp;
saedp = cinfo->content.signedAndEnvelopedData;
recipientinfos = saedp->recipientInfos;
enccinfo = &(saedp->encContentInfo);
}
break;
}
if (enccinfo == NULL)
return NULL;
bulkkey = orig_bulkkey;
if (bulkkey == NULL) {
CK_MECHANISM_TYPE type = PK11_AlgtagToMechanism(enccinfo->encalg);
PK11SlotInfo *slot;
slot = PK11_GetBestSlot(type,cinfo->pwfn_arg);
if (slot == NULL) {
return NULL;
}
bulkkey = PK11_KeyGen(slot,type,NULL, enccinfo->keysize/8,
cinfo->pwfn_arg);
PK11_FreeSlot(slot);
if (bulkkey == NULL) {
return NULL;
}
}
encryptobj = NULL;
mark = PORT_ArenaMark (cinfo->poolp);
/*
* Encrypt the bulk key with the public key of each recipient.
*/
for (i = 0; recipientinfos && (ri = recipientinfos[i]) != NULL; i++) {
CERTCertificate *cert;
SECOidTag certalgtag, encalgtag;
SECStatus rv;
int data_len;
SECItem *params = NULL;
cert = ri->cert;
PORT_Assert (cert != NULL);
if (cert == NULL)
continue;
/*
* XXX Want an interface that takes a cert and some data and
* fills in an algorithmID and encrypts the data with the public
* key from the cert. Or, give me two interfaces -- one which
* gets the algorithm tag from a cert (I should not have to go
* down into the subjectPublicKeyInfo myself) and another which
* takes a public key and algorithm tag and data and encrypts
* the data. Or something like that. The point is that all
* of the following hardwired RSA stuff should be done elsewhere.
*/
certalgtag=SECOID_GetAlgorithmTag(&(cert->subjectPublicKeyInfo.algorithm));
switch (certalgtag) {
case SEC_OID_PKCS1_RSA_ENCRYPTION:
encalgtag = certalgtag;
publickey = CERT_ExtractPublicKey (cert);
if (publickey == NULL) goto loser;
data_len = SECKEY_PublicKeyStrength(publickey);
ri->encKey.data =
(unsigned char*)PORT_ArenaAlloc(cinfo->poolp ,data_len);
ri->encKey.len = data_len;
if (ri->encKey.data == NULL) goto loser;
rv = PK11_PubWrapSymKey(PK11_AlgtagToMechanism(certalgtag),publickey,
bulkkey,&ri->encKey);
SECKEY_DestroyPublicKey(publickey);
publickey = NULL;
if (rv != SECSuccess) goto loser;
params = NULL; /* paranoia */
break;
default:
PORT_SetError (SEC_ERROR_INVALID_ALGORITHM);
goto loser;
}
rv = SECOID_SetAlgorithmID(cinfo->poolp, &ri->keyEncAlg, encalgtag,
params);
if (rv != SECSuccess)
goto loser;
if (arena) PORT_FreeArena(arena,PR_FALSE);
arena = NULL;
}
encryptobj = sec_PKCS7CreateEncryptObject (cinfo->poolp, bulkkey,
enccinfo->encalg,
&(enccinfo->contentEncAlg));
if (encryptobj != NULL) {
PORT_ArenaUnmark (cinfo->poolp, mark);
mark = NULL; /* good one; do not want to release */
}
/* fallthru */
loser:
if (arena) {
PORT_FreeArena(arena, PR_FALSE);
}
if (publickey) {
SECKEY_DestroyPublicKey(publickey);
}
if (ourPrivKey) {
SECKEY_DestroyPrivateKey(ourPrivKey);
}
if (mark != NULL) {
PORT_ArenaRelease (cinfo->poolp, mark);
}
if (orig_bulkkey == NULL) {
if (bulkkey) PK11_FreeSymKey(bulkkey);
}
return encryptobj;
}
