/* the content of an encrypted data content info is decrypted.
* it is assumed that for encrypted data, that the data has already
* been set and is in the "encContent" field of the content info.
*
* cinfo is the content info to decrypt
*
* key is the key with which to perform the decryption. if the
* algorithm is a password based encryption algorithm, the
* key is actually a password which will be processed per
* PKCS #5.
*
* in the event of an error, SECFailure is returned. SECSuccess
* indicates a success.
*/
SECStatus
SEC_PKCS7DecryptContents(PRArenaPool *poolp,
SEC_PKCS7ContentInfo *cinfo,
SECItem *key,
void *wincx)
{
SECAlgorithmID *algid = NULL;
SECStatus rv = SECFailure;
SECItem *result = NULL, *dest, *src;
void *mark;
PK11SymKey *eKey = NULL;
PK11SlotInfo *slot = NULL;
CK_MECHANISM_TYPE cryptoMechType;
void *cx;
SECItem *c_param = NULL;
int bs;
if((cinfo == NULL) || (key == NULL))
return SECFailure;
if(SEC_PKCS7ContentType(cinfo) != SEC_OID_PKCS7_ENCRYPTED_DATA)
return SECFailure;
algid = SEC_PKCS7GetEncryptionAlgorithm(cinfo);
if(algid == NULL)
return SECFailure;
if(poolp == NULL)
poolp = cinfo->poolp;
mark = PORT_ArenaMark(poolp);
src = &cinfo->content.encryptedData->encContentInfo.encContent;
dest = &cinfo->content.encryptedData->encContentInfo.plainContent;
dest->data = (unsigned char*)PORT_ArenaZAlloc(poolp, (src->len + 64));
dest->len = (src->len + 64);
if(dest->data == NULL) {
rv = SECFailure;
goto loser;
}
slot = PK11_GetInternalKeySlot();
if(slot == NULL) {
rv = SECFailure;
goto loser;
}
eKey = PK11_PBEKeyGen(slot, algid, key, PR_FALSE, wincx);
if(eKey == NULL) {
rv = SECFailure;
goto loser;
}
cryptoMechType = PK11_GetPBECryptoMechanism(algid, &c_param, key);
if (cryptoMechType == CKM_INVALID_MECHANISM) {
rv = SECFailure;
goto loser;
}
cx = PK11_CreateContextBySymKey(cryptoMechType, CKA_DECRYPT,
eKey, c_param);
if(cx == NULL) {
rv = SECFailure;
goto loser;
}
rv = PK11_CipherOp((PK11Context*)cx, dest->data, (int *)(&dest->len),
(int)(src->len + 64), src->data, (int)src->len);
PK11_DestroyContext((PK11Context *)cx, PR_TRUE);
bs = PK11_GetBlockSize(cryptoMechType, c_param);
if(bs) {
/* check for proper badding in block algorithms. this assumes
* RC2 cbc or a DES cbc variant. and the padding is thus defined
*/
if(((int)dest->data[dest->len-1] <= bs) &&
((int)dest->data[dest->len-1] > 0)) {
dest->len -= (int)dest->data[dest->len-1];
} else {
rv = SECFailure;
/* set an error ? */
}
}
loser:
/* let success fall through */
if(result != NULL)
SECITEM_ZfreeItem(result, PR_TRUE);
if(rv == SECFailure)
PORT_ArenaRelease(poolp, mark);
else
PORT_ArenaUnmark(poolp, mark);
if(eKey != NULL)
PK11_FreeSymKey(eKey);
if(slot != NULL)
PK11_FreeSlot(slot);
if(c_param != NULL)
SECITEM_ZfreeItem(c_param, PR_TRUE);
return rv;
}
static gchar*
cipher_pbkdf2_nss_sha1(const gchar *passphrase, const gchar *salt,
guint iter_count, guint out_len)
{
PK11SlotInfo *slot;
SECAlgorithmID *algorithm = NULL;
PK11SymKey *symkey = NULL;
const SECItem *symkey_data = NULL;
SECItem salt_item, passphrase_item;
guchar *passphrase_buff, *salt_buff;
gchar *ret;
g_return_val_if_fail(passphrase != NULL, NULL);
g_return_val_if_fail(iter_count > 0, NULL);
g_return_val_if_fail(out_len > 0, NULL);
NSS_NoDB_Init(NULL);
slot = PK11_GetBestSlot(PK11_AlgtagToMechanism(SEC_OID_PKCS5_PBKDF2),
NULL);
if (slot == NULL) {
purple_debug_error("cipher-test", "NSS: couldn't get slot: "
"%d\n", PR_GetError());
return NULL;
}
salt_buff = (guchar*)g_strdup(salt ? salt : "");
salt_item.type = siBuffer;
salt_item.data = salt_buff;
salt_item.len = salt ? strlen(salt) : 0;
algorithm = PK11_CreatePBEV2AlgorithmID(SEC_OID_PKCS5_PBKDF2,
SEC_OID_AES_256_CBC, SEC_OID_HMAC_SHA1, out_len, iter_count,
&salt_item);
if (algorithm == NULL) {
purple_debug_error("cipher-test", "NSS: couldn't create "
"algorithm ID: %d\n", PR_GetError());
PK11_FreeSlot(slot);
g_free(salt_buff);
return NULL;
}
passphrase_buff = (guchar*)g_strdup(passphrase);
passphrase_item.type = siBuffer;
passphrase_item.data = passphrase_buff;
passphrase_item.len = strlen(passphrase);
symkey = PK11_PBEKeyGen(slot, algorithm, &passphrase_item, PR_FALSE,
NULL);
if (symkey == NULL) {
purple_debug_error("cipher-test", "NSS: Couldn't generate key: "
"%d\n", PR_GetError());
SECOID_DestroyAlgorithmID(algorithm, PR_TRUE);
PK11_FreeSlot(slot);
g_free(passphrase_buff);
g_free(salt_buff);
return NULL;
}
if (PK11_ExtractKeyValue(symkey) == SECSuccess)
symkey_data = PK11_GetKeyData(symkey);
if (symkey_data == NULL || symkey_data->data == NULL) {
purple_debug_error("cipher-test", "NSS: Couldn't extract key "
"value: %d\n", PR_GetError());
PK11_FreeSymKey(symkey);
SECOID_DestroyAlgorithmID(algorithm, PR_TRUE);
PK11_FreeSlot(slot);
g_free(passphrase_buff);
g_free(salt_buff);
return NULL;
}
if (symkey_data->len != out_len) {
purple_debug_error("cipher-test", "NSS: Invalid key length: %d "
"(should be %d)\n", symkey_data->len, out_len);
PK11_FreeSymKey(symkey);
SECOID_DestroyAlgorithmID(algorithm, PR_TRUE);
PK11_FreeSlot(slot);
g_free(passphrase_buff);
g_free(salt_buff);
return NULL;
}
ret = purple_base16_encode(symkey_data->data, symkey_data->len);
PK11_FreeSymKey(symkey);
SECOID_DestroyAlgorithmID(algorithm, PR_TRUE);
PK11_FreeSlot(slot);
g_free(passphrase_buff);
g_free(salt_buff);
return ret;
}
/* the content of an encrypted data content info is encrypted.
* it is assumed that for encrypted data, that the data has already
* been set and is in the "plainContent" field of the content info.
*
* cinfo is the content info to encrypt
*
* key is the key with which to perform the encryption. if the
* algorithm is a password based encryption algorithm, the
* key is actually a password which will be processed per
* PKCS #5.
*
* in the event of an error, SECFailure is returned. SECSuccess
* indicates a success.
*/
SECStatus
SEC_PKCS7EncryptContents(PRArenaPool *poolp,
SEC_PKCS7ContentInfo *cinfo,
SECItem *key,
void *wincx)
{
SECAlgorithmID *algid = NULL;
SECItem * result = NULL;
SECItem * src;
SECItem * dest;
SECItem * blocked_data = NULL;
void * mark;
void * cx;
PK11SymKey * eKey = NULL;
PK11SlotInfo * slot = NULL;
CK_MECHANISM_TYPE cryptoMechType;
int bs;
SECStatus rv = SECFailure;
SECItem *c_param = NULL;
if((cinfo == NULL) || (key == NULL))
return SECFailure;
if(SEC_PKCS7ContentType(cinfo) != SEC_OID_PKCS7_ENCRYPTED_DATA)
return SECFailure;
algid = SEC_PKCS7GetEncryptionAlgorithm(cinfo);
if(algid == NULL)
return SECFailure;
if(poolp == NULL)
poolp = cinfo->poolp;
mark = PORT_ArenaMark(poolp);
src = &cinfo->content.encryptedData->encContentInfo.plainContent;
dest = &cinfo->content.encryptedData->encContentInfo.encContent;
dest->data = (unsigned char*)PORT_ArenaZAlloc(poolp, (src->len + 64));
dest->len = (src->len + 64);
if(dest->data == NULL) {
rv = SECFailure;
goto loser;
}
slot = PK11_GetInternalKeySlot();
if(slot == NULL) {
rv = SECFailure;
goto loser;
}
eKey = PK11_PBEKeyGen(slot, algid, key, PR_FALSE, wincx);
if(eKey == NULL) {
rv = SECFailure;
goto loser;
}
cryptoMechType = PK11_GetPBECryptoMechanism(algid, &c_param, key);
if (cryptoMechType == CKM_INVALID_MECHANISM) {
rv = SECFailure;
goto loser;
}
/* block according to PKCS 8 */
bs = PK11_GetBlockSize(cryptoMechType, c_param);
rv = SECSuccess;
if(bs) {
char pad_char;
pad_char = (char)(bs - (src->len % bs));
if(src->len % bs) {
rv = SECSuccess;
blocked_data = PK11_BlockData(src, bs);
if(blocked_data) {
PORT_Memset((blocked_data->data + blocked_data->len
- (int)pad_char),
pad_char, (int)pad_char);
} else {
rv = SECFailure;
goto loser;
}
} else {
blocked_data = SECITEM_DupItem(src);
if(blocked_data) {
blocked_data->data = (unsigned char*)PORT_Realloc(
blocked_data->data,
blocked_data->len + bs);
if(blocked_data->data) {
blocked_data->len += bs;
PORT_Memset((blocked_data->data + src->len), (char)bs, bs);
} else {
rv = SECFailure;
goto loser;
}
} else {
rv = SECFailure;
goto loser;
}
}
} else {
blocked_data = SECITEM_DupItem(src);
if(!blocked_data) {
rv = SECFailure;
goto loser;
}
}
cx = PK11_CreateContextBySymKey(cryptoMechType, CKA_ENCRYPT,
eKey, c_param);
if(cx == NULL) {
rv = SECFailure;
goto loser;
}
rv = PK11_CipherOp((PK11Context*)cx, dest->data, (int *)(&dest->len),
(int)(src->len + 64), blocked_data->data,
(int)blocked_data->len);
PK11_DestroyContext((PK11Context*)cx, PR_TRUE);
loser:
/* let success fall through */
if(blocked_data != NULL)
SECITEM_ZfreeItem(blocked_data, PR_TRUE);
if(result != NULL)
SECITEM_ZfreeItem(result, PR_TRUE);
if(rv == SECFailure)
PORT_ArenaRelease(poolp, mark);
else
PORT_ArenaUnmark(poolp, mark);
if(eKey != NULL)
PK11_FreeSymKey(eKey);
if(slot != NULL)
PK11_FreeSlot(slot);
if(c_param != NULL)
SECITEM_ZfreeItem(c_param, PR_TRUE);
return rv;
}
/**
* @brief Create a key from the given passphrase. By default, the PBKDF2
* algorithm is used to generate the key from the passphrase. It is expected
* that the same pass phrase will generate the same key, regardless of the
* backend crypto platform used. The key is cleaned up when the context
* is cleaned, and may be reused with multiple encryption or decryption
* operations.
* @note If *key is NULL, a apr_crypto_key_t will be created from a pool. If
* *key is not NULL, *key must point at a previously created structure.
* @param key The key returned, see note.
* @param ivSize The size of the initialisation vector will be returned, based
* on whether an IV is relevant for this type of crypto.
* @param pass The passphrase to use.
* @param passLen The passphrase length in bytes
* @param salt The salt to use.
* @param saltLen The salt length in bytes
* @param type 3DES_192, AES_128, AES_192, AES_256.
* @param mode Electronic Code Book / Cipher Block Chaining.
* @param doPad Pad if necessary.
* @param iterations Iteration count
* @param f The context to use.
* @param p The pool to use.
* @return Returns APR_ENOKEY if the pass phrase is missing or empty, or if a backend
* error occurred while generating the key. APR_ENOCIPHER if the type or mode
* is not supported by the particular backend. APR_EKEYTYPE if the key type is
* not known. APR_EPADDING if padding was requested but is not supported.
* APR_ENOTIMPL if not implemented.
*/
static apr_status_t crypto_passphrase(apr_crypto_key_t **k, apr_size_t *ivSize,
const char *pass, apr_size_t passLen, const unsigned char * salt,
apr_size_t saltLen, const apr_crypto_block_key_type_e type,
const apr_crypto_block_key_mode_e mode, const int doPad,
const int iterations, const apr_crypto_t *f, apr_pool_t *p)
{
apr_status_t rv = APR_SUCCESS;
PK11SlotInfo * slot;
SECItem passItem;
SECItem saltItem;
SECAlgorithmID *algid;
void *wincx = NULL; /* what is wincx? */
apr_crypto_key_t *key = *k;
if (!key) {
*k = key = apr_array_push(f->keys);
}
if (!key) {
return APR_ENOMEM;
}
key->f = f;
key->provider = f->provider;
/* decide on what cipher mechanism we will be using */
switch (type) {
case (APR_KEY_3DES_192):
if (APR_MODE_CBC == mode) {
key->cipherOid = SEC_OID_DES_EDE3_CBC;
}
else if (APR_MODE_ECB == mode) {
return APR_ENOCIPHER;
/* No OID for CKM_DES3_ECB; */
}
break;
case (APR_KEY_AES_128):
if (APR_MODE_CBC == mode) {
key->cipherOid = SEC_OID_AES_128_CBC;
}
else {
key->cipherOid = SEC_OID_AES_128_ECB;
}
break;
case (APR_KEY_AES_192):
if (APR_MODE_CBC == mode) {
key->cipherOid = SEC_OID_AES_192_CBC;
}
else {
key->cipherOid = SEC_OID_AES_192_ECB;
}
break;
case (APR_KEY_AES_256):
if (APR_MODE_CBC == mode) {
key->cipherOid = SEC_OID_AES_256_CBC;
}
else {
key->cipherOid = SEC_OID_AES_256_ECB;
}
break;
default:
/* unknown key type, give up */
return APR_EKEYTYPE;
}
/* AES_128_CBC --> CKM_AES_CBC --> CKM_AES_CBC_PAD */
key->cipherMech = PK11_AlgtagToMechanism(key->cipherOid);
if (key->cipherMech == CKM_INVALID_MECHANISM) {
return APR_ENOCIPHER;
}
if (doPad) {
CK_MECHANISM_TYPE paddedMech;
paddedMech = PK11_GetPadMechanism(key->cipherMech);
if (CKM_INVALID_MECHANISM == paddedMech || key->cipherMech
== paddedMech) {
return APR_EPADDING;
}
key->cipherMech = paddedMech;
}
/* Turn the raw passphrase and salt into SECItems */
passItem.data = (unsigned char*) pass;
passItem.len = passLen;
saltItem.data = (unsigned char*) salt;
saltItem.len = saltLen;
/* generate the key */
/* pbeAlg and cipherAlg are the same. NSS decides the keylength. */
algid = PK11_CreatePBEV2AlgorithmID(key->cipherOid, key->cipherOid,
SEC_OID_HMAC_SHA1, 0, iterations, &saltItem);
if (algid) {
slot = PK11_GetBestSlot(key->cipherMech, wincx);
if (slot) {
key->symKey = PK11_PBEKeyGen(slot, algid, &passItem, PR_FALSE,
wincx);
PK11_FreeSlot(slot);
}
SECOID_DestroyAlgorithmID(algid, PR_TRUE);
}
/* sanity check? */
if (!key->symKey) {
PRErrorCode perr = PORT_GetError();
if (perr) {
f->result->rc = perr;
f->result->msg = PR_ErrorToName(perr);
rv = APR_ENOKEY;
}
}
key->ivSize = PK11_GetIVLength(key->cipherMech);
if (ivSize) {
*ivSize = key->ivSize;
}
return rv;
}
