void P12Coder::macParse( const NSS_P12_MacData &macData, SecNssCoder &localCdr) { p12DecodeLog("macParse"); algIdParse(macData.mac.digestAlgorithm, NULL, localCdr); const CSSM_DATA &iter = macData.iterations; if(iter.Length > 4) { p12ErrorLog("malformed iteration length (%u)\n", (unsigned)iter.Length); P12_THROW_DECODE; } }
/* * Parse a NSS_P7_EncryptedData - specifically in the context * of a P12 in password privacy mode. (The latter assumption is * to enable us to infer CSSM_X509_ALGORITHM_IDENTIFIER.parameters * format). */ void P12Coder::encryptedDataParse( const NSS_P7_EncryptedData &edata, SecNssCoder &localCdr, NSS_P12_PBE_Params *pbep) // optional, RETURNED { p12DecodeLog("encryptedDataParse"); /* * Parse the alg ID, save PBE params for when we do the decrypt * key unwrap */ const NSS_P7_EncrContentInfo &ci = edata.contentInfo; const CSSM_X509_ALGORITHM_IDENTIFIER &algId = ci.encrAlg; algIdParse(algId, pbep, localCdr); }
static int p12Decrypt(pkcs12_context * context, const SecAsn1AlgId *algId, const SecAsn1Item *cipherText, SecAsn1Item *plainText) { NSS_P12_PBE_Params pbep; // XXX/cs not requiring decoding, but if pbep is uninit this will fail later algIdParse(context, algId, &pbep); CCAlgorithm alg = 0; uint32_t keySizeInBits = 0; uint32_t blockSizeInBytes = 0; // for IV, optional CCOptions options = 0; require_noerr_quiet(pkcsOidToParams(&algId->algorithm, &alg, &keySizeInBits, &blockSizeInBytes, &options), out); uint32_t iterCount = 0; require_noerr(p12DataToInt(&pbep.iterations, &iterCount), out); /* P12 style key derivation */ SecAsn1Item key = {0, NULL}; if(keySizeInBits) alloc_item(context, &key, (keySizeInBits+7)/8); require_noerr(p12_pbe_gen(context->passphrase, pbep.salt.Data, pbep.salt.Length, iterCount, PBE_ID_Key, key.Data, key.Length), out); /* P12 style IV derivation, optional */ SecAsn1Item iv = {0, NULL}; if(blockSizeInBytes) { alloc_item(context, &iv, blockSizeInBytes); require_noerr(p12_pbe_gen(context->passphrase, pbep.salt.Data, pbep.salt.Length, iterCount, PBE_ID_IV, iv.Data, iv.Length), out); } SecAsn1Item ourPtext = {0, NULL}; alloc_item(context, &ourPtext, cipherText->Length); require_noerr(CCCrypt(kCCDecrypt, alg, options/*kCCOptionPKCS7Padding*/, key.Data, key.Length, iv.Data, cipherText->Data, cipherText->Length, ourPtext.Data, ourPtext.Length, &ourPtext.Length), out); *plainText = ourPtext; return 0; out: return -1; }
/* * ShroudedKeyBag parser w/decrypt */ void P12Coder::shroudedKeyBagParse( const NSS_P12_SafeBag &safeBag, SecNssCoder &localCdr) { p12DecodeLog("Found shrouded key bag"); if(mPrivKeyImportState == PKIS_NoMore) { CssmError::throwMe(errSecMultiplePrivKeys); } const NSS_P12_ShroudedKeyBag *keyBag = safeBag.bagValue.shroudedKeyBag; const CSSM_X509_ALGORITHM_IDENTIFIER &algId = keyBag->algorithm; NSS_P12_PBE_Params pbep; algIdParse(algId, &pbep, localCdr); /* * Prepare for decryption */ CSSM_ALGORITHMS keyAlg; // e.g., CSSM_ALGID_DES CSSM_ALGORITHMS encrAlg; // e.g., CSSM_ALGID_3DES_3KEY_EDE CSSM_ALGORITHMS pbeHashAlg; // SHA1 or MD5 uint32 keySizeInBits; uint32 blockSizeInBytes; // for IV, optional CSSM_PADDING padding; // CSSM_PADDING_PKCS7, etc. CSSM_ENCRYPT_MODE mode; // CSSM_ALGMODE_CBCPadIV8, etc. PKCS_Which pkcs; bool found = pkcsOidToParams(&algId.algorithm, keyAlg, encrAlg, pbeHashAlg, keySizeInBits, blockSizeInBytes, padding, mode, pkcs); if(!found || (pkcs != PW_PKCS12)) { p12ErrorLog("ShroudedKeyBag encrAlg not understood\n"); CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM); } uint32 iterCount; if(!p12DataToInt(pbep.iterations, iterCount)) { p12ErrorLog("ShroudedKeyBag: badly formed iterCount\n"); P12_THROW_DECODE; } const CSSM_DATA *encrPhrase = getEncrPassPhrase(); const CSSM_KEY *passKey = getEncrPassKey(); if((encrPhrase == NULL) && (passKey == NULL)) { p12ErrorLog("no passphrase set\n"); CssmError::throwMe(CSSMERR_CSP_MISSING_ATTR_PASSPHRASE); } /* We'll own the actual CSSM_KEY memory */ CSSM_KEY_PTR privKey = (CSSM_KEY_PTR)mCoder.malloc(sizeof(CSSM_KEY)); memset(privKey, 0, sizeof(CSSM_KEY)); CSSM_DATA labelData; p12GenLabel(labelData, localCdr); CSSM_RETURN crtn = p12UnwrapKey(mCspHand, mDlDbHand.DLHandle ? &mDlDbHand : NULL, mImportFlags & kSecImportKeys, keyBag->encryptedData, keyAlg, encrAlg, pbeHashAlg, keySizeInBits, blockSizeInBytes, padding, mode, iterCount, pbep.salt, encrPhrase, passKey, localCdr, labelData, mAccess, mNoAcl, mKeyUsage, mKeyAttrs, privKey); if(crtn) { p12ErrorLog("Error unwrapping private key\n"); CssmError::throwMe(crtn); } p12DecodeLog("unwrapped shrouded key bag"); P12KeyBag *p12bag = new P12KeyBag(privKey, mCspHand, safeBag.bagAttrs, labelData, mCoder); addKey(p12bag); if(mPrivKeyImportState == PKIS_AllowOne) { mPrivKeyImportState = PKIS_NoMore; } }