Пример #1
0
/*
 * Decrypt the contents of a NSS_P7_EncryptedData
 */
void P12Coder::encryptedDataDecrypt(
	const NSS_P7_EncryptedData &edata,
	SecNssCoder &localCdr,
	NSS_P12_PBE_Params *pbep,	// preparsed
	CSSM_DATA &ptext)			// result goes here in localCdr space
{
	p12DecodeLog("encryptedDataDecrypt");

	/* see if we can grok the encr alg */
	CSSM_ALGORITHMS		keyAlg;			// e.g., CSSM_ALGID_DES
	CSSM_ALGORITHMS		encrAlg;		// e.g., CSSM_ALGID_3DES_3KEY_EDE
	CSSM_ALGORITHMS		pbeHashAlg;		// SHA1 or MD5
	uint32				keySizeInBits;
	uint32				blockSizeInBytes;	// for IV, optional
	CSSM_PADDING		padding;		// CSSM_PADDING_PKCS7, etc.
	CSSM_ENCRYPT_MODE	mode;			// CSSM_ALGMODE_CBCPadIV8, etc.
	PKCS_Which			pkcs;
	
	bool found = pkcsOidToParams(&edata.contentInfo.encrAlg.algorithm,
		keyAlg, encrAlg, pbeHashAlg, keySizeInBits, blockSizeInBytes,
		padding, mode, pkcs);
	if(!found || (pkcs != PW_PKCS12)) {
		p12ErrorLog("EncryptedData encrAlg not understood\n");
		CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
	}
		
	uint32 iterCount;
	if(!p12DataToInt(pbep->iterations, iterCount)) {
		p12ErrorLog("encryptedDataDecrypt: badly formed iterCount\n");
		P12_THROW_DECODE;
	}
	const CSSM_DATA *pwd = getEncrPassPhrase();
	const CSSM_KEY *passKey = getEncrPassKey();
	if((pwd == NULL) && (passKey == NULL)) {
		p12ErrorLog("no passphrase set\n");
		CssmError::throwMe(CSSMERR_CSP_MISSING_ATTR_PASSPHRASE);
	}
	
	/* go */
	CSSM_RETURN crtn = p12Decrypt(mCspHand,
		edata.contentInfo.encrContent,
		keyAlg, encrAlg, pbeHashAlg,
		keySizeInBits, blockSizeInBytes,
		padding, mode,
		iterCount, pbep->salt,
		pwd,
		passKey, 
		localCdr, 
		ptext);
	if(crtn) {
		CssmError::throwMe(crtn);
	}
}
/*
 * Verify MAC on an existing PFX.  
 */
CSSM_RETURN p12VerifyMac(
	const NSS_P12_DecodedPFX 	&pfx,
	CSSM_CSP_HANDLE				cspHand,
	const CSSM_DATA				*pwd,	// unicode, double null terminated
	const CSSM_KEY				*passKey,
	SecNssCoder					&coder)	// for temp mallocs
{
	if(pfx.macData == NULL) {
		return CSSMERR_CSP_INVALID_SIGNATURE;
	}
	NSS_P12_MacData &macData = *pfx.macData;
	NSS_P7_DigestInfo &digestInfo  = macData.mac;
	CSSM_OID &algOid = digestInfo.digestAlgorithm.algorithm;
	CSSM_ALGORITHMS macAlg;
	if(!cssmOidToAlg(&algOid, &macAlg)) {
		return CSSMERR_CSP_INVALID_ALGORITHM;
	}
	uint32 iterCount = 0;
	CSSM_DATA &citer = macData.iterations;
	if(!p12DataToInt(citer, iterCount)) {
		return CSSMERR_CSP_INVALID_ATTR_ROUNDS;
	}
	if(iterCount == 0) {
		/* optional, default 1 */
		iterCount = 1;
	}

	/*
	 * In classic fashion, the PKCS12 spec now says:
	 *
	 *      When password integrity mode is used to secure a PFX PDU, 
	 *      an SHA-1 HMAC is computed on the BER-encoding of the contents 
	 *      of the content field of the authSafe field in the PFX PDU.
	 *
	 * So here we go.
	 */
	CSSM_DATA genMac;
	CSSM_RETURN crtn = p12GenMac(cspHand, *pfx.authSafe.content.data, 
		macAlg, iterCount, macData.macSalt, pwd, passKey, coder, genMac);
	if(crtn) {
		return crtn;
	}
	if(nssCompareCssmData(&genMac, &digestInfo.digest)) {
		return CSSM_OK;
	}
	else {
		return CSSMERR_CSP_VERIFY_FAILED;
	}
}
/* 
 * Generate random label string to allow associating an imported private
 * key with a cert.
 */
void p12GenLabel(
	CSSM_DATA &label,
	SecNssCoder &coder)
{
	/* first a random uint32 */
	uint8 d[4];
	DevRandomGenerator rng;
	rng.random(d, 4);
	CSSM_DATA cd = {4, d};
	uint32 i;
	p12DataToInt(cd, i);
	
	/* sprintf that into a real string */
	coder.allocItem(label, 9);
	memset(label.Data, 0, 9);
	sprintf((char *)label.Data, "%08X", (unsigned)i);
}
Пример #4
0
static int p12VerifyMac(pkcs12_context * context, const NSS_P12_DecodedPFX *pfx)
{
	NSS_P12_MacData *macData = pfx->macData;
	require(macData, out);
	NSS_P7_DigestInfo *digestInfo  = &macData->mac;
    require(digestInfo, out);
	SecAsn1Item *algOid = &digestInfo->digestAlgorithm.algorithm;
    require(algOid, out);

    /* has to be OID_OIW_SHA1 */
    DERItem algOidItem = { algOid->Data, algOid->Length };
    require(algOidItem.length && DEROidCompare(&oidSha1, &algOidItem), out);
	
	uint32_t iterCount = 0;
	require_noerr_quiet(p12DataToInt(&macData->iterations, &iterCount), out);
	if (iterCount == 0) { /* optional, default 1 */
		iterCount = 1;
	}

	/*
	 * In classic fashion, the PKCS12 spec now says:
	 *
	 *      When password integrity mode is used to secure a PFX PDU, 
	 *      an SHA-1 HMAC is computed on the BER-encoding of the contents 
	 *      of the content field of the authSafe field in the PFX PDU.
	 *
	 * So here we go.
	 */
	uint8_t hmac_key[CC_SHA1_DIGEST_LENGTH];
	require_noerr_quiet(p12_pbe_gen(context->passphrase, 
        macData->macSalt.Data, macData->macSalt.Length,
        iterCount, PBE_ID_MAC, hmac_key, sizeof(hmac_key)), out);

	/* prealloc the mac data */
	SecAsn1Item verifyMac;
	alloc_item(context, &verifyMac, CC_SHA1_DIGEST_LENGTH);
	SecAsn1Item *ptext = pfx->authSafe.content.data;
	CCHmac(kCCHmacAlgSHA1, hmac_key, CC_SHA1_DIGEST_LENGTH, 
        ptext->Data, ptext->Length, verifyMac.Data);
	require_quiet(nssCompareSecAsn1Items(&verifyMac, &digestInfo->digest), out);
	
	return 0;
out:
    return -1;
}
Пример #5
0
static int p12Decrypt(pkcs12_context * context, const SecAsn1AlgId *algId,
	const SecAsn1Item *cipherText, SecAsn1Item *plainText)
{
	NSS_P12_PBE_Params pbep;
    // XXX/cs not requiring decoding, but if pbep is uninit this will fail later
	algIdParse(context, algId, &pbep);

	CCAlgorithm		alg = 0;
	uint32_t			keySizeInBits = 0;
	uint32_t			blockSizeInBytes = 0;	// for IV, optional
	CCOptions		options = 0;
	require_noerr_quiet(pkcsOidToParams(&algId->algorithm, &alg, &keySizeInBits, 
        &blockSizeInBytes, &options), out);

	uint32_t iterCount = 0;
	require_noerr(p12DataToInt(&pbep.iterations, &iterCount), out);

	/* P12 style key derivation */
	SecAsn1Item key = {0, NULL};
	if(keySizeInBits)
        alloc_item(context, &key, (keySizeInBits+7)/8);
    require_noerr(p12_pbe_gen(context->passphrase, pbep.salt.Data, pbep.salt.Length, 
        iterCount, PBE_ID_Key, key.Data, key.Length), out);
        
	/* P12 style IV derivation, optional */
	SecAsn1Item iv = {0, NULL};
	if(blockSizeInBytes) {
		alloc_item(context, &iv, blockSizeInBytes);
        require_noerr(p12_pbe_gen(context->passphrase, pbep.salt.Data, pbep.salt.Length, 
            iterCount, PBE_ID_IV, iv.Data, iv.Length), out);
    }

	SecAsn1Item ourPtext = {0, NULL};
    alloc_item(context, &ourPtext, cipherText->Length);
    require_noerr(CCCrypt(kCCDecrypt, alg, options/*kCCOptionPKCS7Padding*/, 
        key.Data, key.Length, iv.Data, cipherText->Data, cipherText->Length, 
        ourPtext.Data, ourPtext.Length, &ourPtext.Length), out);
    *plainText = ourPtext;

    return 0;
out:
    return -1;
}
Пример #6
0
/*
 * ShroudedKeyBag parser w/decrypt
 */
void P12Coder::shroudedKeyBagParse(
	const NSS_P12_SafeBag &safeBag,
	SecNssCoder &localCdr)
{
	p12DecodeLog("Found shrouded key bag");
	if(mPrivKeyImportState == PKIS_NoMore) {
		CssmError::throwMe(errSecMultiplePrivKeys);	
	}

	const NSS_P12_ShroudedKeyBag *keyBag = safeBag.bagValue.shroudedKeyBag;
	const CSSM_X509_ALGORITHM_IDENTIFIER &algId = keyBag->algorithm;
	NSS_P12_PBE_Params pbep;
	algIdParse(algId, &pbep, localCdr);

	/*
	 * Prepare for decryption
	 */
	CSSM_ALGORITHMS		keyAlg;			// e.g., CSSM_ALGID_DES
	CSSM_ALGORITHMS		encrAlg;		// e.g., CSSM_ALGID_3DES_3KEY_EDE
	CSSM_ALGORITHMS		pbeHashAlg;		// SHA1 or MD5
	uint32				keySizeInBits;
	uint32				blockSizeInBytes;	// for IV, optional
	CSSM_PADDING		padding;		// CSSM_PADDING_PKCS7, etc.
	CSSM_ENCRYPT_MODE	mode;			// CSSM_ALGMODE_CBCPadIV8, etc.
	PKCS_Which			pkcs;
	
	bool found = pkcsOidToParams(&algId.algorithm,
		keyAlg, encrAlg, pbeHashAlg, keySizeInBits, blockSizeInBytes,
		padding, mode, pkcs);
	if(!found || (pkcs != PW_PKCS12)) {
		p12ErrorLog("ShroudedKeyBag encrAlg not understood\n");
		CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
	}

	uint32 iterCount;
	if(!p12DataToInt(pbep.iterations, iterCount)) {
		p12ErrorLog("ShroudedKeyBag: badly formed iterCount\n");
		P12_THROW_DECODE;
	}
	const CSSM_DATA *encrPhrase = getEncrPassPhrase();
	const CSSM_KEY *passKey = getEncrPassKey();
	if((encrPhrase == NULL) && (passKey == NULL)) {
		p12ErrorLog("no passphrase set\n");
		CssmError::throwMe(CSSMERR_CSP_MISSING_ATTR_PASSPHRASE);
	}
	
	/* We'll own the actual CSSM_KEY memory */
	CSSM_KEY_PTR privKey = (CSSM_KEY_PTR)mCoder.malloc(sizeof(CSSM_KEY));
	memset(privKey, 0, sizeof(CSSM_KEY));
	
	CSSM_DATA labelData;
	p12GenLabel(labelData, localCdr);	
	
	CSSM_RETURN crtn = p12UnwrapKey(mCspHand,
		mDlDbHand.DLHandle ? &mDlDbHand : NULL,
		mImportFlags & kSecImportKeys,
		keyBag->encryptedData,
		keyAlg, encrAlg, pbeHashAlg,
		keySizeInBits, blockSizeInBytes,
		padding, mode,
		iterCount, pbep.salt,
		encrPhrase,
		passKey,
		localCdr, 
		labelData,
		mAccess,
		mNoAcl,
		mKeyUsage,
		mKeyAttrs,
		privKey);
	if(crtn) {
		p12ErrorLog("Error unwrapping private key\n");
		CssmError::throwMe(crtn);
	}
	p12DecodeLog("unwrapped shrouded key bag");

	P12KeyBag *p12bag = new P12KeyBag(privKey, mCspHand,
		safeBag.bagAttrs, labelData, mCoder);
	addKey(p12bag);
	
	if(mPrivKeyImportState == PKIS_AllowOne) {
		mPrivKeyImportState = PKIS_NoMore;	
	}
}