[apple/security.git] / OSX / libsecurity_pkcs12 / lib / pkcs12Decode.cpp

/*
 * Copyright (c) 2003-2004,2011,2014 Apple Inc. All Rights Reserved.
 * 
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */
 
/*
 * pkcs12Decode.h - P12Coder decoding engine.
 */
 
#include "pkcs12Coder.h"
#include "pkcs12Templates.h"
#include "pkcs12Utils.h"
#include "pkcs12Debug.h"
#include "pkcs12Crypto.h"
#include <security_cdsa_utilities/cssmerrors.h>
#include <security_asn1/nssUtils.h>

/* top-level PKCS12 PFX decoder */
void P12Coder::decode(
	CFDataRef				cdpfx)
{
	SecNssCoder localCdr;
	NSS_P12_DecodedPFX pfx;

	p12DecodeLog("decode");
	memset(&pfx, 0, sizeof(pfx));
	const CSSM_DATA rawBlob = {CFDataGetLength(cdpfx),
		(uint8 *)CFDataGetBytePtr(cdpfx)};
		
	if(localCdr.decodeItem(rawBlob, NSS_P12_DecodedPFXTemplate, &pfx)) {
		p12ErrorLog("Error on top-level decode of NSS_P12_DecodedPFX\n");
		P12_THROW_DECODE;
	}
	NSS_P7_DecodedContentInfo &dci = pfx.authSafe;
	if(dci.type != CT_Data) {
		/* no other types supported yet */
		p12ErrorLog("bad top-level contentType\n");
		P12_THROW_DECODE;
	}
	mIntegrityMode = kSecPkcs12ModePassword;

	if(pfx.macData == NULL) {
		/* not present is an error in kSecPkcs12ModePassword */
		p12ErrorLog("no MAC in PFX\n");
		P12_THROW_DECODE;
	}
	macParse(*pfx.macData, localCdr);

	const CSSM_DATA *macPhrase = getMacPassPhrase();
	const CSSM_KEY *macPassKey = getMacPassKey();
	if((macPhrase == NULL) && (macPassKey == NULL)) {
		p12ErrorLog("no passphrase set\n");
		CssmError::throwMe(CSSMERR_CSP_MISSING_ATTR_PASSPHRASE);
	}
	CSSM_RETURN crtn = p12VerifyMac(pfx, mCspHand, macPhrase, 
		macPassKey, localCdr);
	if(crtn) {
		p12LogCssmError("p12VerifyMac", crtn);
		CssmError::throwMe(errSecPkcs12VerifyFailure);
	}
	
	authSafeParse(*dci.content.data, localCdr);

	/*
	 * On success, if we have a keychain, store certs and CRLs there
	 */
	if(mKeychain != NULL) {
		storeDecodeResults();
	}
}

/*
 * Decrypt the contents of a NSS_P7_EncryptedData
 */
void P12Coder::encryptedDataDecrypt(
	const NSS_P7_EncryptedData &edata,
	SecNssCoder &localCdr,
	NSS_P12_PBE_Params *pbep,	// preparsed
	CSSM_DATA &ptext)			// result goes here in localCdr space
{
	p12DecodeLog("encryptedDataDecrypt");

	/* see if we can grok the encr alg */
	CSSM_ALGORITHMS		keyAlg;			// e.g., CSSM_ALGID_DES
	CSSM_ALGORITHMS		encrAlg;		// e.g., CSSM_ALGID_3DES_3KEY_EDE
	CSSM_ALGORITHMS		pbeHashAlg;		// SHA1 or MD5
	uint32				keySizeInBits;
	uint32				blockSizeInBytes;	// for IV, optional
	CSSM_PADDING		padding;		// CSSM_PADDING_PKCS7, etc.
	CSSM_ENCRYPT_MODE	mode;			// CSSM_ALGMODE_CBCPadIV8, etc.
	PKCS_Which			pkcs;
	
	bool found = pkcsOidToParams(&edata.contentInfo.encrAlg.algorithm,
		keyAlg, encrAlg, pbeHashAlg, keySizeInBits, blockSizeInBytes,
		padding, mode, pkcs);
	if(!found || (pkcs != PW_PKCS12)) {
		p12ErrorLog("EncryptedData encrAlg not understood\n");
		CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
	}
		
	uint32 iterCount;
	if(!p12DataToInt(pbep->iterations, iterCount)) {
		p12ErrorLog("encryptedDataDecrypt: badly formed iterCount\n");
		P12_THROW_DECODE;
	}
	const CSSM_DATA *pwd = getEncrPassPhrase();
	const CSSM_KEY *passKey = getEncrPassKey();
	if((pwd == NULL) && (passKey == NULL)) {
		p12ErrorLog("no passphrase set\n");
		CssmError::throwMe(CSSMERR_CSP_MISSING_ATTR_PASSPHRASE);
	}
	
	/* go */
	CSSM_RETURN crtn = p12Decrypt(mCspHand,
		edata.contentInfo.encrContent,
		keyAlg, encrAlg, pbeHashAlg,
		keySizeInBits, blockSizeInBytes,
		padding, mode,
		iterCount, pbep->salt,
		pwd,
		passKey, 
		localCdr, 
		ptext);
	if(crtn) {
		CssmError::throwMe(crtn);
	}
}


/*
 * Parse an CSSM_X509_ALGORITHM_IDENTIFIER specific to P12.
 * Decode the alg params as a NSS_P12_PBE_Params and parse and 
 * return the result if the pbeParams is non-NULL.
 */
void P12Coder::algIdParse(
	const CSSM_X509_ALGORITHM_IDENTIFIER &algId,
	NSS_P12_PBE_Params *pbeParams,		// optional
	SecNssCoder &localCdr)
{
	p12DecodeLog("algIdParse");

	const CSSM_DATA &param = algId.parameters;
	if(pbeParams == NULL) {
		/* alg params are uninterpreted */
		return;
	}
	
	if(param.Length == 0) {
		p12ErrorLog("algIdParse: no alg parameters\n");
		P12_THROW_DECODE;
	}
	
	memset(pbeParams, 0, sizeof(*pbeParams));
	if(localCdr.decodeItem(param, 
			NSS_P12_PBE_ParamsTemplate, pbeParams)) {
		p12ErrorLog("Error decoding NSS_P12_PBE_Params\n");
		P12_THROW_DECODE;
	}
}

/*
 * Parse a NSS_P7_EncryptedData - specifically in the context
 * of a P12 in password privacy mode. (The latter assumption is
 * to enable us to infer CSSM_X509_ALGORITHM_IDENTIFIER.parameters
 * format). 
 */
void P12Coder::encryptedDataParse(
	const NSS_P7_EncryptedData &edata,
	SecNssCoder &localCdr,
	NSS_P12_PBE_Params *pbep)		// optional, RETURNED
{
	p12DecodeLog("encryptedDataParse");

	/*
	 * Parse the alg ID, save PBE params for when we do the decrypt
	 * key unwrap
	 */
	const NSS_P7_EncrContentInfo &ci = edata.contentInfo;
	const CSSM_X509_ALGORITHM_IDENTIFIER &algId = ci.encrAlg;
	algIdParse(algId, pbep, localCdr);
}

/*
 * ShroudedKeyBag parser w/decrypt
 */
void P12Coder::shroudedKeyBagParse(
	const NSS_P12_SafeBag &safeBag,
	SecNssCoder &localCdr)
{
	p12DecodeLog("Found shrouded key bag");
	if(mPrivKeyImportState == PKIS_NoMore) {
		CssmError::throwMe(errSecMultiplePrivKeys);	
	}

	const NSS_P12_ShroudedKeyBag *keyBag = safeBag.bagValue.shroudedKeyBag;
	const CSSM_X509_ALGORITHM_IDENTIFIER &algId = keyBag->algorithm;
	NSS_P12_PBE_Params pbep;
	algIdParse(algId, &pbep, localCdr);

	/*
	 * Prepare for decryption
	 */
	CSSM_ALGORITHMS		keyAlg;			// e.g., CSSM_ALGID_DES
	CSSM_ALGORITHMS		encrAlg;		// e.g., CSSM_ALGID_3DES_3KEY_EDE
	CSSM_ALGORITHMS		pbeHashAlg;		// SHA1 or MD5
	uint32				keySizeInBits;
	uint32				blockSizeInBytes;	// for IV, optional
	CSSM_PADDING		padding;		// CSSM_PADDING_PKCS7, etc.
	CSSM_ENCRYPT_MODE	mode;			// CSSM_ALGMODE_CBCPadIV8, etc.
	PKCS_Which			pkcs;
	
	bool found = pkcsOidToParams(&algId.algorithm,
		keyAlg, encrAlg, pbeHashAlg, keySizeInBits, blockSizeInBytes,
		padding, mode, pkcs);
	if(!found || (pkcs != PW_PKCS12)) {
		p12ErrorLog("ShroudedKeyBag encrAlg not understood\n");
		CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
	}

	uint32 iterCount;
	if(!p12DataToInt(pbep.iterations, iterCount)) {
		p12ErrorLog("ShroudedKeyBag: badly formed iterCount\n");
		P12_THROW_DECODE;
	}
	const CSSM_DATA *encrPhrase = getEncrPassPhrase();
	const CSSM_KEY *passKey = getEncrPassKey();
	if((encrPhrase == NULL) && (passKey == NULL)) {
		p12ErrorLog("no passphrase set\n");
		CssmError::throwMe(CSSMERR_CSP_MISSING_ATTR_PASSPHRASE);
	}
	
	/* We'll own the actual CSSM_KEY memory */
	CSSM_KEY_PTR privKey = (CSSM_KEY_PTR)mCoder.malloc(sizeof(CSSM_KEY));
	memset(privKey, 0, sizeof(CSSM_KEY));
	
	CSSM_DATA labelData;
	p12GenLabel(labelData, localCdr);	
	
	CSSM_RETURN crtn = p12UnwrapKey(mCspHand,
		mDlDbHand.DLHandle ? &mDlDbHand : NULL,
		mImportFlags & kSecImportKeys,
		keyBag->encryptedData,
		keyAlg, encrAlg, pbeHashAlg,
		keySizeInBits, blockSizeInBytes,
		padding, mode,
		iterCount, pbep.salt,
		encrPhrase,
		passKey,
		localCdr, 
		labelData,
		mAccess,
		mNoAcl,
		mKeyUsage,
		mKeyAttrs,
		privKey);
	if(crtn) {
		p12ErrorLog("Error unwrapping private key\n");
		CssmError::throwMe(crtn);
	}
	p12DecodeLog("unwrapped shrouded key bag");

	P12KeyBag *p12bag = new P12KeyBag(privKey, mCspHand,
		safeBag.bagAttrs, labelData, mCoder);
	addKey(p12bag);
	
	if(mPrivKeyImportState == PKIS_AllowOne) {
		mPrivKeyImportState = PKIS_NoMore;	
	}
}

/*
 * (unshrouded) KeyBag parser
 */
void P12Coder::keyBagParse(
	const NSS_P12_SafeBag &safeBag,
	SecNssCoder &localCdr)
{
	if(mPrivKeyImportState == PKIS_NoMore) {
		CssmError::throwMe(errSecMultiplePrivKeys);	
	}
	
	/* FIXME - should be able to parse and handle this.... */
	p12DecodeLog("found keyBag");
	NSS_P12_KeyBag *keyBag = safeBag.bagValue.keyBag;
	P12OpaqueBag *p12Bag = new P12OpaqueBag(safeBag.bagId, 
		/* this breaks when NSS_P12_KeyBag is not a CSSM_DATA */
		*keyBag,			
		safeBag.bagAttrs,
		mCoder);
	addOpaque(p12Bag);
}

/*
 * CertBag parser
 */
void P12Coder::certBagParse(
	const NSS_P12_SafeBag &safeBag,
	SecNssCoder &localCdr)
{
	p12DecodeLog("found certBag");
	NSS_P12_CertBag *certBag = safeBag.bagValue.certBag;
	switch(certBag->type) {
		case CT_X509:
		case CT_SDSI:
			break;
		default:
			p12ErrorLog("certBagParse: unknown cert type\n");
			P12_THROW_DECODE;
	}
	P12CertBag *p12Bag = new P12CertBag(certBag->type, 
		certBag->certValue,
		safeBag.bagAttrs,
		mCoder);
	addCert(p12Bag);
}

/*
 * CrlBag parser
 */
void P12Coder::crlBagParse(
	const NSS_P12_SafeBag &safeBag,
	SecNssCoder &localCdr)
{
	p12DecodeLog("found crlBag");
	NSS_P12_CrlBag *crlBag = safeBag.bagValue.crlBag;
	switch(crlBag->type) {
		case CRT_X509:
			break;
		default:
			p12ErrorLog("crlBagParse: unknown CRL type\n");
			P12_THROW_DECODE;
	}
	P12CrlBag *p12Bag = new P12CrlBag(crlBag->type, 
		crlBag->crlValue,
		safeBag.bagAttrs,
		mCoder);
	addCrl(p12Bag);
}

/*
 * SecretBag parser
 */
void P12Coder::secretBagParse(
	const NSS_P12_SafeBag &safeBag,
	SecNssCoder &localCdr)
{
	p12DecodeLog("found secretBag");
	NSS_P12_SecretBag *secretBag = safeBag.bagValue.secretBag;
	P12OpaqueBag *p12Bag = new P12OpaqueBag(safeBag.bagId, 
		/* this breaks when NSS_P12_SecretBag is not a CSSM_DATA */
		*secretBag,			
		safeBag.bagAttrs,
		mCoder);
	addOpaque(p12Bag);
}

/*
 * SafeContentsBag parser
 */
void P12Coder::safeContentsBagParse(
	const NSS_P12_SafeBag &safeBag,
	SecNssCoder &localCdr)
{
	p12DecodeLog("found SafeContents safe bag");
	NSS_P12_SafeContentsBag *scBag = safeBag.bagValue.safeContentsBag;
	P12OpaqueBag *p12Bag = new P12OpaqueBag(safeBag.bagId, 
		/* this breaks when NSS_P12_SafeContentsBag is not a CSSM_DATA */
		*scBag,			
		safeBag.bagAttrs,
		mCoder);
	addOpaque(p12Bag);
}

/*
 * Parse an encoded NSS_P12_SafeContents. This could be either 
 * present as plaintext in an AuthSafe or decrypted. 
 */
void P12Coder::safeContentsParse(
	const CSSM_DATA &contentsBlob,
	SecNssCoder &localCdr)
{
	p12DecodeLog("safeContentsParse");

	NSS_P12_SafeContents sc;
	memset(&sc, 0, sizeof(sc));
	if(localCdr.decodeItem(contentsBlob, NSS_P12_SafeContentsTemplate,
			&sc)) {
		p12ErrorLog("Error decoding SafeContents\n");
		P12_THROW_DECODE;
	}
	unsigned numBags = nssArraySize((const void **)sc.bags);
	for(unsigned dex=0; dex<numBags; dex++) {
		NSS_P12_SafeBag *bag = sc.bags[dex];
		assert(bag != NULL);
		
		/* ensure that *something* is there */
		if(bag->bagValue.keyBag == NULL) {
			p12ErrorLog("safeContentsParse: Empty SafeBag\n");
			P12_THROW_DECODE;
		}
		
		/*
		 * Break out to individual bag type
		 */
		switch(bag->type) {
			case BT_KeyBag:
				keyBagParse(*bag, localCdr);
				break;
			case BT_ShroudedKeyBag:
				shroudedKeyBagParse(*bag, localCdr);
				break;
			case BT_CertBag:
				certBagParse(*bag, localCdr);
				break;
			case BT_CrlBag:
				crlBagParse(*bag, localCdr);
				break;
			case BT_SecretBag:
				secretBagParse(*bag ,localCdr);
				break;
			case BT_SafeContentsBag:
				safeContentsBagParse(*bag, localCdr);
				break;
			default:
				p12ErrorLog("unknown  p12 BagType (%u)\n",
					(unsigned)bag->type);
				P12_THROW_DECODE;
		}
	}
}

/*
 * Parse a ContentInfo in the context of (i.e., as an element of)
 * an AuthenticatedSafe.
 */
void P12Coder::authSafeElementParse(
	const NSS_P7_DecodedContentInfo *info,
	SecNssCoder &localCdr)
{
	p12DecodeLog("authSafeElementParse");
	switch(info->type) {
		case CT_Data:
			/* unencrypted SafeContents */
			safeContentsParse(*info->content.data, localCdr);
			break;
			
		case CT_EncryptedData:
		{
			NSS_P12_PBE_Params pbep;
			encryptedDataParse(*info->content.encryptData, localCdr, &pbep);

			/* 
			 * Decrypt contents to get a SafeContents and
			 * then parse that.
			 */
			CSSM_DATA ptext = {0, NULL};
			encryptedDataDecrypt(*info->content.encryptData,
				localCdr, &pbep, ptext);
			safeContentsParse(ptext, localCdr);
			break;
		}	
		default:
			p12ErrorLog("authSafeElementParse: unknown sage type (%u)\n",
				(unsigned)info->type);
				
			/* well, save it as an opaque bag for now */
			P12OpaqueBag *opaque = new P12OpaqueBag(
				info->contentType, *info->content.data,
				NULL, 	// no attrs
				localCdr);
			addOpaque(opaque);
			break;
	}
}

/*
 * Parse an encoded NSS_P12_AuthenticatedSafe
 */
void P12Coder::authSafeParse(
	const CSSM_DATA &authSafeBlob,
	SecNssCoder &localCdr)
{
	p12DecodeLog("authSafeParse");

	NSS_P12_AuthenticatedSafe authSafe;
	
	memset(&authSafe, 0, sizeof(authSafe));
	if(localCdr.decodeItem(authSafeBlob,
			NSS_P12_AuthenticatedSafeTemplate,
			&authSafe)) {
		p12ErrorLog("Error decoding authSafe\n");
		P12_THROW_DECODE;
	}
	unsigned numInfos = nssArraySize((const void **)authSafe.info);
	for(unsigned dex=0; dex<numInfos; dex++) {
		NSS_P7_DecodedContentInfo *info = authSafe.info[dex];
		authSafeElementParse(info, localCdr);
	}
}

void P12Coder::macParse(
	const NSS_P12_MacData &macData, 
	SecNssCoder &localCdr)
{
	p12DecodeLog("macParse");
	algIdParse(macData.mac.digestAlgorithm, NULL, localCdr);
	const CSSM_DATA &iter = macData.iterations;
	if(iter.Length > 4) {
		p12ErrorLog("malformed iteration length (%u)\n",
				(unsigned)iter.Length);
		P12_THROW_DECODE;
	}
}
Commit	Line	Data
b1ab9ed8	1	/*
d8f41ccd	2	* Copyright (c) 2003-2004,2011,2014 Apple Inc. All Rights Reserved.
b1ab9ed8 A	3	*
	4	* @APPLE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
	12	*
	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
	20	*
	21	* @APPLE_LICENSE_HEADER_END@
	22	*/
	23
	24	/*
	25	* pkcs12Decode.h - P12Coder decoding engine.
	26	*/
	27
	28	#include "pkcs12Coder.h"
	29	#include "pkcs12Templates.h"
	30	#include "pkcs12Utils.h"
	31	#include "pkcs12Debug.h"
	32	#include "pkcs12Crypto.h"
	33	#include <security_cdsa_utilities/cssmerrors.h>
	34	#include <security_asn1/nssUtils.h>
	35
	36	/* top-level PKCS12 PFX decoder */
	37	void P12Coder::decode(
	38	CFDataRef cdpfx)
	39	{
	40	SecNssCoder localCdr;
	41	NSS_P12_DecodedPFX pfx;
	42
	43	p12DecodeLog("decode");
	44	memset(&pfx, 0, sizeof(pfx));
	45	const CSSM_DATA rawBlob = {CFDataGetLength(cdpfx),
	46	(uint8 *)CFDataGetBytePtr(cdpfx)};
	47
	48	if(localCdr.decodeItem(rawBlob, NSS_P12_DecodedPFXTemplate, &pfx)) {
	49	p12ErrorLog("Error on top-level decode of NSS_P12_DecodedPFX\n");
	50	P12_THROW_DECODE;
	51	}
	52	NSS_P7_DecodedContentInfo &dci = pfx.authSafe;
	53	if(dci.type != CT_Data) {
	54	/* no other types supported yet */
	55	p12ErrorLog("bad top-level contentType\n");
	56	P12_THROW_DECODE;
	57	}
	58	mIntegrityMode = kSecPkcs12ModePassword;
	59
	60	if(pfx.macData == NULL) {
	61	/* not present is an error in kSecPkcs12ModePassword */
	62	p12ErrorLog("no MAC in PFX\n");
	63	P12_THROW_DECODE;
	64	}
	65	macParse(*pfx.macData, localCdr);
	66
67	const CSSM_DATA *macPhrase = getMacPassPhrase();
68	const CSSM_KEY *macPassKey = getMacPassKey();
69	if((macPhrase == NULL) && (macPassKey == NULL)) {
70	p12ErrorLog("no passphrase set\n");
71	CssmError::throwMe(CSSMERR_CSP_MISSING_ATTR_PASSPHRASE);
72	}
73	CSSM_RETURN crtn = p12VerifyMac(pfx, mCspHand, macPhrase,
74	macPassKey, localCdr);
75	if(crtn) {
76	p12LogCssmError("p12VerifyMac", crtn);
77	CssmError::throwMe(errSecPkcs12VerifyFailure);
78	}
79
80	authSafeParse(*dci.content.data, localCdr);
81
82	/*
83	* On success, if we have a keychain, store certs and CRLs there
84	*/
85	if(mKeychain != NULL) {
86	storeDecodeResults();
87	}
88	}
89
90	/*
91	* Decrypt the contents of a NSS_P7_EncryptedData
92	*/
93	void P12Coder::encryptedDataDecrypt(
94	const NSS_P7_EncryptedData &edata,
95	SecNssCoder &localCdr,
96	NSS_P12_PBE_Params *pbep, // preparsed
97	CSSM_DATA &ptext) // result goes here in localCdr space
98	{
99	p12DecodeLog("encryptedDataDecrypt");
100
101	/* see if we can grok the encr alg */
102	CSSM_ALGORITHMS keyAlg; // e.g., CSSM_ALGID_DES
103	CSSM_ALGORITHMS encrAlg; // e.g., CSSM_ALGID_3DES_3KEY_EDE
104	CSSM_ALGORITHMS pbeHashAlg; // SHA1 or MD5
105	uint32 keySizeInBits;
106	uint32 blockSizeInBytes; // for IV, optional
107	CSSM_PADDING padding; // CSSM_PADDING_PKCS7, etc.
108	CSSM_ENCRYPT_MODE mode; // CSSM_ALGMODE_CBCPadIV8, etc.
109	PKCS_Which pkcs;
110
111	bool found = pkcsOidToParams(&edata.contentInfo.encrAlg.algorithm,
112	keyAlg, encrAlg, pbeHashAlg, keySizeInBits, blockSizeInBytes,
113	padding, mode, pkcs);
114	if(!found \|\| (pkcs != PW_PKCS12)) {
115	p12ErrorLog("EncryptedData encrAlg not understood\n");
116	CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
117	}
118
119	uint32 iterCount;
120	if(!p12DataToInt(pbep->iterations, iterCount)) {
121	p12ErrorLog("encryptedDataDecrypt: badly formed iterCount\n");
122	P12_THROW_DECODE;
123	}
124	const CSSM_DATA *pwd = getEncrPassPhrase();
125	const CSSM_KEY *passKey = getEncrPassKey();
126	if((pwd == NULL) && (passKey == NULL)) {
127	p12ErrorLog("no passphrase set\n");
128	CssmError::throwMe(CSSMERR_CSP_MISSING_ATTR_PASSPHRASE);
129	}
130
131	/* go */
132	CSSM_RETURN crtn = p12Decrypt(mCspHand,
133	edata.contentInfo.encrContent,
134	keyAlg, encrAlg, pbeHashAlg,
135	keySizeInBits, blockSizeInBytes,
136	padding, mode,
137	iterCount, pbep->salt,
138	pwd,
139	passKey,
140	localCdr,
141	ptext);
142	if(crtn) {
143	CssmError::throwMe(crtn);
144	}
145	}
146
147
148	/*
149	* Parse an CSSM_X509_ALGORITHM_IDENTIFIER specific to P12.
150	* Decode the alg params as a NSS_P12_PBE_Params and parse and
151	* return the result if the pbeParams is non-NULL.
152	*/
153	void P12Coder::algIdParse(
154	const CSSM_X509_ALGORITHM_IDENTIFIER &algId,
155	NSS_P12_PBE_Params *pbeParams, // optional
156	SecNssCoder &localCdr)
157	{
158	p12DecodeLog("algIdParse");
159
160	const CSSM_DATA &param = algId.parameters;
161	if(pbeParams == NULL) {
162	/* alg params are uninterpreted */
163	return;
164	}
165
166	if(param.Length == 0) {
167	p12ErrorLog("algIdParse: no alg parameters\n");
168	P12_THROW_DECODE;
169	}
170
171	memset(pbeParams, 0, sizeof(*pbeParams));
172	if(localCdr.decodeItem(param,
173	NSS_P12_PBE_ParamsTemplate, pbeParams)) {
174	p12ErrorLog("Error decoding NSS_P12_PBE_Params\n");
175	P12_THROW_DECODE;
176	}
177	}
178
179	/*
180	* Parse a NSS_P7_EncryptedData - specifically in the context
181	* of a P12 in password privacy mode. (The latter assumption is
182	* to enable us to infer CSSM_X509_ALGORITHM_IDENTIFIER.parameters
183	* format).
184	*/
185	void P12Coder::encryptedDataParse(
186	const NSS_P7_EncryptedData &edata,
187	SecNssCoder &localCdr,
188	NSS_P12_PBE_Params *pbep) // optional, RETURNED
189	{
190	p12DecodeLog("encryptedDataParse");
191
192	/*
193	* Parse the alg ID, save PBE params for when we do the decrypt
194	* key unwrap
195	*/
196	const NSS_P7_EncrContentInfo &ci = edata.contentInfo;
197	const CSSM_X509_ALGORITHM_IDENTIFIER &algId = ci.encrAlg;
198	algIdParse(algId, pbep, localCdr);
199	}
200
201	/*
202	* ShroudedKeyBag parser w/decrypt
203	*/
204	void P12Coder::shroudedKeyBagParse(
205	const NSS_P12_SafeBag &safeBag,
206	SecNssCoder &localCdr)
207	{
208	p12DecodeLog("Found shrouded key bag");
209	if(mPrivKeyImportState == PKIS_NoMore) {
210	CssmError::throwMe(errSecMultiplePrivKeys);
211	}
212
213	const NSS_P12_ShroudedKeyBag *keyBag = safeBag.bagValue.shroudedKeyBag;
214	const CSSM_X509_ALGORITHM_IDENTIFIER &algId = keyBag->algorithm;
215	NSS_P12_PBE_Params pbep;
216	algIdParse(algId, &pbep, localCdr);
217
218	/*
219	* Prepare for decryption
220	*/
221	CSSM_ALGORITHMS keyAlg; // e.g., CSSM_ALGID_DES
222	CSSM_ALGORITHMS encrAlg; // e.g., CSSM_ALGID_3DES_3KEY_EDE
223	CSSM_ALGORITHMS pbeHashAlg; // SHA1 or MD5
224	uint32 keySizeInBits;
225	uint32 blockSizeInBytes; // for IV, optional
226	CSSM_PADDING padding; // CSSM_PADDING_PKCS7, etc.
227	CSSM_ENCRYPT_MODE mode; // CSSM_ALGMODE_CBCPadIV8, etc.
228	PKCS_Which pkcs;
229
230	bool found = pkcsOidToParams(&algId.algorithm,
231	keyAlg, encrAlg, pbeHashAlg, keySizeInBits, blockSizeInBytes,
232	padding, mode, pkcs);
233	if(!found \|\| (pkcs != PW_PKCS12)) {
234	p12ErrorLog("ShroudedKeyBag encrAlg not understood\n");
235	CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
236	}
237
238	uint32 iterCount;
239	if(!p12DataToInt(pbep.iterations, iterCount)) {
240	p12ErrorLog("ShroudedKeyBag: badly formed iterCount\n");
241	P12_THROW_DECODE;
242	}
243	const CSSM_DATA *encrPhrase = getEncrPassPhrase();
244	const CSSM_KEY *passKey = getEncrPassKey();
245	if((encrPhrase == NULL) && (passKey == NULL)) {
246	p12ErrorLog("no passphrase set\n");
247	CssmError::throwMe(CSSMERR_CSP_MISSING_ATTR_PASSPHRASE);
248	}
249
250	/* We'll own the actual CSSM_KEY memory */
251	CSSM_KEY_PTR privKey = (CSSM_KEY_PTR)mCoder.malloc(sizeof(CSSM_KEY));
252	memset(privKey, 0, sizeof(CSSM_KEY));
253
254	CSSM_DATA labelData;
255	p12GenLabel(labelData, localCdr);
256
257	CSSM_RETURN crtn = p12UnwrapKey(mCspHand,
258	mDlDbHand.DLHandle ? &mDlDbHand : NULL,
259	mImportFlags & kSecImportKeys,
260	keyBag->encryptedData,
261	keyAlg, encrAlg, pbeHashAlg,
262	keySizeInBits, blockSizeInBytes,
263	padding, mode,
264	iterCount, pbep.salt,
265	encrPhrase,
266	passKey,
267	localCdr,
268	labelData,
269	mAccess,
270	mNoAcl,
271	mKeyUsage,
272	mKeyAttrs,
273	privKey);
274	if(crtn) {
275	p12ErrorLog("Error unwrapping private key\n");
276	CssmError::throwMe(crtn);
277	}
278	p12DecodeLog("unwrapped shrouded key bag");
279
280	P12KeyBag *p12bag = new P12KeyBag(privKey, mCspHand,
281	safeBag.bagAttrs, labelData, mCoder);
282	addKey(p12bag);
283
284	if(mPrivKeyImportState == PKIS_AllowOne) {
285	mPrivKeyImportState = PKIS_NoMore;
286	}
287	}
288
289	/*
290	* (unshrouded) KeyBag parser
291	*/
292	void P12Coder::keyBagParse(
293	const NSS_P12_SafeBag &safeBag,
294	SecNssCoder &localCdr)
295	{
296	if(mPrivKeyImportState == PKIS_NoMore) {
297	CssmError::throwMe(errSecMultiplePrivKeys);
298	}
299
300	/* FIXME - should be able to parse and handle this.... */
301	p12DecodeLog("found keyBag");
302	NSS_P12_KeyBag *keyBag = safeBag.bagValue.keyBag;
303	P12OpaqueBag *p12Bag = new P12OpaqueBag(safeBag.bagId,
304	/* this breaks when NSS_P12_KeyBag is not a CSSM_DATA */
305	*keyBag,
306	safeBag.bagAttrs,
307	mCoder);
308	addOpaque(p12Bag);
309	}
310
311	/*
312	* CertBag parser
313	*/
314	void P12Coder::certBagParse(
315	const NSS_P12_SafeBag &safeBag,
316	SecNssCoder &localCdr)
317	{
318	p12DecodeLog("found certBag");
319	NSS_P12_CertBag *certBag = safeBag.bagValue.certBag;
320	switch(certBag->type) {
321	case CT_X509:
322	case CT_SDSI:
323	break;
324	default:
325	p12ErrorLog("certBagParse: unknown cert type\n");
326	P12_THROW_DECODE;
327	}
328	P12CertBag *p12Bag = new P12CertBag(certBag->type,
329	certBag->certValue,
330	safeBag.bagAttrs,
331	mCoder);
332	addCert(p12Bag);
333	}
334
335	/*
336	* CrlBag parser
337	*/
338	void P12Coder::crlBagParse(
339	const NSS_P12_SafeBag &safeBag,
340	SecNssCoder &localCdr)
341	{
342	p12DecodeLog("found crlBag");
343	NSS_P12_CrlBag *crlBag = safeBag.bagValue.crlBag;
344	switch(crlBag->type) {
345	case CRT_X509:
346	break;
347	default:
348	p12ErrorLog("crlBagParse: unknown CRL type\n");
349	P12_THROW_DECODE;
350	}
351	P12CrlBag *p12Bag = new P12CrlBag(crlBag->type,
352	crlBag->crlValue,
353	safeBag.bagAttrs,
354	mCoder);
355	addCrl(p12Bag);
356	}
357
358	/*
359	* SecretBag parser
360	*/
361	void P12Coder::secretBagParse(
362	const NSS_P12_SafeBag &safeBag,
363	SecNssCoder &localCdr)
364	{
365	p12DecodeLog("found secretBag");
366	NSS_P12_SecretBag *secretBag = safeBag.bagValue.secretBag;
367	P12OpaqueBag *p12Bag = new P12OpaqueBag(safeBag.bagId,
368	/* this breaks when NSS_P12_SecretBag is not a CSSM_DATA */
369	*secretBag,
370	safeBag.bagAttrs,
371	mCoder);
372	addOpaque(p12Bag);
373	}
374
375	/*
376	* SafeContentsBag parser
377	*/
378	void P12Coder::safeContentsBagParse(
379	const NSS_P12_SafeBag &safeBag,
380	SecNssCoder &localCdr)
381	{
382	p12DecodeLog("found SafeContents safe bag");
383	NSS_P12_SafeContentsBag *scBag = safeBag.bagValue.safeContentsBag;
384	P12OpaqueBag *p12Bag = new P12OpaqueBag(safeBag.bagId,
385	/* this breaks when NSS_P12_SafeContentsBag is not a CSSM_DATA */
386	*scBag,
387	safeBag.bagAttrs,
388	mCoder);
389	addOpaque(p12Bag);
390	}
391
392	/*
393	* Parse an encoded NSS_P12_SafeContents. This could be either
394	* present as plaintext in an AuthSafe or decrypted.
395	*/
396	void P12Coder::safeContentsParse(
397	const CSSM_DATA &contentsBlob,
398	SecNssCoder &localCdr)
399	{
400	p12DecodeLog("safeContentsParse");
401
402	NSS_P12_SafeContents sc;
403	memset(&sc, 0, sizeof(sc));
404	if(localCdr.decodeItem(contentsBlob, NSS_P12_SafeContentsTemplate,
405	&sc)) {
406	p12ErrorLog("Error decoding SafeContents\n");
407	P12_THROW_DECODE;
408	}
409	unsigned numBags = nssArraySize((const void **)sc.bags);
410	for(unsigned dex=0; dex<numBags; dex++) {
411	NSS_P12_SafeBag *bag = sc.bags[dex];
412	assert(bag != NULL);
413
414	/* ensure that something is there */
415	if(bag->bagValue.keyBag == NULL) {
416	p12ErrorLog("safeContentsParse: Empty SafeBag\n");
417	P12_THROW_DECODE;
418	}
419
420	/*
421	* Break out to individual bag type
422	*/
423	switch(bag->type) {
424	case BT_KeyBag:
425	keyBagParse(*bag, localCdr);
426	break;
427	case BT_ShroudedKeyBag:
428	shroudedKeyBagParse(*bag, localCdr);
429	break;
430	case BT_CertBag:
431	certBagParse(*bag, localCdr);
432	break;
433	case BT_CrlBag:
434	crlBagParse(*bag, localCdr);
435	break;
436	case BT_SecretBag:
437	secretBagParse(*bag ,localCdr);
438	break;
439	case BT_SafeContentsBag:
440	safeContentsBagParse(*bag, localCdr);
441	break;
442	default:
443	p12ErrorLog("unknown p12 BagType (%u)\n",
444	(unsigned)bag->type);
445	P12_THROW_DECODE;
446	}
447	}
448	}
449
450	/*
451	* Parse a ContentInfo in the context of (i.e., as an element of)
452	* an AuthenticatedSafe.
453	*/
454	void P12Coder::authSafeElementParse(
455	const NSS_P7_DecodedContentInfo *info,
456	SecNssCoder &localCdr)
457	{
458	p12DecodeLog("authSafeElementParse");
459	switch(info->type) {
460	case CT_Data:
461	/* unencrypted SafeContents */
462	safeContentsParse(*info->content.data, localCdr);
463	break;
464
465	case CT_EncryptedData:
466	{
467	NSS_P12_PBE_Params pbep;
468	encryptedDataParse(*info->content.encryptData, localCdr, &pbep);
469
470	/*
471	* Decrypt contents to get a SafeContents and
472	* then parse that.
473	*/
474	CSSM_DATA ptext = {0, NULL};
475	encryptedDataDecrypt(*info->content.encryptData,
476	localCdr, &pbep, ptext);
477	safeContentsParse(ptext, localCdr);
478	break;
479	}
480	default:
481	p12ErrorLog("authSafeElementParse: unknown sage type (%u)\n",
482	(unsigned)info->type);
483
484	/* well, save it as an opaque bag for now */
485	P12OpaqueBag *opaque = new P12OpaqueBag(
486	info->contentType, *info->content.data,
487	NULL, // no attrs
488	localCdr);
489	addOpaque(opaque);
490	break;
491	}
492	}
493
494	/*
495	* Parse an encoded NSS_P12_AuthenticatedSafe
496	*/
497	void P12Coder::authSafeParse(
498	const CSSM_DATA &authSafeBlob,
499	SecNssCoder &localCdr)
500	{
501	p12DecodeLog("authSafeParse");
502
503	NSS_P12_AuthenticatedSafe authSafe;
504
505	memset(&authSafe, 0, sizeof(authSafe));
506	if(localCdr.decodeItem(authSafeBlob,
507	NSS_P12_AuthenticatedSafeTemplate,
508	&authSafe)) {
509	p12ErrorLog("Error decoding authSafe\n");
510	P12_THROW_DECODE;
511	}
512	unsigned numInfos = nssArraySize((const void **)authSafe.info);
513	for(unsigned dex=0; dex<numInfos; dex++) {
514	NSS_P7_DecodedContentInfo *info = authSafe.info[dex];
515	authSafeElementParse(info, localCdr);
516	}
517	}
518
519	void P12Coder::macParse(
520	const NSS_P12_MacData &macData,
521	SecNssCoder &localCdr)
522	{
523	p12DecodeLog("macParse");
524	algIdParse(macData.mac.digestAlgorithm, NULL, localCdr);
525	const CSSM_DATA &iter = macData.iterations;
526	if(iter.Length > 4) {
527	p12ErrorLog("malformed iteration length (%u)\n",
528	(unsigned)iter.Length);
529	P12_THROW_DECODE;
530	}
531	}
532