libsecurity_smime/security_smime/cmsencdata.c

   1 /*
   2  * The contents of this file are subject to the Mozilla Public
   3  * License Version 1.1 (the "License"); you may not use this file
   4  * except in compliance with the License. You may obtain a copy of
   5  * the License at http://www.mozilla.org/MPL/
   6  *
   7  * Software distributed under the License is distributed on an "AS
   8  * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
   9  * implied. See the License for the specific language governing
  10  * rights and limitations under the License.
  11  *
  12  * The Original Code is the Netscape security libraries.
  13  *
  14  * The Initial Developer of the Original Code is Netscape
  15  * Communications Corporation.  Portions created by Netscape are
  16  * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
  17  * Rights Reserved.
  18  *
  19  * Contributor(s):
  20  *
  21  * Alternatively, the contents of this file may be used under the
  22  * terms of the GNU General Public License Version 2 or later (the
  23  * "GPL"), in which case the provisions of the GPL are applicable
  24  * instead of those above.  If you wish to allow use of your
  25  * version of this file only under the terms of the GPL and not to
  26  * allow others to use your version of this file under the MPL,
  27  * indicate your decision by deleting the provisions above and
  28  * replace them with the notice and other provisions required by
  29  * the GPL.  If you do not delete the provisions above, a recipient
  30  * may use your version of this file under either the MPL or the
  31  * GPL.
  32  */
  33
  34 /*
  35  * CMS encryptedData methods.
  36  */
  37
  38 #include <Security/SecCmsEncryptedData.h>
  39
  40 #include <Security/SecCmsContentInfo.h>
  41
  42 #include "cmslocal.h"
  43
  44 #include "SecAsn1Item.h"
  45 #include "secoid.h"
  46
  47 #include <security_asn1/secasn1.h>
  48 #include <security_asn1/secerr.h>
  49 #include <security_asn1/secport.h>
  50
  51 /*
  52  * SecCmsEncryptedDataCreate - create an empty encryptedData object.
  53  *
  54  * "algorithm" specifies the bulk encryption algorithm to use.
  55  * "keysize" is the key size.
  56  *
  57  * An error results in a return value of NULL and an error set.
  58  * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
  59  */
  60 SecCmsEncryptedDataRef
  61 SecCmsEncryptedDataCreate(SecCmsMessageRef cmsg, SECOidTag algorithm, int keysize)
  62 {
  63     void *mark;
  64     SecCmsEncryptedDataRef encd;
  65     PLArenaPool *poolp;
  66     SECAlgorithmID *pbe_algid;
  67     OSStatus rv;
  68
  69     poolp = cmsg->poolp;
  70
  71     mark = PORT_ArenaMark(poolp);
  72
  73     encd = (SecCmsEncryptedDataRef)PORT_ArenaZAlloc(poolp, sizeof(SecCmsEncryptedData));
  74     if (encd == NULL)
  75         goto loser;
  76
  77     encd->contentInfo.cmsg = cmsg;
  78
  79     /* version is set in SecCmsEncryptedDataEncodeBeforeStart() */
  80
  81     switch (algorithm) {
  82     /* XXX hmmm... hardcoded algorithms? */
  83     case SEC_OID_AES_128_CBC:
  84     case SEC_OID_AES_192_CBC:
  85     case SEC_OID_AES_256_CBC:
  86     case SEC_OID_RC2_CBC:
  87     case SEC_OID_DES_EDE3_CBC:
  88     case SEC_OID_DES_CBC:
  89         rv = SecCmsContentInfoSetContentEncAlg(&(encd->contentInfo), algorithm, NULL, keysize);
  90         break;
  91     default:
  92         /* Assume password-based-encryption.  At least, try that. */
  93 #if 1
  94         // @@@ Fix me
  95         pbe_algid = NULL;
  96 #else
  97         pbe_algid = PK11_CreatePBEAlgorithmID(algorithm, 1, NULL);
  98 #endif
  99         if (pbe_algid == NULL) {
 100             rv = SECFailure;
 101             break;
 102         }
 103         rv = SecCmsContentInfoSetContentEncAlgID(&(encd->contentInfo), pbe_algid, keysize);
 104         SECOID_DestroyAlgorithmID (pbe_algid, PR_TRUE);
 105         break;
 106     }
 107     if (rv != SECSuccess)
 108         goto loser;
 109
 110     PORT_ArenaUnmark(poolp, mark);
 111     return encd;
 112
 113 loser:
 114     PORT_ArenaRelease(poolp, mark);
 115     return NULL;
 116 }
 117
 118 /*
 119  * SecCmsEncryptedDataDestroy - destroy an encryptedData object
 120  */
 121 void
 122 SecCmsEncryptedDataDestroy(SecCmsEncryptedDataRef encd)
 123 {
 124     /* everything's in a pool, so don't worry about the storage */
 125     SecCmsContentInfoDestroy(&(encd->contentInfo));
 126     return;
 127 }
 128
 129 /*
 130  * SecCmsEncryptedDataGetContentInfo - return pointer to encryptedData object's contentInfo
 131  */
 132 SecCmsContentInfoRef
 133 SecCmsEncryptedDataGetContentInfo(SecCmsEncryptedDataRef encd)
 134 {
 135     return &(encd->contentInfo);
 136 }
 137
 138 /*
 139  * SecCmsEncryptedDataEncodeBeforeStart - do all the necessary things to a EncryptedData
 140  *     before encoding begins.
 141  *
 142  * In particular:
 143  *  - set the correct version value.
 144  *  - get the encryption key
 145  */
 146 OSStatus
 147 SecCmsEncryptedDataEncodeBeforeStart(SecCmsEncryptedDataRef encd)
 148 {
 149     int version;
 150     SecSymmetricKeyRef bulkkey = NULL;
 151     SecAsn1Item * dummy;
 152     SecCmsContentInfoRef cinfo = &(encd->contentInfo);
 153
 154     if (SecCmsArrayIsEmpty((void **)encd->unprotectedAttr))
 155         version = SEC_CMS_ENCRYPTED_DATA_VERSION;
 156     else
 157         version = SEC_CMS_ENCRYPTED_DATA_VERSION_UPATTR;
 158
 159     dummy = SEC_ASN1EncodeInteger (encd->contentInfo.cmsg->poolp, &(encd->version), version);
 160     if (dummy == NULL)
 161         return SECFailure;
 162
 163     /* now get content encryption key (bulk key) by using our cmsg callback */
 164     if (encd->contentInfo.cmsg->decrypt_key_cb)
 165         bulkkey = (*encd->contentInfo.cmsg->decrypt_key_cb)(encd->contentInfo.cmsg->decrypt_key_cb_arg,
 166                     SecCmsContentInfoGetContentEncAlg(cinfo));
 167     if (bulkkey == NULL)
 168         return SECFailure;
 169
 170     /* store the bulk key in the contentInfo so that the encoder can find it */
 171     SecCmsContentInfoSetBulkKey(cinfo, bulkkey);
 172     CFRelease(bulkkey); /* This assumes the decrypt_key_cb hands us a copy of the key --mb */
 173
 174     return SECSuccess;
 175 }
 176
 177 /*
 178  * SecCmsEncryptedDataEncodeBeforeData - set up encryption
 179  */
 180 OSStatus
 181 SecCmsEncryptedDataEncodeBeforeData(SecCmsEncryptedDataRef encd)
 182 {
 183     SecCmsContentInfoRef cinfo;
 184     SecSymmetricKeyRef bulkkey;
 185     SECAlgorithmID *algid;
 186
 187     cinfo = &(encd->contentInfo);
 188
 189     /* find bulkkey and algorithm - must have been set by SecCmsEncryptedDataEncodeBeforeStart */
 190     bulkkey = SecCmsContentInfoGetBulkKey(cinfo);
 191     if (bulkkey == NULL)
 192         return SECFailure;
 193     algid = SecCmsContentInfoGetContentEncAlg(cinfo);
 194     if (algid == NULL)
 195         return SECFailure;
 196
 197     /* this may modify algid (with IVs generated in a token).
 198      * it is therefore essential that algid is a pointer to the "real" contentEncAlg,
 199      * not just to a copy */
 200     cinfo->ciphcx = SecCmsCipherContextStartEncrypt(encd->contentInfo.cmsg->poolp, bulkkey, algid);
 201     CFRelease(bulkkey);
 202     if (cinfo->ciphcx == NULL)
 203         return SECFailure;
 204
 205     return SECSuccess;
 206 }
 207
 208 /*
 209  * SecCmsEncryptedDataEncodeAfterData - finalize this encryptedData for encoding
 210  */
 211 OSStatus
 212 SecCmsEncryptedDataEncodeAfterData(SecCmsEncryptedDataRef encd)
 213 {
 214     if (encd->contentInfo.ciphcx) {
 215         SecCmsCipherContextDestroy(encd->contentInfo.ciphcx);
 216         encd->contentInfo.ciphcx = NULL;
 217     }
 218
 219     /* nothing to do after data */
 220     return SECSuccess;
 221 }
 222
 223
 224 /*
 225  * SecCmsEncryptedDataDecodeBeforeData - find bulk key & set up decryption
 226  */
 227 OSStatus
 228 SecCmsEncryptedDataDecodeBeforeData(SecCmsEncryptedDataRef encd)
 229 {
 230     SecSymmetricKeyRef bulkkey = NULL;
 231     SecCmsContentInfoRef cinfo;
 232     SECAlgorithmID *bulkalg;
 233     OSStatus rv = SECFailure;
 234
 235     cinfo = &(encd->contentInfo);
 236
 237     bulkalg = SecCmsContentInfoGetContentEncAlg(cinfo);
 238
 239     if (encd->contentInfo.cmsg->decrypt_key_cb == NULL) /* no callback? no key../ */
 240         goto loser;
 241
 242     bulkkey = (*encd->contentInfo.cmsg->decrypt_key_cb)(encd->contentInfo.cmsg->decrypt_key_cb_arg, bulkalg);
 243     if (bulkkey == NULL)
 244         /* no success finding a bulk key */
 245         goto loser;
 246
 247     SecCmsContentInfoSetBulkKey(cinfo, bulkkey);
 248
 249     cinfo->ciphcx = SecCmsCipherContextStartDecrypt(bulkkey, bulkalg);
 250     if (cinfo->ciphcx == NULL)
 251         goto loser;             /* error has been set by SecCmsCipherContextStartDecrypt */
 252
 253 #if 1
 254     // @@@ Not done yet
 255 #else
 256     /*
 257      * HACK ALERT!!
 258      * For PKCS5 Encryption Algorithms, the bulkkey is actually a different
 259      * structure.  Therefore, we need to set the bulkkey to the actual key
 260      * prior to freeing it.
 261      */
 262     if (SEC_PKCS5IsAlgorithmPBEAlg(bulkalg)) {
 263         SEC_PKCS5KeyAndPassword *keyPwd = (SEC_PKCS5KeyAndPassword *)bulkkey;
 264         bulkkey = keyPwd->key;
 265     }
 266 #endif
 267
 268     /* we are done with (this) bulkkey now. */
 269     CFRelease(bulkkey);
 270
 271     rv = SECSuccess;
 272
 273 loser:
 274     return rv;
 275 }
 276
 277 /*
 278  * SecCmsEncryptedDataDecodeAfterData - finish decrypting this encryptedData's content
 279  */
 280 OSStatus
 281 SecCmsEncryptedDataDecodeAfterData(SecCmsEncryptedDataRef encd)
 282 {
 283     if (encd->contentInfo.ciphcx) {
 284         SecCmsCipherContextDestroy(encd->contentInfo.ciphcx);
 285         encd->contentInfo.ciphcx = NULL;
 286     }
 287
 288     return SECSuccess;
 289 }
 290
 291 /*
 292  * SecCmsEncryptedDataDecodeAfterEnd - finish decoding this encryptedData
 293  */
 294 OSStatus
 295 SecCmsEncryptedDataDecodeAfterEnd(SecCmsEncryptedDataRef encd)
 296 {
 297     /* apply final touches */
 298     return SECSuccess;
 299 }