]> git.saurik.com Git - apple/security.git/blob - libsecurity_smime/lib/cmsrecinfo.c
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-59306.11.20.tar.gz
[apple/security.git] / libsecurity_smime / lib / cmsrecinfo.c
1 /*
2 * The contents of this file are subject to the Mozilla Public
3 * License Version 1.1 (the "License"); you may not use this file
4 * except in compliance with the License. You may obtain a copy of
5 * the License at http://www.mozilla.org/MPL/
6 *
7 * Software distributed under the License is distributed on an "AS
8 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
9 * implied. See the License for the specific language governing
10 * rights and limitations under the License.
11 *
12 * The Original Code is the Netscape security libraries.
13 *
14 * The Initial Developer of the Original Code is Netscape
15 * Communications Corporation. Portions created by Netscape are
16 * Copyright (C) 1994-2000 Netscape Communications Corporation. All
17 * Rights Reserved.
18 *
19 * Contributor(s):
20 *
21 * Alternatively, the contents of this file may be used under the
22 * terms of the GNU General Public License Version 2 or later (the
23 * "GPL"), in which case the provisions of the GPL are applicable
24 * instead of those above. If you wish to allow use of your
25 * version of this file only under the terms of the GPL and not to
26 * allow others to use your version of this file under the MPL,
27 * indicate your decision by deleting the provisions above and
28 * replace them with the notice and other provisions required by
29 * the GPL. If you do not delete the provisions above, a recipient
30 * may use your version of this file under either the MPL or the
31 * GPL.
32 */
33
34 /*
35 * CMS recipientInfo methods.
36 */
37
38 #include "cmslocal.h"
39
40 #include "cert.h"
41 #include "SecAsn1Item.h"
42 #include "secoid.h"
43
44 #include <security_asn1/secasn1.h>
45 #include <security_asn1/secerr.h>
46 #include <security_asn1/secport.h>
47
48 #include <Security/SecKeyPriv.h>
49 #include <Security/SecCertificatePriv.h>
50 #include <Security/SecCertificateInternal.h>
51
52 #include <Security/SecCmsRecipientInfo.h>
53
54 static Boolean
55 nss_cmsrecipientinfo_usessubjectkeyid(SecCmsRecipientInfoRef ri)
56 {
57 if (ri->recipientInfoType == SecCmsRecipientInfoIDKeyTrans) {
58 SecCmsRecipientIdentifier *rid;
59 rid = &ri->ri.keyTransRecipientInfo.recipientIdentifier;
60 if (rid->identifierType == SecCmsRecipientIDSubjectKeyID) {
61 return PR_TRUE;
62 }
63 }
64 return PR_FALSE;
65 }
66
67
68 static SecCmsRecipientInfoRef
69 nss_cmsrecipientinfo_create(SecCmsEnvelopedDataRef envd, SecCmsRecipientIDSelector type,
70 SecCertificateRef cert, SecPublicKeyRef pubKey,
71 const SecAsn1Item *subjKeyID)
72 {
73 SecCmsRecipientInfoRef ri;
74 void *mark;
75 SECOidTag certalgtag;
76 OSStatus rv = SECSuccess;
77 SecCmsRecipientEncryptedKey *rek;
78 SecCmsOriginatorIdentifierOrKey *oiok;
79 unsigned long version;
80 SecAsn1Item * dummy;
81 PLArenaPool *poolp;
82 const SECAlgorithmID *algid;
83 SECAlgorithmID freeAlgID;
84
85 SecCmsRecipientIdentifier *rid;
86
87 poolp = envd->contentInfo.cmsg->poolp;
88
89 mark = PORT_ArenaMark(poolp);
90
91 ri = (SecCmsRecipientInfoRef)PORT_ArenaZAlloc(poolp, sizeof(SecCmsRecipientInfo));
92 if (ri == NULL)
93 goto loser;
94
95 ri->envelopedData = envd;
96
97 #if USE_CDSA_CRYPTO
98 if (type == SecCmsRecipientIDIssuerSN)
99 {
100 rv = SecCertificateGetAlgorithmID(cert,&algid);
101 } else {
102 PORT_Assert(pubKey);
103 rv = SecKeyGetAlgorithmID(pubKey,&algid);
104 }
105 #else
106 ri->cert = CERT_DupCertificate(cert);
107 if (ri->cert == NULL)
108 goto loser;
109
110 const SecAsn1AlgId *length_data_swapped = (const SecAsn1AlgId *)SecCertificateGetPublicKeyAlgorithm(cert);
111 freeAlgID.algorithm.Length = (size_t)length_data_swapped->algorithm.Data;
112 freeAlgID.algorithm.Data = (uint8_t *)length_data_swapped->algorithm.Length;
113 freeAlgID.parameters.Length = (size_t)length_data_swapped->parameters.Data;
114 freeAlgID.parameters.Data = (uint8_t *)length_data_swapped->parameters.Length;
115 algid = &freeAlgID;
116 #endif
117
118 certalgtag = SECOID_GetAlgorithmTag(algid);
119
120 rid = &ri->ri.keyTransRecipientInfo.recipientIdentifier;
121 switch (certalgtag) {
122 case SEC_OID_PKCS1_RSA_ENCRYPTION:
123 ri->recipientInfoType = SecCmsRecipientInfoIDKeyTrans;
124 rid->identifierType = type;
125 if (type == SecCmsRecipientIDIssuerSN) {
126 rid->id.issuerAndSN = CERT_GetCertIssuerAndSN(poolp, cert);
127 if (rid->id.issuerAndSN == NULL) {
128 break;
129 }
130 } else if (type == SecCmsRecipientIDSubjectKeyID){
131
132 rid->id.subjectKeyID = PORT_ArenaNew(poolp, SecAsn1Item);
133 if (rid->id.subjectKeyID == NULL) {
134 rv = SECFailure;
135 PORT_SetError(SEC_ERROR_NO_MEMORY);
136 break;
137 }
138 if (SECITEM_CopyItem(poolp, rid->id.subjectKeyID, subjKeyID)) {
139 rv = SECFailure;
140 PORT_SetError(SEC_ERROR_UNKNOWN_CERT);
141 break;
142 }
143 if (rid->id.subjectKeyID->Data == NULL) {
144 rv = SECFailure;
145 PORT_SetError(SEC_ERROR_NO_MEMORY);
146 break;
147 }
148 } else {
149 PORT_SetError(SEC_ERROR_INVALID_ARGS);
150 rv = SECFailure;
151 }
152 break;
153 case SEC_OID_MISSI_KEA_DSS_OLD:
154 case SEC_OID_MISSI_KEA_DSS:
155 case SEC_OID_MISSI_KEA:
156 PORT_Assert(type != SecCmsRecipientIDSubjectKeyID);
157 if (type == SecCmsRecipientIDSubjectKeyID) {
158 rv = SECFailure;
159 break;
160 }
161 /* backward compatibility - this is not really a keytrans operation */
162 ri->recipientInfoType = SecCmsRecipientInfoIDKeyTrans;
163 /* hardcoded issuerSN choice for now */
164 ri->ri.keyTransRecipientInfo.recipientIdentifier.identifierType = SecCmsRecipientIDIssuerSN;
165 ri->ri.keyTransRecipientInfo.recipientIdentifier.id.issuerAndSN = CERT_GetCertIssuerAndSN(poolp, cert);
166 if (ri->ri.keyTransRecipientInfo.recipientIdentifier.id.issuerAndSN == NULL) {
167 rv = SECFailure;
168 break;
169 }
170 break;
171 case SEC_OID_X942_DIFFIE_HELMAN_KEY: /* dh-public-number */
172 PORT_Assert(type != SecCmsRecipientIDSubjectKeyID);
173 if (type == SecCmsRecipientIDSubjectKeyID) {
174 rv = SECFailure;
175 break;
176 }
177 /* a key agreement op */
178 ri->recipientInfoType = SecCmsRecipientInfoIDKeyAgree;
179
180 if (ri->ri.keyTransRecipientInfo.recipientIdentifier.id.issuerAndSN == NULL) {
181 rv = SECFailure;
182 break;
183 }
184 /* we do not support the case where multiple recipients
185 * share the same KeyAgreeRecipientInfo and have multiple RecipientEncryptedKeys
186 * in this case, we would need to walk all the recipientInfos, take the
187 * ones that do KeyAgreement algorithms and join them, algorithm by algorithm
188 * Then, we'd generate ONE ukm and OriginatorIdentifierOrKey */
189
190 /* only epheremal-static Diffie-Hellman is supported for now
191 * this is the only form of key agreement that provides potential anonymity
192 * of the sender, plus we do not have to include certs in the message */
193
194 /* force single recipientEncryptedKey for now */
195 if ((rek = SecCmsRecipientEncryptedKeyCreate(poolp)) == NULL) {
196 rv = SECFailure;
197 break;
198 }
199
200 /* hardcoded IssuerSN choice for now */
201 rek->recipientIdentifier.identifierType = SecCmsKeyAgreeRecipientIDIssuerSN;
202 if ((rek->recipientIdentifier.id.issuerAndSN = CERT_GetCertIssuerAndSN(poolp, cert)) == NULL) {
203 rv = SECFailure;
204 break;
205 }
206
207 oiok = &(ri->ri.keyAgreeRecipientInfo.originatorIdentifierOrKey);
208
209 /* see RFC2630 12.3.1.1 */
210 oiok->identifierType = SecCmsOriginatorIDOrKeyOriginatorPublicKey;
211
212 rv = SecCmsArrayAdd(poolp, (void ***)&ri->ri.keyAgreeRecipientInfo.recipientEncryptedKeys,
213 (void *)rek);
214
215 break;
216 case SEC_OID_EC_PUBLIC_KEY:
217 /* ephemeral-static ECDH - issuerAndSN, OriginatorPublicKey only */
218 PORT_Assert(type != SecCmsRecipientIDSubjectKeyID);
219 if (type == SecCmsRecipientIDSubjectKeyID) {
220 rv = SECFailure;
221 break;
222 }
223 /* a key agreement op */
224 ri->recipientInfoType = SecCmsRecipientInfoIDKeyAgree;
225 ri->ri.keyTransRecipientInfo.recipientIdentifier.id.issuerAndSN = CERT_GetCertIssuerAndSN(poolp, cert);
226 if (ri->ri.keyTransRecipientInfo.recipientIdentifier.id.issuerAndSN == NULL) {
227 rv = SECFailure;
228 break;
229 }
230 /* we do not support the case where multiple recipients
231 * share the same KeyAgreeRecipientInfo and have multiple RecipientEncryptedKeys
232 * in this case, we would need to walk all the recipientInfos, take the
233 * ones that do KeyAgreement algorithms and join them, algorithm by algorithm
234 * Then, we'd generate ONE ukm and OriginatorIdentifierOrKey */
235
236 /* force single recipientEncryptedKey for now */
237 if ((rek = SecCmsRecipientEncryptedKeyCreate(poolp)) == NULL) {
238 rv = SECFailure;
239 break;
240 }
241
242 /* hardcoded IssuerSN choice for now */
243 rek->recipientIdentifier.identifierType = SecCmsKeyAgreeRecipientIDIssuerSN;
244 if ((rek->recipientIdentifier.id.issuerAndSN = CERT_GetCertIssuerAndSN(poolp, cert)) == NULL) {
245 rv = SECFailure;
246 break;
247 }
248
249 oiok = &(ri->ri.keyAgreeRecipientInfo.originatorIdentifierOrKey);
250
251 /* see RFC 3278 3.1.1 */
252 oiok->identifierType = SecCmsOriginatorIDOrKeyOriginatorPublicKey;
253
254 rv = SecCmsArrayAdd(poolp, (void ***)&ri->ri.keyAgreeRecipientInfo.recipientEncryptedKeys,
255 (void *)rek);
256
257 break;
258 default:
259 /* other algorithms not supported yet */
260 /* NOTE that we do not support any KEK algorithm */
261 PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
262 rv = SECFailure;
263 break;
264 }
265
266 if (rv == SECFailure)
267 goto loser;
268
269 /* set version */
270 switch (ri->recipientInfoType) {
271 case SecCmsRecipientInfoIDKeyTrans:
272 if (ri->ri.keyTransRecipientInfo.recipientIdentifier.identifierType == SecCmsRecipientIDIssuerSN)
273 version = SEC_CMS_KEYTRANS_RECIPIENT_INFO_VERSION_ISSUERSN;
274 else
275 version = SEC_CMS_KEYTRANS_RECIPIENT_INFO_VERSION_SUBJKEY;
276 dummy = SEC_ASN1EncodeInteger(poolp, &(ri->ri.keyTransRecipientInfo.version), version);
277 if (dummy == NULL)
278 goto loser;
279 break;
280 case SecCmsRecipientInfoIDKeyAgree:
281 dummy = SEC_ASN1EncodeInteger(poolp, &(ri->ri.keyAgreeRecipientInfo.version),
282 SEC_CMS_KEYAGREE_RECIPIENT_INFO_VERSION);
283 if (dummy == NULL)
284 goto loser;
285 break;
286 case SecCmsRecipientInfoIDKEK:
287 /* NOTE: this cannot happen as long as we do not support any KEK algorithm */
288 dummy = SEC_ASN1EncodeInteger(poolp, &(ri->ri.kekRecipientInfo.version),
289 SEC_CMS_KEK_RECIPIENT_INFO_VERSION);
290 if (dummy == NULL)
291 goto loser;
292 break;
293
294 }
295
296 if (SecCmsEnvelopedDataAddRecipient(envd, ri))
297 goto loser;
298
299 PORT_ArenaUnmark (poolp, mark);
300 #if 0
301 if (freeSpki)
302 SECKEY_DestroySubjectPublicKeyInfo(freeSpki);
303 #endif
304 return ri;
305
306 loser:
307 #if 0
308 if (freeSpki)
309 SECKEY_DestroySubjectPublicKeyInfo(freeSpki);
310 #endif
311 PORT_ArenaRelease (poolp, mark);
312 return NULL;
313 }
314
315 /*
316 * SecCmsRecipientInfoCreate - create a recipientinfo
317 *
318 * we currently do not create KeyAgreement recipientinfos with multiple
319 * recipientEncryptedKeys the certificate is supposed to have been
320 * verified by the caller
321 */
322 SecCmsRecipientInfoRef
323 SecCmsRecipientInfoCreate(SecCmsEnvelopedDataRef envd, SecCertificateRef cert)
324 {
325 /* TODO: We might want to prefer subjkeyid */
326 #if 0
327 SecCmsRecipientInfoRef info = SecCmsRecipientInfoCreateWithSubjKeyIDFromCert(envd, cert);
328
329 if (info)
330 return info;
331 else
332 #endif
333 return nss_cmsrecipientinfo_create(envd, SecCmsRecipientIDIssuerSN, cert,
334 NULL, NULL);
335 }
336
337 SecCmsRecipientInfoRef
338 SecCmsRecipientInfoCreateWithSubjKeyID(SecCmsEnvelopedDataRef envd,
339 const SecAsn1Item * subjKeyID,
340 SecPublicKeyRef pubKey)
341 {
342 return nss_cmsrecipientinfo_create(envd, SecCmsRecipientIDSubjectKeyID,
343 NULL, pubKey, subjKeyID);
344 }
345
346 SecCmsRecipientInfoRef
347 SecCmsRecipientInfoCreateWithSubjKeyIDFromCert(SecCmsEnvelopedDataRef envd,
348 SecCertificateRef cert)
349 {
350 SecPublicKeyRef pubKey = NULL;
351 SecAsn1Item subjKeyID = {0, NULL};
352 SecCmsRecipientInfoRef retVal = NULL;
353 CFDataRef subjectKeyIDData = NULL;
354
355 if (!envd || !cert) {
356 return NULL;
357 }
358 subjectKeyIDData = SecCertificateGetSubjectKeyID(cert);
359 if (!subjectKeyIDData)
360 goto done;
361 subjKeyID.Length =
362 CFDataGetLength(subjectKeyIDData);
363 subjKeyID.Data = (uint8_t *)CFDataGetBytePtr(subjectKeyIDData);
364 retVal = nss_cmsrecipientinfo_create(envd, SecCmsRecipientIDSubjectKeyID,
365 cert, pubKey, &subjKeyID);
366
367 done:
368
369 return retVal;
370 }
371
372 void
373 SecCmsRecipientInfoDestroy(SecCmsRecipientInfoRef ri)
374 {
375 /* version was allocated on the pool, so no need to destroy it */
376 /* issuerAndSN was allocated on the pool, so no need to destroy it */
377 if (ri->cert != NULL)
378 CERT_DestroyCertificate(ri->cert);
379
380 if (nss_cmsrecipientinfo_usessubjectkeyid(ri)) {
381 SecCmsKeyTransRecipientInfoEx *extra;
382 extra = &ri->ri.keyTransRecipientInfoEx;
383 if (extra->pubKey)
384 SECKEY_DestroyPublicKey(extra->pubKey);
385 }
386
387 /* recipientInfo structure itself was allocated on the pool, so no need to destroy it */
388 /* we're done. */
389 }
390
391 int
392 SecCmsRecipientInfoGetVersion(SecCmsRecipientInfoRef ri)
393 {
394 unsigned long version;
395 SecAsn1Item * versionitem = NULL;
396
397 switch (ri->recipientInfoType) {
398 case SecCmsRecipientInfoIDKeyTrans:
399 /* ignore subIndex */
400 versionitem = &(ri->ri.keyTransRecipientInfo.version);
401 break;
402 case SecCmsRecipientInfoIDKEK:
403 /* ignore subIndex */
404 versionitem = &(ri->ri.kekRecipientInfo.version);
405 break;
406 case SecCmsRecipientInfoIDKeyAgree:
407 versionitem = &(ri->ri.keyAgreeRecipientInfo.version);
408 break;
409 }
410
411 PORT_Assert(versionitem);
412 if (versionitem == NULL)
413 return 0;
414
415 /* always take apart the SecAsn1Item */
416 if (SEC_ASN1DecodeInteger(versionitem, &version) != SECSuccess)
417 return 0;
418 else
419 return (int)version;
420 }
421
422 SecAsn1Item *
423 SecCmsRecipientInfoGetEncryptedKey(SecCmsRecipientInfoRef ri, int subIndex)
424 {
425 SecAsn1Item * enckey = NULL;
426
427 switch (ri->recipientInfoType) {
428 case SecCmsRecipientInfoIDKeyTrans:
429 /* ignore subIndex */
430 enckey = &(ri->ri.keyTransRecipientInfo.encKey);
431 break;
432 case SecCmsRecipientInfoIDKEK:
433 /* ignore subIndex */
434 enckey = &(ri->ri.kekRecipientInfo.encKey);
435 break;
436 case SecCmsRecipientInfoIDKeyAgree:
437 enckey = &(ri->ri.keyAgreeRecipientInfo.recipientEncryptedKeys[subIndex]->encKey);
438 break;
439 }
440 return enckey;
441 }
442
443
444 SECOidTag
445 SecCmsRecipientInfoGetKeyEncryptionAlgorithmTag(SecCmsRecipientInfoRef ri)
446 {
447 SECOidTag encalgtag = SEC_OID_UNKNOWN; /* an invalid encryption alg */
448
449 switch (ri->recipientInfoType) {
450 case SecCmsRecipientInfoIDKeyTrans:
451 encalgtag = SECOID_GetAlgorithmTag(&(ri->ri.keyTransRecipientInfo.keyEncAlg));
452 break;
453 case SecCmsRecipientInfoIDKeyAgree:
454 encalgtag = SECOID_GetAlgorithmTag(&(ri->ri.keyAgreeRecipientInfo.keyEncAlg));
455 break;
456 case SecCmsRecipientInfoIDKEK:
457 encalgtag = SECOID_GetAlgorithmTag(&(ri->ri.kekRecipientInfo.keyEncAlg));
458 break;
459 }
460 return encalgtag;
461 }
462
463 OSStatus
464 SecCmsRecipientInfoWrapBulkKey(SecCmsRecipientInfoRef ri, SecSymmetricKeyRef bulkkey,
465 SECOidTag bulkalgtag)
466 {
467 SecCertificateRef cert;
468 SECOidTag certalgtag;
469 OSStatus rv = SECSuccess;
470 SecCmsRecipientEncryptedKey *rek;
471 SecCmsOriginatorIdentifierOrKey *oiok;
472 const SECAlgorithmID *algid;
473 SECAlgorithmID freeAlgID;
474 PLArenaPool *poolp;
475 uint8_t nullData[2] = {SEC_ASN1_NULL, 0};
476 SECItem nullItem;
477 SecCmsKeyAgreeRecipientInfo *kari;
478
479 poolp = ri->envelopedData->contentInfo.cmsg->poolp;
480 cert = ri->cert;
481 if (cert) {
482 const SecAsn1AlgId *length_data_swapped = (const SecAsn1AlgId *)SecCertificateGetPublicKeyAlgorithm(cert);
483 freeAlgID.algorithm.Length = (size_t)length_data_swapped->algorithm.Data;
484 freeAlgID.algorithm.Data = (uint8_t *)length_data_swapped->algorithm.Length;
485 freeAlgID.parameters.Length = (size_t)length_data_swapped->parameters.Data;
486 freeAlgID.parameters.Data = (uint8_t *)length_data_swapped->parameters.Length;
487 algid = &freeAlgID;
488 } else {
489 PORT_SetError(SEC_ERROR_INVALID_ARGS);
490 return SECFailure;
491 }
492
493 /* XXX set ri->recipientInfoType to the proper value here */
494 /* or should we look if it's been set already ? */
495
496 certalgtag = SECOID_GetAlgorithmTag(algid);
497 switch (certalgtag) {
498 case SEC_OID_PKCS1_RSA_ENCRYPTION:
499 /* wrap the symkey */
500 if (cert) {
501 rv = SecCmsUtilEncryptSymKeyRSA(poolp, cert, bulkkey,
502 &ri->ri.keyTransRecipientInfo.encKey);
503 if (rv != SECSuccess)
504 break;
505 }
506
507 rv = SECOID_SetAlgorithmID(poolp, &(ri->ri.keyTransRecipientInfo.keyEncAlg), certalgtag, NULL);
508 break;
509 case SEC_OID_EC_PUBLIC_KEY:
510 /* These were set up in nss_cmsrecipientinfo_create() */
511 kari = &ri->ri.keyAgreeRecipientInfo;
512 rek = kari->recipientEncryptedKeys[0];
513 if (rek == NULL) {
514 rv = SECFailure;
515 break;
516 }
517
518 oiok = &(kari->originatorIdentifierOrKey);
519 PORT_Assert(oiok->identifierType == SecCmsOriginatorIDOrKeyOriginatorPublicKey);
520
521 /*
522 * RFC 3278 3.1.1 says this AlgId must contain NULL params which is contrary to
523 * any other use of the SEC_OID_EC_PUBLIC_KEY OID. So we provide one
524 * explicitly instead of mucking up the login in SECOID_SetAlgorithmID().
525 */
526 nullItem.Data = nullData;
527 nullItem.Length = 2;
528 if (SECOID_SetAlgorithmID(poolp, &oiok->id.originatorPublicKey.algorithmIdentifier,
529 SEC_OID_EC_PUBLIC_KEY, &nullItem) != SECSuccess) {
530 rv = SECFailure;
531 break;
532 }
533 /* this will generate a key pair, compute the shared secret, */
534 /* derive a key and ukm for the keyEncAlg out of it, encrypt the bulk key with */
535 /* the keyEncAlg, set encKey, keyEncAlg, publicKey etc. */
536 rv = SecCmsUtilEncryptSymKeyECDH(poolp, cert, bulkkey,
537 &rek->encKey,
538 &kari->ukm,
539 &kari->keyEncAlg,
540 &oiok->id.originatorPublicKey.publicKey);
541 break;
542 default:
543 /* other algorithms not supported yet */
544 /* NOTE that we do not support any KEK algorithm */
545 PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
546 rv = SECFailure;
547 break;
548 }
549
550 return rv;
551 }
552
553 #ifdef NDEBUG
554 #define dprintf(args...)
555 #else
556 #define dprintf(args...) fprintf(stderr, args)
557 #endif
558
559 SecSymmetricKeyRef
560 SecCmsRecipientInfoUnwrapBulkKey(SecCmsRecipientInfoRef ri, int subIndex,
561 SecCertificateRef cert, SecPrivateKeyRef privkey, SECOidTag bulkalgtag)
562 {
563 SecSymmetricKeyRef bulkkey = NULL;
564 SECAlgorithmID *encalg;
565 SECOidTag encalgtag;
566 SecAsn1Item * enckey;
567 int error;
568
569 ri->cert = CERT_DupCertificate(cert);
570 /* mark the recipientInfo so we can find it later */
571
572 switch (ri->recipientInfoType) {
573 case SecCmsRecipientInfoIDKeyTrans:
574 encalgtag = SECOID_GetAlgorithmTag(&(ri->ri.keyTransRecipientInfo.keyEncAlg));
575 enckey = &(ri->ri.keyTransRecipientInfo.encKey); /* ignore subIndex */
576 switch (encalgtag) {
577 case SEC_OID_PKCS1_RSA_ENCRYPTION:
578 /* RSA encryption algorithm: */
579 /* get the symmetric (bulk) key by unwrapping it using our private key */
580 bulkkey = SecCmsUtilDecryptSymKeyRSA(privkey, enckey, bulkalgtag);
581 break;
582 default:
583 error = SEC_ERROR_UNSUPPORTED_KEYALG;
584 goto loser;
585 }
586 break;
587 case SecCmsRecipientInfoIDKeyAgree:
588 encalgtag = SECOID_GetAlgorithmTag(&(ri->ri.keyAgreeRecipientInfo.keyEncAlg));
589 switch (encalgtag) {
590 case SEC_OID_X942_DIFFIE_HELMAN_KEY:
591 /* Diffie-Helman key exchange */
592 /* XXX not yet implemented */
593 /* XXX problem: SEC_OID_X942_DIFFIE_HELMAN_KEY points to a PKCS3 mechanism! */
594 /* we support ephemeral-static DH only, so if the recipientinfo */
595 /* has originator stuff in it, we punt (or do we? shouldn't be that hard...) */
596 /* first, we derive the KEK (a symkey!) using a Derive operation, then we get the */
597 /* content encryption key using a Unwrap op */
598 /* the derive operation has to generate the key using the algorithm in RFC2631 */
599 error = SEC_ERROR_UNSUPPORTED_KEYALG;
600 goto loser;
601 case SEC_OID_DH_SINGLE_STD_SHA1KDF:
602 {
603 /* ephemeral-static ECDH */
604 enckey = &(ri->ri.keyAgreeRecipientInfo.recipientEncryptedKeys[subIndex]->encKey);
605 encalg = &(ri->ri.keyAgreeRecipientInfo.keyEncAlg);
606 SecCmsKeyAgreeRecipientInfo *kari = &ri->ri.keyAgreeRecipientInfo;
607 SecCmsOriginatorIdentifierOrKey *oiok = &kari->originatorIdentifierOrKey;
608 if(oiok->identifierType != SecCmsOriginatorIDOrKeyOriginatorPublicKey) {
609 dprintf("SEC_OID_EC_PUBLIC_KEY unwrap key: bad oiok.id\n");
610 error = SEC_ERROR_LIBRARY_FAILURE;
611 goto loser;
612 }
613 SecCmsOriginatorPublicKey *opk = &oiok->id.originatorPublicKey;
614 /* FIXME - verify opk->algorithmIdentifier here? */
615 SecAsn1Item senderPubKey = opk->publicKey;
616 SecAsn1Item *ukm = &kari->ukm;
617 bulkkey = SecCmsUtilDecryptSymKeyECDH(privkey, enckey, ukm, encalg, bulkalgtag, &senderPubKey);
618 break;
619 }
620 default:
621 error = SEC_ERROR_UNSUPPORTED_KEYALG;
622 goto loser;
623 }
624 break;
625 case SecCmsRecipientInfoIDKEK:
626 /* not supported yet */
627 error = SEC_ERROR_UNSUPPORTED_KEYALG;
628 goto loser;
629 }
630 /* XXXX continue here */
631 return bulkkey;
632
633 loser:
634 PORT_SetError(error);
635 return NULL;
636 }
mirror of Security