]> git.saurik.com Git - apple/security.git/blob - libsecurity_smime/lib/cmsenvdata.c
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-59306.41.2.tar.gz
[apple/security.git] / libsecurity_smime / lib / cmsenvdata.c
1 /*
2 * The contents of this file are subject to the Mozilla Public
3 * License Version 1.1 (the "License"); you may not use this file
4 * except in compliance with the License. You may obtain a copy of
5 * the License at http://www.mozilla.org/MPL/
6 *
7 * Software distributed under the License is distributed on an "AS
8 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
9 * implied. See the License for the specific language governing
10 * rights and limitations under the License.
11 *
12 * The Original Code is the Netscape security libraries.
13 *
14 * The Initial Developer of the Original Code is Netscape
15 * Communications Corporation. Portions created by Netscape are
16 * Copyright (C) 1994-2000 Netscape Communications Corporation. All
17 * Rights Reserved.
18 *
19 * Contributor(s):
20 *
21 * Alternatively, the contents of this file may be used under the
22 * terms of the GNU General Public License Version 2 or later (the
23 * "GPL"), in which case the provisions of the GPL are applicable
24 * instead of those above. If you wish to allow use of your
25 * version of this file only under the terms of the GPL and not to
26 * allow others to use your version of this file under the MPL,
27 * indicate your decision by deleting the provisions above and
28 * replace them with the notice and other provisions required by
29 * the GPL. If you do not delete the provisions above, a recipient
30 * may use your version of this file under either the MPL or the
31 * GPL.
32 */
33
34 /*
35 * CMS envelopedData methods.
36 */
37
38 #include <Security/SecCmsEnvelopedData.h>
39
40 #include <Security/SecCmsContentInfo.h>
41 #include <Security/SecCmsRecipientInfo.h>
42 #include <Security/SecRandom.h>
43
44 #include "cmslocal.h"
45
46 #include "SecAsn1Item.h"
47 #include "secoid.h"
48 #include "cryptohi.h"
49
50 #include <security_asn1/secasn1.h>
51 #include <security_asn1/secerr.h>
52 #include <security_asn1/secport.h>
53
54 #include <Security/SecKeyPriv.h>
55 #include <CommonCrypto/CommonCryptor.h>
56
57 #include <AssertMacros.h>
58
59 /*
60 * SecCmsEnvelopedDataCreate - create an enveloped data message
61 */
62 SecCmsEnvelopedDataRef
63 SecCmsEnvelopedDataCreate(SecCmsMessageRef cmsg, SECOidTag algorithm, int keysize)
64 {
65 void *mark;
66 SecCmsEnvelopedDataRef envd;
67 PLArenaPool *poolp;
68 OSStatus rv;
69
70 poolp = cmsg->poolp;
71
72 mark = PORT_ArenaMark(poolp);
73
74 envd = (SecCmsEnvelopedDataRef)PORT_ArenaZAlloc(poolp, sizeof(SecCmsEnvelopedData));
75 if (envd == NULL)
76 goto loser;
77
78 envd->contentInfo.cmsg = cmsg;
79
80 /* version is set in SecCmsEnvelopedDataEncodeBeforeStart() */
81
82 rv = SecCmsContentInfoSetContentEncAlg(&(envd->contentInfo), algorithm, NULL, keysize);
83 if (rv != SECSuccess)
84 goto loser;
85
86 PORT_ArenaUnmark(poolp, mark);
87 return envd;
88
89 loser:
90 PORT_ArenaRelease(poolp, mark);
91 return NULL;
92 }
93
94 /*
95 * SecCmsEnvelopedDataDestroy - destroy an enveloped data message
96 */
97 void
98 SecCmsEnvelopedDataDestroy(SecCmsEnvelopedDataRef edp)
99 {
100 SecCmsRecipientInfoRef *recipientinfos;
101 SecCmsRecipientInfoRef ri;
102
103 if (edp == NULL)
104 return;
105
106 recipientinfos = edp->recipientInfos;
107 if (recipientinfos == NULL)
108 return;
109
110 while ((ri = *recipientinfos++) != NULL)
111 SecCmsRecipientInfoDestroy(ri);
112
113 SecCmsContentInfoDestroy(&(edp->contentInfo));
114
115 }
116
117 /*
118 * SecCmsEnvelopedDataGetContentInfo - return pointer to this envelopedData's contentinfo
119 */
120 SecCmsContentInfoRef
121 SecCmsEnvelopedDataGetContentInfo(SecCmsEnvelopedDataRef envd)
122 {
123 return &(envd->contentInfo);
124 }
125
126 /*
127 * SecCmsEnvelopedDataAddRecipient - add a recipientinfo to the enveloped data msg
128 *
129 * rip must be created on the same pool as edp - this is not enforced, though.
130 */
131 OSStatus
132 SecCmsEnvelopedDataAddRecipient(SecCmsEnvelopedDataRef edp, SecCmsRecipientInfoRef rip)
133 {
134 void *mark;
135 OSStatus rv;
136
137 /* XXX compare pools, if not same, copy rip into edp's pool */
138
139 PR_ASSERT(edp != NULL);
140 PR_ASSERT(rip != NULL);
141
142 mark = PORT_ArenaMark(edp->contentInfo.cmsg->poolp);
143
144 rv = SecCmsArrayAdd(edp->contentInfo.cmsg->poolp, (void ***)&(edp->recipientInfos), (void *)rip);
145 if (rv != SECSuccess) {
146 PORT_ArenaRelease(edp->contentInfo.cmsg->poolp, mark);
147 return SECFailure;
148 }
149
150 PORT_ArenaUnmark (edp->contentInfo.cmsg->poolp, mark);
151 return SECSuccess;
152 }
153
154 /*
155 * SecCmsEnvelopedDataEncodeBeforeStart - prepare this envelopedData for encoding
156 *
157 * at this point, we need
158 * - recipientinfos set up with recipient's certificates
159 * - a content encryption algorithm (if none, 3DES will be used)
160 *
161 * this function will generate a random content encryption key (aka bulk key),
162 * initialize the recipientinfos with certificate identification and wrap the bulk key
163 * using the proper algorithm for every certificiate.
164 * it will finally set the bulk algorithm and key so that the encode step can find it.
165 */
166 OSStatus
167 SecCmsEnvelopedDataEncodeBeforeStart(SecCmsEnvelopedDataRef envd)
168 {
169 int version;
170 SecCmsRecipientInfoRef *recipientinfos;
171 SecCmsContentInfoRef cinfo;
172 SecSymmetricKeyRef bulkkey = NULL;
173 #if USE_CDSA_CRYPTO
174 SecAsn1AlgId algorithm;
175 #endif
176 SECOidTag bulkalgtag;
177 //CK_MECHANISM_TYPE type;
178 //PK11SlotInfo *slot;
179 OSStatus rv;
180 SecAsn1Item * dummy;
181 PLArenaPool *poolp;
182 extern const SecAsn1Template SecCmsRecipientInfoTemplate[];
183 void *mark = NULL;
184 int i;
185
186 cinfo = &(envd->contentInfo);
187 poolp = cinfo->cmsg->poolp;
188
189 recipientinfos = envd->recipientInfos;
190 if (recipientinfos == NULL) {
191 PORT_SetError(SEC_ERROR_BAD_DATA);
192 #if 0
193 PORT_SetErrorString("Cannot find recipientinfos to encode.");
194 #endif
195 goto loser;
196 }
197
198 version = SEC_CMS_ENVELOPED_DATA_VERSION_REG;
199 if (envd->originatorInfo != NULL || envd->unprotectedAttr != NULL) {
200 version = SEC_CMS_ENVELOPED_DATA_VERSION_ADV;
201 } else {
202 for (i = 0; recipientinfos[i] != NULL; i++) {
203 if (SecCmsRecipientInfoGetVersion(recipientinfos[i]) != 0) {
204 version = SEC_CMS_ENVELOPED_DATA_VERSION_ADV;
205 break;
206 }
207 }
208 }
209 dummy = SEC_ASN1EncodeInteger(poolp, &(envd->version), version);
210 if (dummy == NULL)
211 goto loser;
212
213 /* now we need to have a proper content encryption algorithm
214 * on the SMIME level, we would figure one out by looking at SMIME capabilities
215 * we cannot do that on our level, so if none is set already, we'll just go
216 * with one of the mandatory algorithms (3DES) */
217 if ((bulkalgtag = SecCmsContentInfoGetContentEncAlgTag(cinfo)) == SEC_OID_UNKNOWN) {
218 rv = SecCmsContentInfoSetContentEncAlg(cinfo, SEC_OID_DES_EDE3_CBC, NULL, 192);
219 if (rv != SECSuccess)
220 goto loser;
221 bulkalgtag = SEC_OID_DES_EDE3_CBC;
222 }
223
224 #if USE_CDSA_CRYPTO
225 algorithm = SECOID_FindyCssmAlgorithmByTag(bulkalgtag);
226 if (!algorithm)
227 goto loser;
228 rv = SecKeyGenerate(NULL, /* keychainRef */
229 algorithm,
230 SecCmsContentInfoGetBulkKeySize(cinfo),
231 0, /* contextHandle */
232 CSSM_KEYUSE_ENCRYPT | CSSM_KEYUSE_DECRYPT,
233 CSSM_KEYATTR_EXTRACTABLE,
234 NULL, /* initialAccess */
235 &bulkkey);
236 if (rv)
237 goto loser;
238 #else
239 {
240 size_t keysize = (cinfo->keysize + 7)/8;
241 uint8_t *key_material = (uint8_t *)malloc(keysize);
242 if (!key_material) {
243 goto loser;
244 }
245 require_noerr(SecRandomCopyBytes(kSecRandomDefault, keysize, key_material), loser);
246 bulkkey = (SecSymmetricKeyRef)CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, key_material, keysize, kCFAllocatorMalloc);
247 }
248 #endif
249
250 mark = PORT_ArenaMark(poolp);
251
252 /* Encrypt the bulk key with the public key of each recipient. */
253 for (i = 0; recipientinfos[i] != NULL; i++) {
254 rv = SecCmsRecipientInfoWrapBulkKey(recipientinfos[i], bulkkey, bulkalgtag);
255 if (rv != SECSuccess)
256 goto loser; /* error has been set by SecCmsRecipientInfoEncryptBulkKey */
257 /* could be: alg not supported etc. */
258 }
259
260 /* the recipientinfos are all finished. now sort them by DER for SET OF encoding */
261 rv = SecCmsArraySortByDER((void **)envd->recipientInfos, SecCmsRecipientInfoTemplate, NULL);
262 if (rv != SECSuccess)
263 goto loser; /* error has been set by SecCmsArraySortByDER */
264
265 /* store the bulk key in the contentInfo so that the encoder can find it */
266 SecCmsContentInfoSetBulkKey(cinfo, bulkkey);
267
268 PORT_ArenaUnmark(poolp, mark);
269
270 CFRelease(bulkkey);
271
272 return SECSuccess;
273
274 loser:
275 if (mark != NULL)
276 PORT_ArenaRelease (poolp, mark);
277 if (bulkkey)
278 CFRelease(bulkkey);
279
280 return SECFailure;
281 }
282
283 /*
284 * SecCmsEnvelopedDataEncodeBeforeData - set up encryption
285 *
286 * it is essential that this is called before the contentEncAlg is encoded, because
287 * setting up the encryption may generate IVs and thus change it!
288 */
289 OSStatus
290 SecCmsEnvelopedDataEncodeBeforeData(SecCmsEnvelopedDataRef envd)
291 {
292 SecCmsContentInfoRef cinfo;
293 SecSymmetricKeyRef bulkkey;
294 SECAlgorithmID *algid;
295
296 cinfo = &(envd->contentInfo);
297
298 /* find bulkkey and algorithm - must have been set by SecCmsEnvelopedDataEncodeBeforeStart */
299 bulkkey = SecCmsContentInfoGetBulkKey(cinfo);
300 if (bulkkey == NULL)
301 return SECFailure;
302 algid = SecCmsContentInfoGetContentEncAlg(cinfo);
303 if (algid == NULL)
304 return SECFailure;
305
306 /* this may modify algid (with IVs generated in a token).
307 * it is essential that algid is a pointer to the contentEncAlg data, not a
308 * pointer to a copy! */
309 cinfo->ciphcx = SecCmsCipherContextStartEncrypt(cinfo->cmsg->poolp, bulkkey, algid);
310 CFRelease(bulkkey);
311 if (cinfo->ciphcx == NULL)
312 return SECFailure;
313
314 return SECSuccess;
315 }
316
317 /*
318 * SecCmsEnvelopedDataEncodeAfterData - finalize this envelopedData for encoding
319 */
320 OSStatus
321 SecCmsEnvelopedDataEncodeAfterData(SecCmsEnvelopedDataRef envd)
322 {
323 if (envd->contentInfo.ciphcx) {
324 SecCmsCipherContextDestroy(envd->contentInfo.ciphcx);
325 envd->contentInfo.ciphcx = NULL;
326 }
327
328 /* nothing else to do after data */
329 return SECSuccess;
330 }
331
332 /*
333 * SecCmsEnvelopedDataDecodeBeforeData - find our recipientinfo,
334 * derive bulk key & set up our contentinfo
335 */
336 OSStatus
337 SecCmsEnvelopedDataDecodeBeforeData(SecCmsEnvelopedDataRef envd)
338 {
339 SecCmsRecipientInfoRef ri;
340 SecSymmetricKeyRef bulkkey = NULL;
341 SECOidTag bulkalgtag;
342 SECAlgorithmID *bulkalg;
343 OSStatus rv = SECFailure;
344 SecCmsContentInfoRef cinfo;
345 SecCmsRecipient **recipient_list = NULL;
346 SecCmsRecipient *recipient;
347 int rlIndex;
348
349 if (SecCmsArrayCount((void **)envd->recipientInfos) == 0) {
350 PORT_SetError(SEC_ERROR_BAD_DATA);
351 #if 0
352 PORT_SetErrorString("No recipient data in envelope.");
353 #endif
354 goto loser;
355 }
356
357 /* look if one of OUR cert's issuerSN is on the list of recipients, and if so, */
358 /* get the cert and private key for it right away */
359 recipient_list = nss_cms_recipient_list_create(envd->recipientInfos);
360 if (recipient_list == NULL)
361 goto loser;
362
363 cinfo = &(envd->contentInfo);
364 /* what about multiple recipientInfos that match?
365 * especially if, for some reason, we could not produce a bulk key with the first match?!
366 * we could loop & feed partial recipient_list to PK11_FindCertAndKeyByRecipientList...
367 * maybe later... */
368 rlIndex = nss_cms_FindCertAndKeyByRecipientList(recipient_list, cinfo->cmsg->pwfn_arg);
369
370 /* if that fails, then we're not an intended recipient and cannot decrypt */
371 if (rlIndex < 0) {
372 PORT_SetError(SEC_ERROR_NOT_A_RECIPIENT);
373 #if 0
374 PORT_SetErrorString("Cannot decrypt data because proper key cannot be found.");
375 #endif
376 goto loser;
377 }
378
379 recipient = recipient_list[rlIndex];
380 if (!recipient->cert || !recipient->privkey) {
381 /* XXX should set an error code ?!? */
382 goto loser;
383 }
384 /* get a pointer to "our" recipientinfo */
385 ri = envd->recipientInfos[recipient->riIndex];
386
387 bulkalgtag = SecCmsContentInfoGetContentEncAlgTag(cinfo);
388 if (bulkalgtag == SEC_OID_UNKNOWN) {
389 PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
390 } else
391 bulkkey = SecCmsRecipientInfoUnwrapBulkKey(ri,recipient->subIndex,
392 recipient->cert,
393 recipient->privkey,
394 bulkalgtag);
395 if (bulkkey == NULL) {
396 /* no success finding a bulk key */
397 goto loser;
398 }
399
400 SecCmsContentInfoSetBulkKey(cinfo, bulkkey);
401 // @@@ See 3401088 for details. We need to CFRelease cinfo->bulkkey before recipient->privkey gets CFReleased. It's created with SecKeyCreate which is not safe currently. If the private key's SecKeyRef from which we extracted the CSP gets CFRelease before the builkkey does we crash. We should really fix SecKeyCreate which is a huge hack currently. To work around this we add recipient->privkey to the cinfo so it gets when cinfo is destroyed.
402 CFRetain(recipient->privkey);
403 cinfo->privkey = recipient->privkey;
404
405 bulkalg = SecCmsContentInfoGetContentEncAlg(cinfo);
406
407 cinfo->ciphcx = SecCmsCipherContextStartDecrypt(bulkkey, bulkalg);
408 if (cinfo->ciphcx == NULL)
409 goto loser; /* error has been set by SecCmsCipherContextStartDecrypt */
410
411 #if 1
412 // @@@ Fix me
413 #else
414 /*
415 * HACK ALERT!!
416 * For PKCS5 Encryption Algorithms, the bulkkey is actually a different
417 * structure. Therefore, we need to set the bulkkey to the actual key
418 * prior to freeing it.
419 */
420 if (SEC_PKCS5IsAlgorithmPBEAlg(bulkalg)) {
421 SEC_PKCS5KeyAndPassword *keyPwd = (SEC_PKCS5KeyAndPassword *)bulkkey;
422 bulkkey = keyPwd->key;
423 }
424 #endif
425
426 rv = SECSuccess;
427
428 loser:
429 if (bulkkey)
430 CFRelease(bulkkey);
431 if (recipient_list != NULL)
432 nss_cms_recipient_list_destroy(recipient_list);
433 return rv;
434 }
435
436 /*
437 * SecCmsEnvelopedDataDecodeAfterData - finish decrypting this envelopedData's content
438 */
439 OSStatus
440 SecCmsEnvelopedDataDecodeAfterData(SecCmsEnvelopedDataRef envd)
441 {
442 if (envd && envd->contentInfo.ciphcx) {
443 SecCmsCipherContextDestroy(envd->contentInfo.ciphcx);
444 envd->contentInfo.ciphcx = NULL;
445 }
446
447 return SECSuccess;
448 }
449
450 /*
451 * SecCmsEnvelopedDataDecodeAfterEnd - finish decoding this envelopedData
452 */
453 OSStatus
454 SecCmsEnvelopedDataDecodeAfterEnd(SecCmsEnvelopedDataRef envd)
455 {
456 /* apply final touches */
457 return SECSuccess;
458 }
459
mirror of Security