+++ /dev/null
-/*
- * Copyright (c) 2003-2004,2011-2012,2014 Apple Inc. All Rights Reserved.
- *
- * @APPLE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_LICENSE_HEADER_END@
- */
-/*
- * pkcs12SafeBag.cpp : internal representation of various kinds
- * of P12 SafeBags
- */
-
-#include "pkcs12SafeBag.h"
-#include "pkcs12Debug.h"
-#include "pkcs12Utils.h"
-#include <string.h>
-#include <assert.h>
-#include <Security/Security.h>
-#include <Security/SecKeyPriv.h>
-#include <Security/SecAsn1Templates.h>
-#include <security_asn1/nssUtils.h>
-
-/*
- * P12SafeBag, abstract superclass of all safe bags.
- *
- * Constructor for decoding. Attr may include friendlyName and localKeyId;
- * It may also be empty or NULL.
- */
-P12SafeBag::P12SafeBag(
- NSS_Attribute **attrs, // including friendlyName, etc.
- SecNssCoder &coder)
- : mBagAttrs(coder),
- mCoder(coder)
-{
- mFriendlyName.Data = mLocalKeyId.Data = NULL;
- mFriendlyName.Length = mLocalKeyId.Length = 0;
-
- /* parse attrs into friendlyName, localKeyId, and generic attrs */
- unsigned numAttrs = nssArraySize((const void **)attrs);
- for(unsigned dex=0; dex<numAttrs; dex++) {
- NSS_Attribute *attr = attrs[dex];
- unsigned numValues = nssArraySize((const void**)attr->attrValue);
-
- if(nssCompareCssmData(&attr->attrType,
- &CSSMOID_PKCS9_FriendlyName)) {
- /*
- * BMP string (UniCode). Spec says only one legal value.
- */
- if(numValues != 1) {
- p12ErrorLog("FriendlyName with %u values\n", numValues);
- /* but let's keep going if we can */
- if(numValues == 0) {
- P12_THROW_DECODE;
- }
- }
- if(mCoder.decodeItem(*attr->attrValue[0],
- kSecAsn1BMPStringTemplate, &mFriendlyName)) {
- p12ErrorLog("***Error decoding FriendlyName string\n");
- P12_THROW_DECODE;
- }
- }
- else if(nssCompareCssmData(&attr->attrType,
- &CSSMOID_PKCS9_LocalKeyId)) {
- /*
- * Octet string. Spec says only one legal value.
- */
- if(numValues != 1) {
- p12ErrorLog("LocalKeyId with %u values\n", numValues);
- /* but let's keep going if we can */
- if(numValues == 0) {
- P12_THROW_DECODE;
- }
- }
- if(mCoder.decodeItem(*attr->attrValue[0],
- kSecAsn1OctetStringTemplate, &mLocalKeyId)) {
- p12ErrorLog("***Error decoding LocalKeyId\n");
- P12_THROW_DECODE;
- }
- }
- else {
- /* others */
- mBagAttrs.addAttr(*attr);
- }
- }
-}
-
-/*
- * Constructor for encoding. All arguments except for the coder
- * are optional.
- */
-P12SafeBag::P12SafeBag(
- CFStringRef fname,
- CFDataRef keyId,
- P12BagAttrs *otherAttrs, // optional
- SecNssCoder &coder)
- : mBagAttrs(otherAttrs, coder),
- mCoder(coder)
-{
- friendlyName(fname);
- localKeyId(keyId);
-}
-
-P12SafeBag::~P12SafeBag()
-{
- /* nothing if everything we allocd is via mCoder */
-}
-
-/*
- * Setters in CF terms, used when constructing prior
- * to encoding.
- */
-void P12SafeBag::friendlyName(
- CFStringRef fname)
-{
- CFIndex len = 0;
-
- if(fname != NULL) {
- len = CFStringGetLength(fname);
- }
- if(len == 0) {
- mFriendlyName.Data = NULL;
- mFriendlyName.Length = 0;
- return;
- }
-
- /* convert unicode to byte array */
- unsigned flen = (unsigned)(len * sizeof(UniChar));
- mCoder.allocItem(mFriendlyName, flen);
- unsigned char *cp = mFriendlyName.Data;
- for(CFIndex dex=0; dex<len; dex++) {
- UniChar uc = CFStringGetCharacterAtIndex(fname, dex);
- *cp++ = uc >> 8;
- *cp++ = uc & 0xff;
- }
-}
-
-void P12SafeBag::localKeyId(
- CFDataRef keyId)
-{
- CFIndex len = 0;
-
- if(keyId != NULL) {
- len = CFDataGetLength(keyId);
- }
- if(len == 0) {
- mLocalKeyId.Data = NULL;
- mLocalKeyId.Length = 0;
- return;
- }
- mCoder.allocItem(mLocalKeyId, len);
- const UInt8 *cp = CFDataGetBytePtr(keyId);
- memmove(mLocalKeyId.Data, cp, len);
-}
-
-/*
- * Copy out all attrs in API form. All incoming ptrs
- * are optional.
- */
-void P12SafeBag::copyAllAttrs(
- CFStringRef *fName,
- CFDataRef *keyId,
- P12BagAttrs **bagAttrs)
-{
- if(fName) {
- *fName = friendlyName();
- }
- if(keyId) {
- *keyId = localKeyId();
- }
- if(bagAttrs) {
- if(mBagAttrs.numAttrs()) {
- /* make a copy of our bag attrs */
- P12BagAttrs *attrs = new P12BagAttrs(&mBagAttrs, mCoder);
- *bagAttrs = attrs;
- }
- else {
- *bagAttrs = NULL;
- }
- }
-}
-
-
-/* getters in CF terms - result is created and returned */
-CFStringRef P12SafeBag::friendlyName()
-{
- if(mFriendlyName.Data == NULL) {
- /* not present, no error */
- return NULL;
- }
- /* shouldn't have stored this if it's an odd number of bytes */
- assert((mFriendlyName.Length & 1) == 0);
-
- /* convert byte array to unicode */
- unsigned long strLen = mFriendlyName.Length / 2;
- UniChar *uc = (UniChar *)malloc(strLen * sizeof(UniChar));
- const uint8 *inp = mFriendlyName.Data;
- UniChar *outp = uc;
- while(inp < (mFriendlyName.Data + mFriendlyName.Length)) {
- *outp = (((unsigned)inp[0]) << 8) | inp[1];
- outp++;
- inp += 2;
- }
- CFStringRef cstr = CFStringCreateWithCharacters(NULL, uc, strLen);
- free(uc);
- return cstr;
-}
-
-CFDataRef P12SafeBag::localKeyId()
-{
- if(mLocalKeyId.Data == NULL) {
- /* not present, no error */
- return NULL;
- }
- return CFDataCreate(NULL, (const UInt8 *)mLocalKeyId.Data,
- mLocalKeyId.Length);
-}
-
-/*
- * Get all attrs, including friendlyName and localKeyId,
- * in preparation for encoding.
- */
-NSS_Attribute **P12SafeBag::getAllAttrs()
-{
- unsigned numAttrs = mBagAttrs.numAttrs();
- if(mFriendlyName.Data) {
- numAttrs++;
- }
- if(mLocalKeyId.Data) {
- numAttrs++;
- }
- NSS_Attribute **attrs =
- (NSS_Attribute **)p12NssNullArray(numAttrs, mCoder);
- unsigned outDex=0;
- for(unsigned i=0; i<mBagAttrs.numAttrs(); i++) {
- attrs[outDex++] = mBagAttrs.getAttr(i);
- }
- if(mFriendlyName.Data) {
- CSSM_DATA berName = {0, NULL};
- if(mCoder.encodeItem(&mFriendlyName, kSecAsn1BMPStringTemplate,
- berName)) {
- p12ErrorLog("***Error encoding FriendlyName string\n");
- P12_THROW_ENCODE;
- }
- attrs[outDex++] = makeAttr(CSSMOID_PKCS9_FriendlyName,
- berName);
- }
- if(mLocalKeyId.Data) {
- CSSM_DATA berName = {0, NULL};
- if(mCoder.encodeItem(&mLocalKeyId, kSecAsn1OctetStringTemplate,
- berName)) {
- p12ErrorLog("***Error encoding LocalKeyId string\n");
- P12_THROW_ENCODE;
- }
- attrs[outDex++] = makeAttr(CSSMOID_PKCS9_LocalKeyId,
- berName);
- }
- assert(outDex == numAttrs);
- return attrs;
-}
-
-/*
- * Create an NSS_Attribute * for friendlyName or keyId
- */
-NSS_Attribute *P12SafeBag::makeAttr(
- const CSSM_OID &attrId,
- const CSSM_DATA &attrValue)
-{
- NSS_Attribute *attr = mCoder.mallocn<NSS_Attribute>();
- mCoder.allocCopyItem(attrId, attr->attrType);
- attr->attrValue = mCoder.mallocn<CSSM_DATA *>(2);
- attr->attrValue[0] = mCoder.mallocn<CSSM_DATA>();
- attr->attrValue[1] = NULL;
- mCoder.allocCopyItem(attrValue, *attr->attrValue[0]);
- return attr;
-}
-
-/*
- * Individual bag types
- */
-
-/* decode */
-P12CertBag::P12CertBag(
- NSS_P12_CertBagType certType, // CT_X509, CT_SDSI
- CSSM_DATA &certData,
- NSS_Attribute **attrs, // optional
- SecNssCoder &coder)
- : P12SafeBag(attrs, coder),
- mCertType(certType),
- mCertRef(NULL)
-{
- coder.allocCopyItem(certData, mCertData);
-}
-
-/* encode */
-P12CertBag::P12CertBag(
- NSS_P12_CertBagType certType, // CT_X509, CT_SDSI
- CSSM_DATA &certData,
- CFStringRef fname,
- CFDataRef keyId,
- P12BagAttrs *otherAttrs,
- SecNssCoder &coder)
- : P12SafeBag(fname, keyId, otherAttrs, coder),
- mCertType(certType),
- mCertRef(NULL)
-{
- coder.allocCopyItem(certData, mCertData);
-}
-
-P12CertBag::~P12CertBag()
-{
- if(mCertRef) {
- CFRelease(mCertRef);
- }
- /* everything else we allocd is via mCoder */
-}
-
-/* convert to P12CertBag to SecCertificateRef */
-SecCertificateRef P12CertBag::getSecCert()
-{
- if(mCertRef) {
- CFRetain(mCertRef); /* a ref count for the caller */
- return mCertRef;
- }
-
- /* lazy creation... */
- CSSM_CERT_TYPE certType;
- CSSM_CERT_ENCODING certEncoding;
- switch(mCertType) {
- case CT_X509:
- certType = CSSM_CERT_X_509v3;
- certEncoding = CSSM_CERT_ENCODING_DER;
- break;
- case CT_SDSI:
- certType = CSSM_CERT_SDSIv1;
- /* it's base64 encoded - no value for that in this enum */
- certEncoding = CSSM_CERT_ENCODING_UNKNOWN;
- break;
- default:
- /* shouldn't currently happen, but... */
- certType = CSSM_CERT_UNKNOWN;
- certEncoding = CSSM_CERT_ENCODING_UNKNOWN;
- break;
- }
- OSStatus ortn = SecCertificateCreateFromData(
- &mCertData,
- certType,
- certEncoding,
- &mCertRef);
- if(ortn) {
- MacOSError::throwMe(ortn);
- }
-
- /* One ref count for us, one for the caller */
- CFRetain(mCertRef);
- return mCertRef;
-}
-
-P12CrlBag::P12CrlBag(
- NSS_P12_CrlBagType crlType, // CRT_X509, only for now
- CSSM_DATA &crlData,
- NSS_Attribute **attrs, // optional
- SecNssCoder &coder)
- : P12SafeBag(attrs, coder),
- mCrlType(crlType)
-{
- coder.allocCopyItem(crlData, mCrlData);
-}
-
-P12CrlBag::P12CrlBag(
- NSS_P12_CrlBagType crlType, // CRT_X509, only for now
- CFDataRef crlData,
- CFStringRef fname,
- CFDataRef keyId,
- P12BagAttrs *otherAttrs,
- SecNssCoder &coder)
- : P12SafeBag(fname, keyId, otherAttrs, coder),
- mCrlType(crlType)
-{
- coder.allocCopyItem(CFDataGetBytePtr(crlData),
- CFDataGetLength(crlData), mCrlData);
-}
-
-P12CrlBag::~P12CrlBag()
-{
- /* nothing if everything we allocd is via mCoder */
-}
-
-/*
- * For decode - both shrouded and plain.
- * On decode, we own the key and will do the CSSM_FreeKey in
- * our destructor. Caller owns the actual CSSM_KEY memory.
- */
-P12KeyBag::P12KeyBag(
- CSSM_KEY_PTR key,
- CSSM_CSP_HANDLE cspHand,
- NSS_Attribute **attrs, // optional
- CSSM_DATA &labelData,
- SecNssCoder &coder)
- : P12SafeBag(attrs, coder),
- mKey(key),
- mCspHand(cspHand),
- mKeyRef(NULL),
- mWeOwnKey(true),
- mPrivKeyCreds(NULL),
- mDupKey(false)
-{
- setLabel(labelData);
-}
-
-/* for encode - app owns CSSM_KEY */
-P12KeyBag::P12KeyBag(
- const CSSM_KEY *key,
- CSSM_CSP_HANDLE cspHand,
- CFStringRef fname,
- CFDataRef keyId,
- P12BagAttrs *otherAttrs,
- SecNssCoder &coder,
- SecKeyRef keyRef /* = NULL */)
-
- : P12SafeBag(fname, keyId, otherAttrs, coder),
- mKey((CSSM_KEY_PTR)key),
- mCspHand(cspHand),
- mKeyRef(keyRef),
- mWeOwnKey(false), // app giveth, app taketh away
- mPrivKeyCreds(NULL),
- mDupKey(false)
-{
- if(mKeyRef) {
- CFRetain(mKeyRef);
- /*
- * Get creds associated with this key
- */
- OSStatus ortn = SecKeyGetCredentials(mKeyRef,
- CSSM_ACL_AUTHORIZATION_EXPORT_WRAPPED,
- kSecCredentialTypeDefault,
- &mPrivKeyCreds);
- if(ortn) {
- p12LogCssmError("SecKeyGetCredentials", ortn);
- MacOSError::throwMe(ortn);
- }
- }
- mLabel.Data = NULL;
- mLabel.Length = 0;
-}
-
-
-P12KeyBag::~P12KeyBag()
-{
- freeKey();
-}
-
-void P12KeyBag::setLabel(
- const CSSM_DATA &newLabel)
-{
- mCoder.allocCopyItem(newLabel, mLabel);
-}
-
-/* reusable key setter */
-void P12KeyBag::setKey(
- CSSM_KEY_PTR cssmKey)
-{
- freeKey();
- mKey = cssmKey;
-}
-
-void P12KeyBag::freeKey()
-{
- if(mWeOwnKey) {
- assert(mKey != NULL);
- assert(mCspHand != 0);
- CSSM_FreeKey(mCspHand, NULL, mKey, CSSM_FALSE);
- }
- mKey = NULL;
- if(mKeyRef) {
- CFRelease(mKeyRef);
- mKeyRef = NULL;
- }
-}
-
-/*
- * Others we don't implement
- */
-P12OpaqueBag::P12OpaqueBag(
- const CSSM_OID &oid,
- const CSSM_DATA &blob,
- NSS_Attribute **attrs, // optional
- SecNssCoder &coder)
- : P12SafeBag(attrs, coder)
-{
- coder.allocCopyItem(oid, mOid);
- coder.allocCopyItem(blob, mBlob);
-}
-
-P12OpaqueBag::P12OpaqueBag(
- CFDataRef oid,
- CFDataRef blob,
- CFStringRef fname,
- CFDataRef keyId,
- P12BagAttrs *otherAttrs,
- SecNssCoder &coder)
- : P12SafeBag(fname, keyId, otherAttrs, coder)
-{
- coder.allocCopyItem(CFDataGetBytePtr(oid),
- CFDataGetLength(oid), mOid);
- coder.allocCopyItem(CFDataGetBytePtr(blob),
- CFDataGetLength(blob), mBlob);
-}
-
-P12OpaqueBag::~P12OpaqueBag()
-{
- /* nothing if everything we allocd is via mCoder */
-}
-
projects / apple / security.git / blobdiff