+++ /dev/null
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * CMS recipientInfo methods.
- */
-
-#include "cmslocal.h"
-
-#include "cert.h"
-#include "secitem.h"
-#include "secoid.h"
-
-#include <security_asn1/secasn1.h>
-#include <security_asn1/secerr.h>
-#include <Security/SecKeyPriv.h>
-#include <Security/SecCertificatePriv.h>
-#include <Security/SecCmsRecipientInfo.h>
-
-static Boolean
-nss_cmsrecipientinfo_usessubjectkeyid(SecCmsRecipientInfoRef ri)
-{
- if (ri->recipientInfoType == SecCmsRecipientInfoIDKeyTrans) {
- SecCmsRecipientIdentifier *rid;
- rid = &ri->ri.keyTransRecipientInfo.recipientIdentifier;
- if (rid->identifierType == SecCmsRecipientIDSubjectKeyID) {
- return PR_TRUE;
- }
- }
- return PR_FALSE;
-}
-
-
-static SecCmsRecipientInfoRef
-nss_cmsrecipientinfo_create(SecCmsMessageRef cmsg, SecCmsRecipientIDSelector type,
- SecCertificateRef cert, SecPublicKeyRef pubKey,
- CSSM_DATA_PTR subjKeyID)
-{
- SecCmsRecipientInfoRef ri;
- void *mark;
- SECOidTag certalgtag;
- OSStatus rv = SECSuccess;
- SecCmsRecipientEncryptedKey *rek;
- SecCmsOriginatorIdentifierOrKey *oiok;
- unsigned long version;
- CSSM_DATA_PTR dummy;
- PLArenaPool *poolp;
- const SECAlgorithmID *algid;
- SecCmsRecipientIdentifier *rid;
-
- poolp = cmsg->poolp;
-
- mark = PORT_ArenaMark(poolp);
-
- ri = (SecCmsRecipientInfoRef)PORT_ArenaZAlloc(poolp, sizeof(SecCmsRecipientInfo));
- if (ri == NULL)
- goto loser;
-
- ri->cmsg = cmsg;
- if (type == SecCmsRecipientIDIssuerSN)
- {
- ri->cert = CERT_DupCertificate(cert);
- if (ri->cert == NULL)
- goto loser;
- rv = SecCertificateGetAlgorithmID(cert,&algid);
- } else {
- PORT_Assert(pubKey);
- rv = SecKeyGetAlgorithmID(pubKey,&algid);
- }
-
- certalgtag = SECOID_GetAlgorithmTag(algid);
-
- rid = &ri->ri.keyTransRecipientInfo.recipientIdentifier;
- switch (certalgtag) {
- case SEC_OID_PKCS1_RSA_ENCRYPTION:
- ri->recipientInfoType = SecCmsRecipientInfoIDKeyTrans;
- rid->identifierType = type;
- if (type == SecCmsRecipientIDIssuerSN) {
- rid->id.issuerAndSN = CERT_GetCertIssuerAndSN(poolp, cert);
- if (rid->id.issuerAndSN == NULL) {
- break;
- }
- } else if (type == SecCmsRecipientIDSubjectKeyID){
- SecCmsKeyTransRecipientInfoEx *riExtra;
-
- rid->id.subjectKeyID = PORT_ArenaNew(poolp, CSSM_DATA);
- if (rid->id.subjectKeyID == NULL) {
- rv = SECFailure;
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- break;
- }
- SECITEM_CopyItem(poolp, rid->id.subjectKeyID, subjKeyID);
- if (rid->id.subjectKeyID->Data == NULL) {
- rv = SECFailure;
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- break;
- }
- riExtra = &ri->ri.keyTransRecipientInfoEx;
- riExtra->version = 0;
- riExtra->pubKey = SECKEY_CopyPublicKey(pubKey);
- if (riExtra->pubKey == NULL) {
- rv = SECFailure;
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- break;
- }
- } else {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- rv = SECFailure;
- }
- break;
- case SEC_OID_MISSI_KEA_DSS_OLD:
- case SEC_OID_MISSI_KEA_DSS:
- case SEC_OID_MISSI_KEA:
- PORT_Assert(type != SecCmsRecipientIDSubjectKeyID);
- if (type == SecCmsRecipientIDSubjectKeyID) {
- rv = SECFailure;
- break;
- }
- /* backward compatibility - this is not really a keytrans operation */
- ri->recipientInfoType = SecCmsRecipientInfoIDKeyTrans;
- /* hardcoded issuerSN choice for now */
- ri->ri.keyTransRecipientInfo.recipientIdentifier.identifierType = SecCmsRecipientIDIssuerSN;
- ri->ri.keyTransRecipientInfo.recipientIdentifier.id.issuerAndSN = CERT_GetCertIssuerAndSN(poolp, cert);
- if (ri->ri.keyTransRecipientInfo.recipientIdentifier.id.issuerAndSN == NULL) {
- rv = SECFailure;
- break;
- }
- break;
- case SEC_OID_X942_DIFFIE_HELMAN_KEY: /* dh-public-number */
- PORT_Assert(type != SecCmsRecipientIDSubjectKeyID);
- if (type == SecCmsRecipientIDSubjectKeyID) {
- rv = SECFailure;
- break;
- }
- /* a key agreement op */
- ri->recipientInfoType = SecCmsRecipientInfoIDKeyAgree;
-
- if (ri->ri.keyTransRecipientInfo.recipientIdentifier.id.issuerAndSN == NULL) {
- rv = SECFailure;
- break;
- }
- /* we do not support the case where multiple recipients
- * share the same KeyAgreeRecipientInfo and have multiple RecipientEncryptedKeys
- * in this case, we would need to walk all the recipientInfos, take the
- * ones that do KeyAgreement algorithms and join them, algorithm by algorithm
- * Then, we'd generate ONE ukm and OriginatorIdentifierOrKey */
-
- /* only epheremal-static Diffie-Hellman is supported for now
- * this is the only form of key agreement that provides potential anonymity
- * of the sender, plus we do not have to include certs in the message */
-
- /* force single recipientEncryptedKey for now */
- if ((rek = SecCmsRecipientEncryptedKeyCreate(poolp)) == NULL) {
- rv = SECFailure;
- break;
- }
-
- /* hardcoded IssuerSN choice for now */
- rek->recipientIdentifier.identifierType = SecCmsKeyAgreeRecipientIDIssuerSN;
- if ((rek->recipientIdentifier.id.issuerAndSN = CERT_GetCertIssuerAndSN(poolp, cert)) == NULL) {
- rv = SECFailure;
- break;
- }
-
- oiok = &(ri->ri.keyAgreeRecipientInfo.originatorIdentifierOrKey);
-
- /* see RFC2630 12.3.1.1 */
- oiok->identifierType = SecCmsOriginatorIDOrKeyOriginatorPublicKey;
-
- rv = SecCmsArrayAdd(poolp, (void ***)&ri->ri.keyAgreeRecipientInfo.recipientEncryptedKeys,
- (void *)rek);
-
- break;
-
- case SEC_OID_EC_PUBLIC_KEY:
- /* ephemeral-static ECDH - issuerAndSN, OriginatorPublicKey only */
- PORT_Assert(type != SecCmsRecipientIDSubjectKeyID);
- if (type == SecCmsRecipientIDSubjectKeyID) {
- rv = SECFailure;
- break;
- }
- /* a key agreement op */
- ri->recipientInfoType = SecCmsRecipientInfoIDKeyAgree;
- ri->ri.keyTransRecipientInfo.recipientIdentifier.id.issuerAndSN = CERT_GetCertIssuerAndSN(poolp, cert);
- if (ri->ri.keyTransRecipientInfo.recipientIdentifier.id.issuerAndSN == NULL) {
- rv = SECFailure;
- break;
- }
- /* we do not support the case where multiple recipients
- * share the same KeyAgreeRecipientInfo and have multiple RecipientEncryptedKeys
- * in this case, we would need to walk all the recipientInfos, take the
- * ones that do KeyAgreement algorithms and join them, algorithm by algorithm
- * Then, we'd generate ONE ukm and OriginatorIdentifierOrKey */
-
- /* force single recipientEncryptedKey for now */
- if ((rek = SecCmsRecipientEncryptedKeyCreate(poolp)) == NULL) {
- rv = SECFailure;
- break;
- }
-
- /* hardcoded IssuerSN choice for now */
- rek->recipientIdentifier.identifierType = SecCmsKeyAgreeRecipientIDIssuerSN;
- if ((rek->recipientIdentifier.id.issuerAndSN = CERT_GetCertIssuerAndSN(poolp, cert)) == NULL) {
- rv = SECFailure;
- break;
- }
-
- oiok = &(ri->ri.keyAgreeRecipientInfo.originatorIdentifierOrKey);
-
- /* see RFC 3278 3.1.1 */
- oiok->identifierType = SecCmsOriginatorIDOrKeyOriginatorPublicKey;
-
- rv = SecCmsArrayAdd(poolp, (void ***)&ri->ri.keyAgreeRecipientInfo.recipientEncryptedKeys,
- (void *)rek);
-
- break;
-
- default:
- /* other algorithms not supported yet */
- /* NOTE that we do not support any KEK algorithm */
- PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
- rv = SECFailure;
- break;
- }
-
- if (rv == SECFailure)
- goto loser;
-
- /* set version */
- switch (ri->recipientInfoType) {
- case SecCmsRecipientInfoIDKeyTrans:
- if (ri->ri.keyTransRecipientInfo.recipientIdentifier.identifierType == SecCmsRecipientIDIssuerSN)
- version = SEC_CMS_KEYTRANS_RECIPIENT_INFO_VERSION_ISSUERSN;
- else
- version = SEC_CMS_KEYTRANS_RECIPIENT_INFO_VERSION_SUBJKEY;
- dummy = SEC_ASN1EncodeInteger(poolp, &(ri->ri.keyTransRecipientInfo.version), version);
- if (dummy == NULL)
- goto loser;
- break;
- case SecCmsRecipientInfoIDKeyAgree:
- dummy = SEC_ASN1EncodeInteger(poolp, &(ri->ri.keyAgreeRecipientInfo.version),
- SEC_CMS_KEYAGREE_RECIPIENT_INFO_VERSION);
- if (dummy == NULL)
- goto loser;
- break;
- case SecCmsRecipientInfoIDKEK:
- /* NOTE: this cannot happen as long as we do not support any KEK algorithm */
- dummy = SEC_ASN1EncodeInteger(poolp, &(ri->ri.kekRecipientInfo.version),
- SEC_CMS_KEK_RECIPIENT_INFO_VERSION);
- if (dummy == NULL)
- goto loser;
- break;
-
- }
-
- PORT_ArenaUnmark (poolp, mark);
-#if 0
- if (freeSpki)
- SECKEY_DestroySubjectPublicKeyInfo(freeSpki);
-#endif
- return ri;
-
-loser:
-#if 0
- if (freeSpki)
- SECKEY_DestroySubjectPublicKeyInfo(freeSpki);
-#endif
- PORT_ArenaRelease (poolp, mark);
- return NULL;
-}
-
-/*
- * SecCmsRecipientInfoCreate - create a recipientinfo
- *
- * we currently do not create KeyAgreement recipientinfos with multiple
- * recipientEncryptedKeys the certificate is supposed to have been
- * verified by the caller
- */
-SecCmsRecipientInfoRef
-SecCmsRecipientInfoCreate(SecCmsMessageRef cmsg, SecCertificateRef cert)
-{
- return nss_cmsrecipientinfo_create(cmsg, SecCmsRecipientIDIssuerSN, cert,
- NULL, NULL);
-}
-
-SecCmsRecipientInfoRef
-SecCmsRecipientInfoCreateWithSubjKeyID(SecCmsMessageRef cmsg,
- CSSM_DATA_PTR subjKeyID,
- SecPublicKeyRef pubKey)
-{
- return nss_cmsrecipientinfo_create(cmsg, SecCmsRecipientIDSubjectKeyID,
- NULL, pubKey, subjKeyID);
-}
-
-SecCmsRecipientInfoRef
-SecCmsRecipientInfoCreateWithSubjKeyIDFromCert(SecCmsMessageRef cmsg,
- SecCertificateRef cert)
-{
- SecPublicKeyRef pubKey = NULL;
- CSSM_DATA subjKeyID = {0, NULL};
- SecCmsRecipientInfoRef retVal = NULL;
-
- if (!cmsg || !cert) {
- return NULL;
- }
- pubKey = CERT_ExtractPublicKey(cert);
- if (!pubKey) {
- goto done;
- }
- if (CERT_FindSubjectKeyIDExtension(cert, &subjKeyID) != SECSuccess ||
- subjKeyID.Data == NULL) {
- goto done;
- }
- retVal = SecCmsRecipientInfoCreateWithSubjKeyID(cmsg, &subjKeyID, pubKey);
-done:
- if (pubKey)
- SECKEY_DestroyPublicKey(pubKey);
-
- if (subjKeyID.Data)
- SECITEM_FreeItem(&subjKeyID, PR_FALSE);
-
- return retVal;
-}
-
-void
-SecCmsRecipientInfoDestroy(SecCmsRecipientInfoRef ri)
-{
- /* version was allocated on the pool, so no need to destroy it */
- /* issuerAndSN was allocated on the pool, so no need to destroy it */
- if (ri->cert != NULL)
- CERT_DestroyCertificate(ri->cert);
-
- if (nss_cmsrecipientinfo_usessubjectkeyid(ri)) {
- SecCmsKeyTransRecipientInfoEx *extra;
- extra = &ri->ri.keyTransRecipientInfoEx;
- if (extra->pubKey)
- SECKEY_DestroyPublicKey(extra->pubKey);
- }
-
- /* recipientInfo structure itself was allocated on the pool, so no need to destroy it */
- /* we're done. */
-}
-
-int
-SecCmsRecipientInfoGetVersion(SecCmsRecipientInfoRef ri)
-{
- unsigned long version;
- CSSM_DATA_PTR versionitem = NULL;
-
- switch (ri->recipientInfoType) {
- case SecCmsRecipientInfoIDKeyTrans:
- /* ignore subIndex */
- versionitem = &(ri->ri.keyTransRecipientInfo.version);
- break;
- case SecCmsRecipientInfoIDKEK:
- /* ignore subIndex */
- versionitem = &(ri->ri.kekRecipientInfo.version);
- break;
- case SecCmsRecipientInfoIDKeyAgree:
- versionitem = &(ri->ri.keyAgreeRecipientInfo.version);
- break;
- }
-
- PORT_Assert(versionitem);
- if (versionitem == NULL)
- return 0;
-
- /* always take apart the CSSM_DATA */
- if (SEC_ASN1DecodeInteger(versionitem, &version) != SECSuccess)
- return 0;
- else
- return (int)version;
-}
-
-CSSM_DATA_PTR
-SecCmsRecipientInfoGetEncryptedKey(SecCmsRecipientInfoRef ri, int subIndex)
-{
- CSSM_DATA_PTR enckey = NULL;
-
- switch (ri->recipientInfoType) {
- case SecCmsRecipientInfoIDKeyTrans:
- /* ignore subIndex */
- enckey = &(ri->ri.keyTransRecipientInfo.encKey);
- break;
- case SecCmsRecipientInfoIDKEK:
- /* ignore subIndex */
- enckey = &(ri->ri.kekRecipientInfo.encKey);
- break;
- case SecCmsRecipientInfoIDKeyAgree:
- enckey = &(ri->ri.keyAgreeRecipientInfo.recipientEncryptedKeys[subIndex]->encKey);
- break;
- }
- return enckey;
-}
-
-
-SECOidTag
-SecCmsRecipientInfoGetKeyEncryptionAlgorithmTag(SecCmsRecipientInfoRef ri)
-{
- SECOidTag encalgtag = SEC_OID_UNKNOWN; /* an invalid encryption alg */
-
- switch (ri->recipientInfoType) {
- case SecCmsRecipientInfoIDKeyTrans:
- encalgtag = SECOID_GetAlgorithmTag(&(ri->ri.keyTransRecipientInfo.keyEncAlg));
- break;
- case SecCmsRecipientInfoIDKeyAgree:
- encalgtag = SECOID_GetAlgorithmTag(&(ri->ri.keyAgreeRecipientInfo.keyEncAlg));
- break;
- case SecCmsRecipientInfoIDKEK:
- encalgtag = SECOID_GetAlgorithmTag(&(ri->ri.kekRecipientInfo.keyEncAlg));
- break;
- }
- return encalgtag;
-}
-
-OSStatus
-SecCmsRecipientInfoWrapBulkKey(SecCmsRecipientInfoRef ri, SecSymmetricKeyRef bulkkey,
- SECOidTag bulkalgtag)
-{
- SecCertificateRef cert;
- SECOidTag certalgtag;
- OSStatus rv = SECSuccess;
-#if 0
- CSSM_DATA_PTR params = NULL;
-#endif /* 0 */
- SecCmsRecipientEncryptedKey *rek;
- SecCmsOriginatorIdentifierOrKey *oiok;
- const SECAlgorithmID *algid;
- PLArenaPool *poolp;
- SecCmsKeyTransRecipientInfoEx *extra = NULL;
- Boolean usesSubjKeyID;
- uint8 nullData[2] = {SEC_ASN1_NULL, 0};
- SECItem nullItem;
- SecCmsKeyAgreeRecipientInfo *kari;
-
- poolp = ri->cmsg->poolp;
- cert = ri->cert;
- usesSubjKeyID = nss_cmsrecipientinfo_usessubjectkeyid(ri);
- if (cert) {
- rv = SecCertificateGetAlgorithmID(cert,&algid);
- if (rv)
- return SECFailure;
- certalgtag = SECOID_GetAlgorithmTag(algid);
- } else if (usesSubjKeyID) {
- extra = &ri->ri.keyTransRecipientInfoEx;
- /* sanity check */
- PORT_Assert(extra->pubKey);
- if (!extra->pubKey) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
- rv = SecKeyGetAlgorithmID(extra->pubKey,&algid);
- if (rv)
- return SECFailure;
- certalgtag = SECOID_GetAlgorithmTag(algid);
- } else {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
-
- /* XXX set ri->recipientInfoType to the proper value here */
- /* or should we look if it's been set already ? */
-
- certalgtag = SECOID_GetAlgorithmTag(algid);
- switch (certalgtag) {
- case SEC_OID_PKCS1_RSA_ENCRYPTION:
- /* wrap the symkey */
- if (cert) {
- rv = SecCmsUtilEncryptSymKeyRSA(poolp, cert, bulkkey,
- &ri->ri.keyTransRecipientInfo.encKey);
- if (rv != SECSuccess)
- break;
- } else if (usesSubjKeyID) {
- PORT_Assert(extra != NULL);
- rv = SecCmsUtilEncryptSymKeyRSAPubKey(poolp, extra->pubKey,
- bulkkey, &ri->ri.keyTransRecipientInfo.encKey);
- if (rv != SECSuccess)
- break;
- }
-
- rv = SECOID_SetAlgorithmID(poolp, &(ri->ri.keyTransRecipientInfo.keyEncAlg), certalgtag, NULL);
- break;
-#if 0
- case SEC_OID_MISSI_KEA_DSS_OLD:
- case SEC_OID_MISSI_KEA_DSS:
- case SEC_OID_MISSI_KEA:
- rv = SecCmsUtilEncryptSymKeyMISSI(poolp, cert, bulkkey,
- bulkalgtag,
- &ri->ri.keyTransRecipientInfo.encKey,
- ¶ms, ri->cmsg->pwfn_arg);
- if (rv != SECSuccess)
- break;
-
- /* here, we DO need to pass the params to the wrap function because, with
- * RSA, there is no funny stuff going on with generation of IV vectors or so */
- rv = SECOID_SetAlgorithmID(poolp, &(ri->ri.keyTransRecipientInfo.keyEncAlg), certalgtag, params);
- break;
- case SEC_OID_X942_DIFFIE_HELMAN_KEY: /* dh-public-number */
- rek = ri->ri.keyAgreeRecipientInfo.recipientEncryptedKeys[0];
- if (rek == NULL) {
- rv = SECFailure;
- break;
- }
-
- oiok = &(ri->ri.keyAgreeRecipientInfo.originatorIdentifierOrKey);
- PORT_Assert(oiok->identifierType == SecCmsOriginatorIDOrKeyOriginatorPublicKey);
-
- /* see RFC2630 12.3.1.1 */
- if (SECOID_SetAlgorithmID(poolp, &oiok->id.originatorPublicKey.algorithmIdentifier,
- SEC_OID_X942_DIFFIE_HELMAN_KEY, NULL) != SECSuccess) {
- rv = SECFailure;
- break;
- }
-
- /* this will generate a key pair, compute the shared secret, */
- /* derive a key and ukm for the keyEncAlg out of it, encrypt the bulk key with */
- /* the keyEncAlg, set encKey, keyEncAlg, publicKey etc. */
- rv = SecCmsUtilEncryptSymKeyESDH(poolp, cert, bulkkey,
- &rek->encKey,
- &ri->ri.keyAgreeRecipientInfo.ukm,
- &ri->ri.keyAgreeRecipientInfo.keyEncAlg,
- &oiok->id.originatorPublicKey.publicKey);
-
- break;
-#endif /* 0 */
-
- case SEC_OID_EC_PUBLIC_KEY:
- /* These were set up in nss_cmsrecipientinfo_create() */
- kari = &ri->ri.keyAgreeRecipientInfo;
- rek = kari->recipientEncryptedKeys[0];
- if (rek == NULL) {
- rv = SECFailure;
- break;
- }
-
- oiok = &(kari->originatorIdentifierOrKey);
- PORT_Assert(oiok->identifierType == SecCmsOriginatorIDOrKeyOriginatorPublicKey);
-
- /*
- * RFC 3278 3.1.1 says this AlgId must contain NULL params which is contrary to
- * any other use of the SEC_OID_EC_PUBLIC_KEY OID. So we provide one
- * explicitly instead of mucking up the login in SECOID_SetAlgorithmID().
- */
- nullItem.Data = nullData;
- nullItem.Length = 2;
- if (SECOID_SetAlgorithmID(poolp, &oiok->id.originatorPublicKey.algorithmIdentifier,
- SEC_OID_EC_PUBLIC_KEY, &nullItem) != SECSuccess) {
- rv = SECFailure;
- break;
- }
-
- /* this will generate a key pair, compute the shared secret, */
- /* derive a key and ukm for the keyEncAlg out of it, encrypt the bulk key with */
- /* the keyEncAlg, set encKey, keyEncAlg, publicKey etc. */
- rv = SecCmsUtilEncryptSymKeyECDH(poolp, cert, bulkkey,
- &rek->encKey,
- &kari->ukm,
- &kari->keyEncAlg,
- &oiok->id.originatorPublicKey.publicKey);
- /* this is a BIT STRING */
- oiok->id.originatorPublicKey.publicKey.Length <<= 3;
- break;
-
- default:
- /* other algorithms not supported yet */
- /* NOTE that we do not support any KEK algorithm */
- PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
- rv = SECFailure;
- break;
- }
-#if 0
- if (freeSpki)
- SECKEY_DestroySubjectPublicKeyInfo(freeSpki);
-#endif
-
- return rv;
-}
-
-#ifdef NDEBUG
-#define dprintf(args...)
-#else
-#define dprintf(args...) printf(args)
-#endif
-
-SecSymmetricKeyRef
-SecCmsRecipientInfoUnwrapBulkKey(SecCmsRecipientInfoRef ri, int subIndex,
- SecCertificateRef cert, SecPrivateKeyRef privkey, SECOidTag bulkalgtag)
-{
- SecSymmetricKeyRef bulkkey = NULL;
- SECAlgorithmID *encalg;
- SECOidTag encalgtag;
- CSSM_DATA_PTR enckey;
- int error;
-
- ri->cert = CERT_DupCertificate(cert);
- /* mark the recipientInfo so we can find it later */
-
- switch (ri->recipientInfoType) {
- case SecCmsRecipientInfoIDKeyTrans:
- encalg = &(ri->ri.keyTransRecipientInfo.keyEncAlg);
- encalgtag = SECOID_GetAlgorithmTag(&(ri->ri.keyTransRecipientInfo.keyEncAlg));
- enckey = &(ri->ri.keyTransRecipientInfo.encKey); /* ignore subIndex */
- switch (encalgtag) {
- case SEC_OID_PKCS1_RSA_ENCRYPTION:
- /* RSA encryption algorithm: */
- /* get the symmetric (bulk) key by unwrapping it using our private key */
- bulkkey = SecCmsUtilDecryptSymKeyRSA(privkey, enckey, bulkalgtag);
- break;
-#if 0
- case SEC_OID_NETSCAPE_SMIME_KEA:
- /* FORTEZZA key exchange algorithm */
- /* the supplemental data is in the parameters of encalg */
- bulkkey = SecCmsUtilDecryptSymKeyMISSI(privkey, enckey, encalg, bulkalgtag, ri->cmsg->pwfn_arg);
- break;
-#endif /* 0 */
- default:
- error = SEC_ERROR_UNSUPPORTED_KEYALG;
- goto loser;
- }
- break;
- case SecCmsRecipientInfoIDKeyAgree:
- encalg = &(ri->ri.keyAgreeRecipientInfo.keyEncAlg);
- encalgtag = SECOID_GetAlgorithmTag(&(ri->ri.keyAgreeRecipientInfo.keyEncAlg));
- enckey = &(ri->ri.keyAgreeRecipientInfo.recipientEncryptedKeys[subIndex]->encKey);
- switch (encalgtag) {
- case SEC_OID_X942_DIFFIE_HELMAN_KEY:
- /* Diffie-Helman key exchange */
- /* XXX not yet implemented */
- /* XXX problem: SEC_OID_X942_DIFFIE_HELMAN_KEY points to a PKCS3 mechanism! */
- /* we support ephemeral-static DH only, so if the recipientinfo */
- /* has originator stuff in it, we punt (or do we? shouldn't be that hard...) */
- /* first, we derive the KEK (a symkey!) using a Derive operation, then we get the */
- /* content encryption key using a Unwrap op */
- /* the derive operation has to generate the key using the algorithm in RFC2631 */
- error = SEC_ERROR_UNSUPPORTED_KEYALG;
- break;
- case SEC_OID_DH_SINGLE_STD_SHA1KDF:
- {
- /* ephemeral-static ECDH */
- SecCmsKeyAgreeRecipientInfo *kari = &ri->ri.keyAgreeRecipientInfo;
- SecCmsOriginatorIdentifierOrKey *oiok = &kari->originatorIdentifierOrKey;
- if(oiok->identifierType != SecCmsOriginatorIDOrKeyOriginatorPublicKey) {
- dprintf("SEC_OID_EC_PUBLIC_KEY unwrap key: bad oiok.id\n");
- goto loser;
- }
- SecCmsOriginatorPublicKey *opk = &oiok->id.originatorPublicKey;
- /* FIXME - verify opk->algorithmIdentifier here? */
- CSSM_DATA senderPubKey = opk->publicKey;
- /* Bit string, convert here */
- senderPubKey.Length = (senderPubKey.Length + 7) >> 3;
- CSSM_DATA_PTR ukm = &kari->ukm;
- bulkkey = SecCmsUtilDecryptSymKeyECDH(privkey, enckey, ukm, encalg, bulkalgtag, &senderPubKey);
- break;
- }
- default:
- error = SEC_ERROR_UNSUPPORTED_KEYALG;
- goto loser;
- }
- break;
- case SecCmsRecipientInfoIDKEK:
- encalg = &(ri->ri.kekRecipientInfo.keyEncAlg);
- encalgtag = SECOID_GetAlgorithmTag(&(ri->ri.kekRecipientInfo.keyEncAlg));
- enckey = &(ri->ri.kekRecipientInfo.encKey);
- /* not supported yet */
- error = SEC_ERROR_UNSUPPORTED_KEYALG;
- goto loser;
- break;
- }
- /* XXXX continue here */
- return bulkkey;
-
-loser:
- return NULL;
-}
projects / apple / security.git / blobdiff