--- /dev/null
+/*
+ * Copyright (c) 2003-2004,2011,2014 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * pkcs12Decode.h - P12Coder decoding engine.
+ */
+
+#include "pkcs12Coder.h"
+#include "pkcs12Templates.h"
+#include "pkcs12Utils.h"
+#include "pkcs12Debug.h"
+#include "pkcs12Crypto.h"
+#include <security_cdsa_utilities/cssmerrors.h>
+#include <security_asn1/nssUtils.h>
+
+/* top-level PKCS12 PFX decoder */
+void P12Coder::decode(
+ CFDataRef cdpfx)
+{
+ SecNssCoder localCdr;
+ NSS_P12_DecodedPFX pfx;
+
+ p12DecodeLog("decode");
+ memset(&pfx, 0, sizeof(pfx));
+ const CSSM_DATA rawBlob = {CFDataGetLength(cdpfx),
+ (uint8 *)CFDataGetBytePtr(cdpfx)};
+
+ if(localCdr.decodeItem(rawBlob, NSS_P12_DecodedPFXTemplate, &pfx)) {
+ p12ErrorLog("Error on top-level decode of NSS_P12_DecodedPFX\n");
+ P12_THROW_DECODE;
+ }
+ NSS_P7_DecodedContentInfo &dci = pfx.authSafe;
+ if(dci.type != CT_Data) {
+ /* no other types supported yet */
+ p12ErrorLog("bad top-level contentType\n");
+ P12_THROW_DECODE;
+ }
+ mIntegrityMode = kSecPkcs12ModePassword;
+
+ if(pfx.macData == NULL) {
+ /* not present is an error in kSecPkcs12ModePassword */
+ p12ErrorLog("no MAC in PFX\n");
+ P12_THROW_DECODE;
+ }
+ macParse(*pfx.macData, localCdr);
+
+ const CSSM_DATA *macPhrase = getMacPassPhrase();
+ const CSSM_KEY *macPassKey = getMacPassKey();
+ if((macPhrase == NULL) && (macPassKey == NULL)) {
+ p12ErrorLog("no passphrase set\n");
+ CssmError::throwMe(CSSMERR_CSP_MISSING_ATTR_PASSPHRASE);
+ }
+ CSSM_RETURN crtn = p12VerifyMac(pfx, mCspHand, macPhrase,
+ macPassKey, localCdr);
+ if(crtn) {
+ p12LogCssmError("p12VerifyMac", crtn);
+ CssmError::throwMe(errSecPkcs12VerifyFailure);
+ }
+
+ authSafeParse(*dci.content.data, localCdr);
+
+ /*
+ * On success, if we have a keychain, store certs and CRLs there
+ */
+ if(mKeychain != NULL) {
+ storeDecodeResults();
+ }
+}
+
+/*
+ * Decrypt the contents of a NSS_P7_EncryptedData
+ */
+void P12Coder::encryptedDataDecrypt(
+ const NSS_P7_EncryptedData &edata,
+ SecNssCoder &localCdr,
+ NSS_P12_PBE_Params *pbep, // preparsed
+ CSSM_DATA &ptext) // result goes here in localCdr space
+{
+ p12DecodeLog("encryptedDataDecrypt");
+
+ /* see if we can grok the encr alg */
+ CSSM_ALGORITHMS keyAlg; // e.g., CSSM_ALGID_DES
+ CSSM_ALGORITHMS encrAlg; // e.g., CSSM_ALGID_3DES_3KEY_EDE
+ CSSM_ALGORITHMS pbeHashAlg; // SHA1 or MD5
+ uint32 keySizeInBits;
+ uint32 blockSizeInBytes; // for IV, optional
+ CSSM_PADDING padding; // CSSM_PADDING_PKCS7, etc.
+ CSSM_ENCRYPT_MODE mode; // CSSM_ALGMODE_CBCPadIV8, etc.
+ PKCS_Which pkcs;
+
+ bool found = pkcsOidToParams(&edata.contentInfo.encrAlg.algorithm,
+ keyAlg, encrAlg, pbeHashAlg, keySizeInBits, blockSizeInBytes,
+ padding, mode, pkcs);
+ if(!found || (pkcs != PW_PKCS12)) {
+ p12ErrorLog("EncryptedData encrAlg not understood\n");
+ CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
+ }
+
+ uint32 iterCount;
+ if(!p12DataToInt(pbep->iterations, iterCount)) {
+ p12ErrorLog("encryptedDataDecrypt: badly formed iterCount\n");
+ P12_THROW_DECODE;
+ }
+ const CSSM_DATA *pwd = getEncrPassPhrase();
+ const CSSM_KEY *passKey = getEncrPassKey();
+ if((pwd == NULL) && (passKey == NULL)) {
+ p12ErrorLog("no passphrase set\n");
+ CssmError::throwMe(CSSMERR_CSP_MISSING_ATTR_PASSPHRASE);
+ }
+
+ /* go */
+ CSSM_RETURN crtn = p12Decrypt(mCspHand,
+ edata.contentInfo.encrContent,
+ keyAlg, encrAlg, pbeHashAlg,
+ keySizeInBits, blockSizeInBytes,
+ padding, mode,
+ iterCount, pbep->salt,
+ pwd,
+ passKey,
+ localCdr,
+ ptext);
+ if(crtn) {
+ CssmError::throwMe(crtn);
+ }
+}
+
+
+/*
+ * Parse an CSSM_X509_ALGORITHM_IDENTIFIER specific to P12.
+ * Decode the alg params as a NSS_P12_PBE_Params and parse and
+ * return the result if the pbeParams is non-NULL.
+ */
+void P12Coder::algIdParse(
+ const CSSM_X509_ALGORITHM_IDENTIFIER &algId,
+ NSS_P12_PBE_Params *pbeParams, // optional
+ SecNssCoder &localCdr)
+{
+ p12DecodeLog("algIdParse");
+
+ const CSSM_DATA ¶m = algId.parameters;
+ if(pbeParams == NULL) {
+ /* alg params are uninterpreted */
+ return;
+ }
+
+ if(param.Length == 0) {
+ p12ErrorLog("algIdParse: no alg parameters\n");
+ P12_THROW_DECODE;
+ }
+
+ memset(pbeParams, 0, sizeof(*pbeParams));
+ if(localCdr.decodeItem(param,
+ NSS_P12_PBE_ParamsTemplate, pbeParams)) {
+ p12ErrorLog("Error decoding NSS_P12_PBE_Params\n");
+ P12_THROW_DECODE;
+ }
+}
+
+/*
+ * Parse a NSS_P7_EncryptedData - specifically in the context
+ * of a P12 in password privacy mode. (The latter assumption is
+ * to enable us to infer CSSM_X509_ALGORITHM_IDENTIFIER.parameters
+ * format).
+ */
+void P12Coder::encryptedDataParse(
+ const NSS_P7_EncryptedData &edata,
+ SecNssCoder &localCdr,
+ NSS_P12_PBE_Params *pbep) // optional, RETURNED
+{
+ p12DecodeLog("encryptedDataParse");
+
+ /*
+ * Parse the alg ID, save PBE params for when we do the decrypt
+ * key unwrap
+ */
+ const NSS_P7_EncrContentInfo &ci = edata.contentInfo;
+ const CSSM_X509_ALGORITHM_IDENTIFIER &algId = ci.encrAlg;
+ algIdParse(algId, pbep, localCdr);
+}
+
+/*
+ * ShroudedKeyBag parser w/decrypt
+ */
+void P12Coder::shroudedKeyBagParse(
+ const NSS_P12_SafeBag &safeBag,
+ SecNssCoder &localCdr)
+{
+ p12DecodeLog("Found shrouded key bag");
+ if(mPrivKeyImportState == PKIS_NoMore) {
+ CssmError::throwMe(errSecMultiplePrivKeys);
+ }
+
+ const NSS_P12_ShroudedKeyBag *keyBag = safeBag.bagValue.shroudedKeyBag;
+ const CSSM_X509_ALGORITHM_IDENTIFIER &algId = keyBag->algorithm;
+ NSS_P12_PBE_Params pbep;
+ algIdParse(algId, &pbep, localCdr);
+
+ /*
+ * Prepare for decryption
+ */
+ CSSM_ALGORITHMS keyAlg; // e.g., CSSM_ALGID_DES
+ CSSM_ALGORITHMS encrAlg; // e.g., CSSM_ALGID_3DES_3KEY_EDE
+ CSSM_ALGORITHMS pbeHashAlg; // SHA1 or MD5
+ uint32 keySizeInBits;
+ uint32 blockSizeInBytes; // for IV, optional
+ CSSM_PADDING padding; // CSSM_PADDING_PKCS7, etc.
+ CSSM_ENCRYPT_MODE mode; // CSSM_ALGMODE_CBCPadIV8, etc.
+ PKCS_Which pkcs;
+
+ bool found = pkcsOidToParams(&algId.algorithm,
+ keyAlg, encrAlg, pbeHashAlg, keySizeInBits, blockSizeInBytes,
+ padding, mode, pkcs);
+ if(!found || (pkcs != PW_PKCS12)) {
+ p12ErrorLog("ShroudedKeyBag encrAlg not understood\n");
+ CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
+ }
+
+ uint32 iterCount;
+ if(!p12DataToInt(pbep.iterations, iterCount)) {
+ p12ErrorLog("ShroudedKeyBag: badly formed iterCount\n");
+ P12_THROW_DECODE;
+ }
+ const CSSM_DATA *encrPhrase = getEncrPassPhrase();
+ const CSSM_KEY *passKey = getEncrPassKey();
+ if((encrPhrase == NULL) && (passKey == NULL)) {
+ p12ErrorLog("no passphrase set\n");
+ CssmError::throwMe(CSSMERR_CSP_MISSING_ATTR_PASSPHRASE);
+ }
+
+ /* We'll own the actual CSSM_KEY memory */
+ CSSM_KEY_PTR privKey = (CSSM_KEY_PTR)mCoder.malloc(sizeof(CSSM_KEY));
+ memset(privKey, 0, sizeof(CSSM_KEY));
+
+ CSSM_DATA labelData;
+ p12GenLabel(labelData, localCdr);
+
+ CSSM_RETURN crtn = p12UnwrapKey(mCspHand,
+ mDlDbHand.DLHandle ? &mDlDbHand : NULL,
+ mImportFlags & kSecImportKeys,
+ keyBag->encryptedData,
+ keyAlg, encrAlg, pbeHashAlg,
+ keySizeInBits, blockSizeInBytes,
+ padding, mode,
+ iterCount, pbep.salt,
+ encrPhrase,
+ passKey,
+ localCdr,
+ labelData,
+ mAccess,
+ mNoAcl,
+ mKeyUsage,
+ mKeyAttrs,
+ privKey);
+ if(crtn) {
+ p12ErrorLog("Error unwrapping private key\n");
+ CssmError::throwMe(crtn);
+ }
+ p12DecodeLog("unwrapped shrouded key bag");
+
+ P12KeyBag *p12bag = new P12KeyBag(privKey, mCspHand,
+ safeBag.bagAttrs, labelData, mCoder);
+ addKey(p12bag);
+
+ if(mPrivKeyImportState == PKIS_AllowOne) {
+ mPrivKeyImportState = PKIS_NoMore;
+ }
+}
+
+/*
+ * (unshrouded) KeyBag parser
+ */
+void P12Coder::keyBagParse(
+ const NSS_P12_SafeBag &safeBag,
+ SecNssCoder &localCdr)
+{
+ if(mPrivKeyImportState == PKIS_NoMore) {
+ CssmError::throwMe(errSecMultiplePrivKeys);
+ }
+
+ /* FIXME - should be able to parse and handle this.... */
+ p12DecodeLog("found keyBag");
+ NSS_P12_KeyBag *keyBag = safeBag.bagValue.keyBag;
+ P12OpaqueBag *p12Bag = new P12OpaqueBag(safeBag.bagId,
+ /* this breaks when NSS_P12_KeyBag is not a CSSM_DATA */
+ *keyBag,
+ safeBag.bagAttrs,
+ mCoder);
+ addOpaque(p12Bag);
+}
+
+/*
+ * CertBag parser
+ */
+void P12Coder::certBagParse(
+ const NSS_P12_SafeBag &safeBag,
+ SecNssCoder &localCdr)
+{
+ p12DecodeLog("found certBag");
+ NSS_P12_CertBag *certBag = safeBag.bagValue.certBag;
+ switch(certBag->type) {
+ case CT_X509:
+ case CT_SDSI:
+ break;
+ default:
+ p12ErrorLog("certBagParse: unknown cert type\n");
+ P12_THROW_DECODE;
+ }
+ P12CertBag *p12Bag = new P12CertBag(certBag->type,
+ certBag->certValue,
+ safeBag.bagAttrs,
+ mCoder);
+ addCert(p12Bag);
+}
+
+/*
+ * CrlBag parser
+ */
+void P12Coder::crlBagParse(
+ const NSS_P12_SafeBag &safeBag,
+ SecNssCoder &localCdr)
+{
+ p12DecodeLog("found crlBag");
+ NSS_P12_CrlBag *crlBag = safeBag.bagValue.crlBag;
+ switch(crlBag->type) {
+ case CRT_X509:
+ break;
+ default:
+ p12ErrorLog("crlBagParse: unknown CRL type\n");
+ P12_THROW_DECODE;
+ }
+ P12CrlBag *p12Bag = new P12CrlBag(crlBag->type,
+ crlBag->crlValue,
+ safeBag.bagAttrs,
+ mCoder);
+ addCrl(p12Bag);
+}
+
+/*
+ * SecretBag parser
+ */
+void P12Coder::secretBagParse(
+ const NSS_P12_SafeBag &safeBag,
+ SecNssCoder &localCdr)
+{
+ p12DecodeLog("found secretBag");
+ NSS_P12_SecretBag *secretBag = safeBag.bagValue.secretBag;
+ P12OpaqueBag *p12Bag = new P12OpaqueBag(safeBag.bagId,
+ /* this breaks when NSS_P12_SecretBag is not a CSSM_DATA */
+ *secretBag,
+ safeBag.bagAttrs,
+ mCoder);
+ addOpaque(p12Bag);
+}
+
+/*
+ * SafeContentsBag parser
+ */
+void P12Coder::safeContentsBagParse(
+ const NSS_P12_SafeBag &safeBag,
+ SecNssCoder &localCdr)
+{
+ p12DecodeLog("found SafeContents safe bag");
+ NSS_P12_SafeContentsBag *scBag = safeBag.bagValue.safeContentsBag;
+ P12OpaqueBag *p12Bag = new P12OpaqueBag(safeBag.bagId,
+ /* this breaks when NSS_P12_SafeContentsBag is not a CSSM_DATA */
+ *scBag,
+ safeBag.bagAttrs,
+ mCoder);
+ addOpaque(p12Bag);
+}
+
+/*
+ * Parse an encoded NSS_P12_SafeContents. This could be either
+ * present as plaintext in an AuthSafe or decrypted.
+ */
+void P12Coder::safeContentsParse(
+ const CSSM_DATA &contentsBlob,
+ SecNssCoder &localCdr)
+{
+ p12DecodeLog("safeContentsParse");
+
+ NSS_P12_SafeContents sc;
+ memset(&sc, 0, sizeof(sc));
+ if(localCdr.decodeItem(contentsBlob, NSS_P12_SafeContentsTemplate,
+ &sc)) {
+ p12ErrorLog("Error decoding SafeContents\n");
+ P12_THROW_DECODE;
+ }
+ unsigned numBags = nssArraySize((const void **)sc.bags);
+ for(unsigned dex=0; dex<numBags; dex++) {
+ NSS_P12_SafeBag *bag = sc.bags[dex];
+ assert(bag != NULL);
+
+ /* ensure that *something* is there */
+ if(bag->bagValue.keyBag == NULL) {
+ p12ErrorLog("safeContentsParse: Empty SafeBag\n");
+ P12_THROW_DECODE;
+ }
+
+ /*
+ * Break out to individual bag type
+ */
+ switch(bag->type) {
+ case BT_KeyBag:
+ keyBagParse(*bag, localCdr);
+ break;
+ case BT_ShroudedKeyBag:
+ shroudedKeyBagParse(*bag, localCdr);
+ break;
+ case BT_CertBag:
+ certBagParse(*bag, localCdr);
+ break;
+ case BT_CrlBag:
+ crlBagParse(*bag, localCdr);
+ break;
+ case BT_SecretBag:
+ secretBagParse(*bag ,localCdr);
+ break;
+ case BT_SafeContentsBag:
+ safeContentsBagParse(*bag, localCdr);
+ break;
+ default:
+ p12ErrorLog("unknown p12 BagType (%u)\n",
+ (unsigned)bag->type);
+ P12_THROW_DECODE;
+ }
+ }
+}
+
+/*
+ * Parse a ContentInfo in the context of (i.e., as an element of)
+ * an AuthenticatedSafe.
+ */
+void P12Coder::authSafeElementParse(
+ const NSS_P7_DecodedContentInfo *info,
+ SecNssCoder &localCdr)
+{
+ p12DecodeLog("authSafeElementParse");
+ switch(info->type) {
+ case CT_Data:
+ /* unencrypted SafeContents */
+ safeContentsParse(*info->content.data, localCdr);
+ break;
+
+ case CT_EncryptedData:
+ {
+ NSS_P12_PBE_Params pbep;
+ encryptedDataParse(*info->content.encryptData, localCdr, &pbep);
+
+ /*
+ * Decrypt contents to get a SafeContents and
+ * then parse that.
+ */
+ CSSM_DATA ptext = {0, NULL};
+ encryptedDataDecrypt(*info->content.encryptData,
+ localCdr, &pbep, ptext);
+ safeContentsParse(ptext, localCdr);
+ break;
+ }
+ default:
+ p12ErrorLog("authSafeElementParse: unknown sage type (%u)\n",
+ (unsigned)info->type);
+
+ /* well, save it as an opaque bag for now */
+ P12OpaqueBag *opaque = new P12OpaqueBag(
+ info->contentType, *info->content.data,
+ NULL, // no attrs
+ localCdr);
+ addOpaque(opaque);
+ break;
+ }
+}
+
+/*
+ * Parse an encoded NSS_P12_AuthenticatedSafe
+ */
+void P12Coder::authSafeParse(
+ const CSSM_DATA &authSafeBlob,
+ SecNssCoder &localCdr)
+{
+ p12DecodeLog("authSafeParse");
+
+ NSS_P12_AuthenticatedSafe authSafe;
+
+ memset(&authSafe, 0, sizeof(authSafe));
+ if(localCdr.decodeItem(authSafeBlob,
+ NSS_P12_AuthenticatedSafeTemplate,
+ &authSafe)) {
+ p12ErrorLog("Error decoding authSafe\n");
+ P12_THROW_DECODE;
+ }
+ unsigned numInfos = nssArraySize((const void **)authSafe.info);
+ for(unsigned dex=0; dex<numInfos; dex++) {
+ NSS_P7_DecodedContentInfo *info = authSafe.info[dex];
+ authSafeElementParse(info, localCdr);
+ }
+}
+
+void P12Coder::macParse(
+ const NSS_P12_MacData &macData,
+ SecNssCoder &localCdr)
+{
+ p12DecodeLog("macParse");
+ algIdParse(macData.mac.digestAlgorithm, NULL, localCdr);
+ const CSSM_DATA &iter = macData.iterations;
+ if(iter.Length > 4) {
+ p12ErrorLog("malformed iteration length (%u)\n",
+ (unsigned)iter.Length);
+ P12_THROW_DECODE;
+ }
+}
+
projects / apple / security.git / blobdiff