| /* This Source Code Form is subject to the terms of the Mozilla Public |
| * License, v. 2.0. If a copy of the MPL was not distributed with this |
| * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| |
| /* |
| * CMS public key crypto |
| */ |
| |
| #include "cmslocal.h" |
| |
| #include "cert.h" |
| #include "keyhi.h" |
| #include "secasn1.h" |
| #include "secitem.h" |
| #include "secoid.h" |
| #include "pk11func.h" |
| #include "secerr.h" |
| |
| /* ====== RSA ======================================================================= */ |
| |
| /* |
| * NSS_CMSUtil_EncryptSymKey_RSA - wrap a symmetric key with RSA |
| * |
| * this function takes a symmetric key and encrypts it using an RSA public key |
| * according to PKCS#1 and RFC2633 (S/MIME) |
| */ |
| SECStatus |
| NSS_CMSUtil_EncryptSymKey_RSA(PLArenaPool *poolp, CERTCertificate *cert, |
| PK11SymKey *bulkkey, |
| SECItem *encKey) |
| { |
| SECStatus rv; |
| SECKEYPublicKey *publickey; |
| |
| publickey = CERT_ExtractPublicKey(cert); |
| if (publickey == NULL) |
| return SECFailure; |
| |
| rv = NSS_CMSUtil_EncryptSymKey_RSAPubKey(poolp, publickey, bulkkey, encKey); |
| SECKEY_DestroyPublicKey(publickey); |
| return rv; |
| } |
| |
| SECStatus |
| NSS_CMSUtil_EncryptSymKey_RSAPubKey(PLArenaPool *poolp, |
| SECKEYPublicKey *publickey, |
| PK11SymKey *bulkkey, SECItem *encKey) |
| { |
| SECStatus rv; |
| int data_len; |
| KeyType keyType; |
| void *mark = NULL; |
| |
| mark = PORT_ArenaMark(poolp); |
| if (!mark) |
| goto loser; |
| |
| /* sanity check */ |
| keyType = SECKEY_GetPublicKeyType(publickey); |
| PORT_Assert(keyType == rsaKey); |
| if (keyType != rsaKey) { |
| goto loser; |
| } |
| /* allocate memory for the encrypted key */ |
| data_len = SECKEY_PublicKeyStrength(publickey); /* block size (assumed to be > keylen) */ |
| encKey->data = (unsigned char *)PORT_ArenaAlloc(poolp, data_len); |
| encKey->len = data_len; |
| if (encKey->data == NULL) |
| goto loser; |
| |
| /* encrypt the key now */ |
| rv = PK11_PubWrapSymKey(PK11_AlgtagToMechanism(SEC_OID_PKCS1_RSA_ENCRYPTION), |
| publickey, bulkkey, encKey); |
| |
| if (rv != SECSuccess) |
| goto loser; |
| |
| PORT_ArenaUnmark(poolp, mark); |
| return SECSuccess; |
| |
| loser: |
| if (mark) { |
| PORT_ArenaRelease(poolp, mark); |
| } |
| return SECFailure; |
| } |
| |
| /* |
| * NSS_CMSUtil_DecryptSymKey_RSA - unwrap a RSA-wrapped symmetric key |
| * |
| * this function takes an RSA-wrapped symmetric key and unwraps it, returning a symmetric |
| * key handle. Please note that the actual unwrapped key data may not be allowed to leave |
| * a hardware token... |
| */ |
| PK11SymKey * |
| NSS_CMSUtil_DecryptSymKey_RSA(SECKEYPrivateKey *privkey, SECItem *encKey, SECOidTag bulkalgtag) |
| { |
| /* that's easy */ |
| CK_MECHANISM_TYPE target; |
| PORT_Assert(bulkalgtag != SEC_OID_UNKNOWN); |
| target = PK11_AlgtagToMechanism(bulkalgtag); |
| if (bulkalgtag == SEC_OID_UNKNOWN || target == CKM_INVALID_MECHANISM) { |
| PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); |
| return NULL; |
| } |
| return PK11_PubUnwrapSymKey(privkey, encKey, target, CKA_DECRYPT, 0); |
| } |
| |
| /* ====== ESDH (Ephemeral-Static Diffie-Hellman) ==================================== */ |
| |
| SECStatus |
| NSS_CMSUtil_EncryptSymKey_ESDH(PLArenaPool *poolp, CERTCertificate *cert, PK11SymKey *key, |
| SECItem *encKey, SECItem **ukm, SECAlgorithmID *keyEncAlg, |
| SECItem *pubKey) |
| { |
| #if 0 /* not yet done */ |
| SECOidTag certalgtag; /* the certificate's encryption algorithm */ |
| SECOidTag encalgtag; /* the algorithm used for key exchange/agreement */ |
| SECStatus rv; |
| SECItem *params = NULL; |
| int data_len; |
| SECStatus err; |
| PK11SymKey *tek; |
| CERTCertificate *ourCert; |
| SECKEYPublicKey *ourPubKey; |
| NSSCMSKEATemplateSelector whichKEA = NSSCMSKEAInvalid; |
| |
| certalgtag = SECOID_GetAlgorithmTag(&(cert->subjectPublicKeyInfo.algorithm)); |
| PORT_Assert(certalgtag == SEC_OID_X942_DIFFIE_HELMAN_KEY); |
| |
| /* We really want to show our KEA tag as the key exchange algorithm tag. */ |
| encalgtag = SEC_OID_CMS_EPHEMERAL_STATIC_DIFFIE_HELLMAN; |
| |
| /* Get the public key of the recipient. */ |
| publickey = CERT_ExtractPublicKey(cert); |
| if (publickey == NULL) goto loser; |
| |
| /* XXXX generate a DH key pair on a PKCS11 module (XXX which parameters?) */ |
| /* XXXX */ourCert = PK11_FindBestKEAMatch(cert, wincx); |
| if (ourCert == NULL) goto loser; |
| |
| arena = PORT_NewArena(1024); |
| if (arena == NULL) goto loser; |
| |
| /* While we're here, extract the key pair's public key data and copy it into */ |
| /* the outgoing parameters. */ |
| /* XXXX */ourPubKey = CERT_ExtractPublicKey(ourCert); |
| if (ourPubKey == NULL) |
| { |
| goto loser; |
| } |
| SECITEM_CopyItem(arena, pubKey, /* XXX */&(ourPubKey->u.fortezza.KEAKey)); |
| SECKEY_DestroyPublicKey(ourPubKey); /* we only need the private key from now on */ |
| ourPubKey = NULL; |
| |
| /* Extract our private key in order to derive the KEA key. */ |
| ourPrivKey = PK11_FindKeyByAnyCert(ourCert,wincx); |
| CERT_DestroyCertificate(ourCert); /* we're done with this */ |
| if (!ourPrivKey) goto loser; |
| |
| /* If ukm desired, prepare it - allocate enough space (filled with zeros). */ |
| if (ukm) { |
| ukm->data = (unsigned char*)PORT_ArenaZAlloc(arena,/* XXXX */); |
| ukm->len = /* XXXX */; |
| } |
| |
| /* Generate the KEK (key exchange key) according to RFC2631 which we use |
| * to wrap the bulk encryption key. */ |
| kek = PK11_PubDerive(ourPrivKey, publickey, PR_TRUE, |
| ukm, NULL, |
| /* XXXX */CKM_KEA_KEY_DERIVE, /* XXXX */CKM_SKIPJACK_WRAP, |
| CKA_WRAP, 0, wincx); |
| |
| SECKEY_DestroyPublicKey(publickey); |
| SECKEY_DestroyPrivateKey(ourPrivKey); |
| publickey = NULL; |
| ourPrivKey = NULL; |
| |
| if (!kek) |
| goto loser; |
| |
| /* allocate space for the encrypted CEK (bulk key) */ |
| encKey->data = (unsigned char*)PORT_ArenaAlloc(poolp, SMIME_FORTEZZA_MAX_KEY_SIZE); |
| encKey->len = SMIME_FORTEZZA_MAX_KEY_SIZE; |
| |
| if (encKey->data == NULL) |
| { |
| PK11_FreeSymKey(kek); |
| goto loser; |
| } |
| |
| |
| /* Wrap the bulk key using CMSRC2WRAP or CMS3DESWRAP, depending on the */ |
| /* bulk encryption algorithm */ |
| switch (/* XXXX */PK11_AlgtagToMechanism(enccinfo->encalg)) |
| { |
| case /* XXXX */CKM_SKIPJACK_CFB8: |
| err = PK11_WrapSymKey(/* XXXX */CKM_CMS3DES_WRAP, NULL, kek, bulkkey, encKey); |
| whichKEA = NSSCMSKEAUsesSkipjack; |
| break; |
| case /* XXXX */CKM_SKIPJACK_CFB8: |
| err = PK11_WrapSymKey(/* XXXX */CKM_CMSRC2_WRAP, NULL, kek, bulkkey, encKey); |
| whichKEA = NSSCMSKEAUsesSkipjack; |
| break; |
| default: |
| /* XXXX what do we do here? Neither RC2 nor 3DES... */ |
| err = SECFailure; |
| /* set error */ |
| break; |
| } |
| |
| PK11_FreeSymKey(kek); /* we do not need the KEK anymore */ |
| if (err != SECSuccess) |
| goto loser; |
| |
| PORT_Assert(whichKEA != NSSCMSKEAInvalid); |
| |
| /* see RFC2630 12.3.1.1 "keyEncryptionAlgorithm must be ..." */ |
| /* params is the DER encoded key wrap algorithm (with parameters!) (XXX) */ |
| params = SEC_ASN1EncodeItem(arena, NULL, &keaParams, sec_pkcs7_get_kea_template(whichKEA)); |
| if (params == NULL) |
| goto loser; |
| |
| /* now set keyEncAlg */ |
| rv = SECOID_SetAlgorithmID(poolp, keyEncAlg, SEC_OID_CMS_EPHEMERAL_STATIC_DIFFIE_HELLMAN, params); |
| if (rv != SECSuccess) |
| goto loser; |
| |
| /* XXXXXXX this is not right yet */ |
| loser: |
| if (arena) { |
| PORT_FreeArena(arena, PR_FALSE); |
| } |
| if (publickey) { |
| SECKEY_DestroyPublicKey(publickey); |
| } |
| if (ourPrivKey) { |
| SECKEY_DestroyPrivateKey(ourPrivKey); |
| } |
| #endif |
| return SECFailure; |
| } |
| |
| PK11SymKey * |
| NSS_CMSUtil_DecryptSymKey_ESDH(SECKEYPrivateKey *privkey, SECItem *encKey, |
| SECAlgorithmID *keyEncAlg, SECOidTag bulkalgtag, |
| void *pwfn_arg) |
| { |
| #if 0 /* not yet done */ |
| SECStatus err; |
| CK_MECHANISM_TYPE bulkType; |
| PK11SymKey *tek; |
| SECKEYPublicKey *originatorPubKey; |
| NSSCMSSMIMEKEAParameters keaParams; |
| |
| /* XXXX get originator's public key */ |
| originatorPubKey = PK11_MakeKEAPubKey(keaParams.originatorKEAKey.data, |
| keaParams.originatorKEAKey.len); |
| if (originatorPubKey == NULL) |
| goto loser; |
| |
| /* Generate the TEK (token exchange key) which we use to unwrap the bulk encryption key. |
| The Derive function generates a shared secret and combines it with the originatorRA |
| data to come up with an unique session key */ |
| tek = PK11_PubDerive(privkey, originatorPubKey, PR_FALSE, |
| &keaParams.originatorRA, NULL, |
| CKM_KEA_KEY_DERIVE, CKM_SKIPJACK_WRAP, |
| CKA_WRAP, 0, pwfn_arg); |
| SECKEY_DestroyPublicKey(originatorPubKey); /* not needed anymore */ |
| if (tek == NULL) |
| goto loser; |
| |
| /* Now that we have the TEK, unwrap the bulk key |
| with which to decrypt the message. */ |
| /* Skipjack is being used as the bulk encryption algorithm.*/ |
| /* Unwrap the bulk key. */ |
| bulkkey = PK11_UnwrapSymKey(tek, CKM_SKIPJACK_WRAP, NULL, |
| encKey, CKM_SKIPJACK_CBC64, CKA_DECRYPT, 0); |
| |
| return bulkkey; |
| |
| loser: |
| #endif |
| return NULL; |
| } |