p7encode.c

来自「支持SSL v2/v3, TLS, PKCS #5, PKCS #7, PKCS」· C语言 代码 · 共 1,330 行 · 第 1/3 页

/*
 * The contents of this file are subject to the Mozilla Public
 * License Version 1.1 (the "License"); you may not use this file
 * except in compliance with the License. You may obtain a copy of
 * the License at http://www.mozilla.org/MPL/
 * 
 * Software distributed under the License is distributed on an "AS
 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
 * implied. See the License for the specific language governing
 * rights and limitations under the License.
 * 
 * The Original Code is the Netscape security libraries.
 * 
 * The Initial Developer of the Original Code is Netscape
 * Communications Corporation.  Portions created by Netscape are 
 * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
 * Rights Reserved.
 * 
 * Contributor(s):
 * 
 * Alternatively, the contents of this file may be used under the
 * terms of the GNU General Public License Version 2 or later (the
 * "GPL"), in which case the provisions of the GPL are applicable 
 * instead of those above.  If you wish to allow use of your 
 * version of this file only under the terms of the GPL and not to
 * allow others to use your version of this file under the MPL,
 * indicate your decision by deleting the provisions above and
 * replace them with the notice and other provisions required by
 * the GPL.  If you do not delete the provisions above, a recipient
 * may use your version of this file under either the MPL or the
 * GPL.
 */

/*
 * PKCS7 encoding.
 *
 * $Id: p7encode.c,v 1.1 2000/03/31 19:16:06 relyea%netscape.com Exp $
 */

#include "p7local.h"

#include "cert.h"
#include "cryptohi.h"
#include "keyhi.h"
#include "secasn1.h"
#include "secoid.h"
#include "secitem.h"
#include "pk11func.h"
#include "secerr.h"

struct sec_pkcs7_encoder_output {
    SEC_PKCS7EncoderOutputCallback outputfn;
    void *outputarg;
};

struct SEC_PKCS7EncoderContextStr {
    SEC_ASN1EncoderContext *ecx;
    SEC_PKCS7ContentInfo *cinfo;
    struct sec_pkcs7_encoder_output output;
    sec_PKCS7CipherObject *encryptobj;
    SECHashObject *digestobj;
    void *digestcx;
};


/*
 * The little output function that the ASN.1 encoder calls to hand
 * us bytes which we in turn hand back to our caller (via the callback
 * they gave us).
 */
static void
sec_pkcs7_encoder_out(void *arg, const char *buf, unsigned long len,
		      int depth, SEC_ASN1EncodingPart data_kind)
{
    struct sec_pkcs7_encoder_output *output;

    output = (struct sec_pkcs7_encoder_output*)arg;
    output->outputfn (output->outputarg, buf, len);
}

static sec_PKCS7CipherObject *
sec_pkcs7_encoder_start_encrypt (SEC_PKCS7ContentInfo *cinfo,
						 PK11SymKey *orig_bulkkey)
{
    SECOidTag kind;
    sec_PKCS7CipherObject *encryptobj;
    SEC_PKCS7RecipientInfo **recipientinfos, *ri;
    SEC_PKCS7EncryptedContentInfo *enccinfo;
    SEC_PKCS7SMIMEKEAParameters   keaParams;
    SECKEYPublicKey *publickey = NULL;
    SECKEYPrivateKey *ourPrivKey = NULL;
    PK11SymKey  *bulkkey;
    void *mark, *wincx;
    int i;
    PRArenaPool *arena = NULL;
    unsigned char zero = 0;

    /* Get the context in case we need it below. */
    wincx = cinfo->pwfn_arg;

    /* Clear keaParams, since cleanup code checks the lengths */
    (void) memset(&keaParams, 0, sizeof(keaParams));

    kind = SEC_PKCS7ContentType (cinfo);
    switch (kind) {
      default:
      case SEC_OID_PKCS7_DATA:
      case SEC_OID_PKCS7_DIGESTED_DATA:
      case SEC_OID_PKCS7_SIGNED_DATA:
	recipientinfos = NULL;
	enccinfo = NULL;
	break;
      case SEC_OID_PKCS7_ENCRYPTED_DATA:
	{
	    SEC_PKCS7EncryptedData *encdp;

	    /* To do EncryptedData we *must* be given a bulk key. */
	    PORT_Assert (orig_bulkkey != NULL);
	    if (orig_bulkkey == NULL) {
		/* XXX error? */
		return NULL;
	    }

	    encdp = cinfo->content.encryptedData;
	    recipientinfos = NULL;
	    enccinfo = &(encdp->encContentInfo);
	}
	break;
      case SEC_OID_PKCS7_ENVELOPED_DATA:
	{
	    SEC_PKCS7EnvelopedData *envdp;

	    envdp = cinfo->content.envelopedData;
	    recipientinfos = envdp->recipientInfos;
	    enccinfo = &(envdp->encContentInfo);
	}
	break;
      case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA:
	{
	    SEC_PKCS7SignedAndEnvelopedData *saedp;

	    saedp = cinfo->content.signedAndEnvelopedData;
	    recipientinfos = saedp->recipientInfos;
	    enccinfo = &(saedp->encContentInfo);
	}
	break;
    }

    if (enccinfo == NULL)
	return NULL;

    bulkkey = orig_bulkkey;
    if (bulkkey == NULL) {
	CK_MECHANISM_TYPE type = PK11_AlgtagToMechanism(enccinfo->encalg);
	PK11SlotInfo *slot;


	slot = PK11_GetBestSlot(type,cinfo->pwfn_arg);
	if (slot == NULL) {
	    return NULL;
	}
	bulkkey = PK11_KeyGen(slot,type,NULL, enccinfo->keysize/8,
			      cinfo->pwfn_arg);
	PK11_FreeSlot(slot);
	if (bulkkey == NULL) {
	    return NULL;
	}
    }

    encryptobj = NULL;
    mark = PORT_ArenaMark (cinfo->poolp);

    /*
     * Encrypt the bulk key with the public key of each recipient.
     */
    for (i = 0; recipientinfos && (ri = recipientinfos[i]) != NULL; i++) {
	CERTCertificate *cert;
	SECOidTag certalgtag, encalgtag;
	SECStatus rv;
	int data_len;
	SECItem *params = NULL;

	cert = ri->cert;
	PORT_Assert (cert != NULL);
	if (cert == NULL)
	    continue;

	/*
	 * XXX Want an interface that takes a cert and some data and
	 * fills in an algorithmID and encrypts the data with the public
	 * key from the cert.  Or, give me two interfaces -- one which
	 * gets the algorithm tag from a cert (I should not have to go
	 * down into the subjectPublicKeyInfo myself) and another which
	 * takes a public key and algorithm tag and data and encrypts
	 * the data.  Or something like that.  The point is that all
	 * of the following hardwired RSA and KEA stuff should be done
	 * elsewhere.
	 */

	certalgtag=SECOID_GetAlgorithmTag(&(cert->subjectPublicKeyInfo.algorithm));

	switch (certalgtag) {
	case SEC_OID_PKCS1_RSA_ENCRYPTION:
	    encalgtag = certalgtag;
	    publickey = CERT_ExtractPublicKey (cert);
	    if (publickey == NULL) goto loser;
		
	    data_len = SECKEY_PublicKeyStrength(publickey);
	    ri->encKey.data = 
	        (unsigned char*)PORT_ArenaAlloc(cinfo->poolp ,data_len);
	    ri->encKey.len = data_len;
	    if (ri->encKey.data == NULL) goto loser;

	    rv = PK11_PubWrapSymKey(PK11_AlgtagToMechanism(certalgtag),publickey,
				bulkkey,&ri->encKey);

	    SECKEY_DestroyPublicKey(publickey);
	    publickey = NULL;
	    if (rv != SECSuccess) goto loser;
	    params = NULL; /* paranoia */
	    break;
	/* ### mwelch -- KEA */ 
      case SEC_OID_MISSI_KEA_DSS_OLD:
      case SEC_OID_MISSI_KEA_DSS:
      case SEC_OID_MISSI_KEA:
	    {
#define SMIME_FORTEZZA_RA_LENGTH 128
#define SMIME_FORTEZZA_IV_LENGTH 24
#define SMIME_FORTEZZA_MAX_KEY_SIZE 256
		SECStatus err;
		PK11SymKey *tek;
		CERTCertificate *ourCert;
		SECKEYPublicKey *ourPubKey;
		SECKEATemplateSelector whichKEA;

		/* We really want to show our KEA tag as the
		   key exchange algorithm tag. */
		encalgtag = SEC_OID_NETSCAPE_SMIME_KEA;

		/* Get the public key of the recipient. */
		publickey = CERT_ExtractPublicKey(cert);
		if (publickey == NULL) goto loser;

		/* Find our own cert, and extract its keys. */
		ourCert = PK11_FindBestKEAMatch(cert,wincx);
		if (ourCert == NULL) goto loser;

		arena = PORT_NewArena(1024);
		if (arena == NULL) goto loser;

		ourPubKey = CERT_ExtractPublicKey(ourCert);
		if (ourPubKey == NULL)
		{
		    CERT_DestroyCertificate(ourCert);
		    goto loser;
		}

		/* While we're here, copy the public key into the outgoing
		 * KEA parameters. */
		SECITEM_CopyItem(arena, &(keaParams.originatorKEAKey),
				 &(ourPubKey->u.fortezza.KEAKey));
		SECKEY_DestroyPublicKey(ourPubKey);
		ourPubKey = NULL;

		/* Extract our private key in order to derive the 
		 * KEA key. */
		ourPrivKey = PK11_FindKeyByAnyCert(ourCert,wincx);
		CERT_DestroyCertificate(ourCert); /* we're done with this */
		if (!ourPrivKey) goto loser;

		/* Prepare raItem with 128 bytes (filled with zeros). */
		keaParams.originatorRA.data = 
		  (unsigned char*)PORT_ArenaAlloc(arena,SMIME_FORTEZZA_RA_LENGTH);
		keaParams.originatorRA.len = SMIME_FORTEZZA_RA_LENGTH;


		/* Generate the TEK (token exchange key) which we use
		 * to wrap the bulk encryption key. (raItem) will be
		 * filled with a random seed which we need to send to
		 * the recipient. */
		tek = PK11_PubDerive(ourPrivKey, publickey, PR_TRUE,
				     &keaParams.originatorRA, NULL,
				     CKM_KEA_KEY_DERIVE, CKM_SKIPJACK_WRAP,
				     CKA_WRAP, 0, wincx);

		    SECKEY_DestroyPublicKey(publickey);
		    SECKEY_DestroyPrivateKey(ourPrivKey);
		    publickey = NULL;
		    ourPrivKey = NULL;
		
		if (!tek)
		    goto loser;

		ri->encKey.data = (unsigned char*)PORT_ArenaAlloc(cinfo->poolp,
						  SMIME_FORTEZZA_MAX_KEY_SIZE);
		ri->encKey.len = SMIME_FORTEZZA_MAX_KEY_SIZE;

		if (ri->encKey.data == NULL)
		{
		    PK11_FreeSymKey(tek);
		    goto loser;
		}

		/* Wrap the bulk key. What we do with the resulting data
		   depends on whether we're using Skipjack to wrap the key. */
		switch(PK11_AlgtagToMechanism(enccinfo->encalg))
		{
		case CKM_SKIPJACK_CBC64:
		case CKM_SKIPJACK_ECB64:
		case CKM_SKIPJACK_OFB64:
		case CKM_SKIPJACK_CFB64:
		case CKM_SKIPJACK_CFB32:
		case CKM_SKIPJACK_CFB16:
		case CKM_SKIPJACK_CFB8:
		    /* do SKIPJACK, we use the wrap mechanism */
		    err = PK11_WrapSymKey(CKM_SKIPJACK_WRAP, NULL, 
				      tek, bulkkey, &ri->encKey);
		    whichKEA = SECKEAUsesSkipjack;
		    break;
		default:
		    /* Not SKIPJACK, we encrypt the raw key data */
		    keaParams.nonSkipjackIV .data = 
		      (unsigned char*)PORT_ArenaAlloc(arena,
						     SMIME_FORTEZZA_IV_LENGTH);
		    keaParams.nonSkipjackIV.len = SMIME_FORTEZZA_IV_LENGTH;
		    err = PK11_WrapSymKey(CKM_SKIPJACK_CBC64,
					  &keaParams.nonSkipjackIV, 
				          tek, bulkkey, &ri->encKey);
		    if (err != SECSuccess)
			goto loser;

		    if (ri->encKey.len != PK11_GetKeyLength(bulkkey))
		    {
			/* The size of the encrypted key is not the same as
			   that of the original bulk key, presumably due to
			   padding. Encode and store the real size of the
			   bulk key. */
			if (SEC_ASN1EncodeInteger(arena, 
						  &keaParams.bulkKeySize,
						  PK11_GetKeyLength(bulkkey))
			    == NULL)
			    err = (SECStatus)PORT_GetError();
			else
			    /* use full template for encoding */
			    whichKEA = SECKEAUsesNonSkipjackWithPaddedEncKey;
		    }
		    else
			/* enc key length == bulk key length */
			whichKEA = SECKEAUsesNonSkipjack; 
		    break;
		}

		PK11_FreeSymKey(tek);
		if (err != SECSuccess)
		    goto loser;

		/* Encode the KEA parameters into the recipient info. */
		params = SEC_ASN1EncodeItem(arena,NULL, &keaParams, 
				      sec_pkcs7_get_kea_template(whichKEA));
		if (params == NULL) goto loser;
		break;
	    }
	default:
	    PORT_SetError (SEC_ERROR_INVALID_ALGORITHM);
	    goto loser;
	}

	rv = SECOID_SetAlgorithmID(cinfo->poolp, &ri->keyEncAlg, encalgtag, 
			params);
	if (rv != SECSuccess)
	    goto loser;
	if (arena) PORT_FreeArena(arena,PR_FALSE);
	arena = NULL;
    }

    encryptobj = sec_PKCS7CreateEncryptObject (cinfo->poolp, bulkkey,
					       enccinfo->encalg,
					       &(enccinfo->contentEncAlg));
    if (encryptobj != NULL) {
	PORT_ArenaUnmark (cinfo->poolp, mark);
	mark = NULL;		/* good one; do not want to release */
    }
    /* fallthru */

loser:
    if (arena) {
	PORT_FreeArena(arena, PR_FALSE);
    }
    if (publickey) {
        SECKEY_DestroyPublicKey(publickey);
    }
    if (ourPrivKey) {
        SECKEY_DestroyPrivateKey(ourPrivKey);
    }
    if (mark != NULL) {
	PORT_ArenaRelease (cinfo->poolp, mark);
    }
    if (orig_bulkkey == NULL) {
	if (bulkkey) PK11_FreeSymKey(bulkkey);
    }

    return encryptobj;
}


static void
sec_pkcs7_encoder_notify (void *arg, PRBool before, void *dest, int depth)
{
    SEC_PKCS7EncoderContext *p7ecx;
    SEC_PKCS7ContentInfo *cinfo;
    SECOidTag kind;
    PRBool before_content;

    /*
     * We want to notice just before the content field.  After fields are
     * not interesting to us.
     */
    if (!before)
	return;

    p7ecx = (SEC_PKCS7EncoderContext*)arg;
    cinfo = p7ecx->cinfo;

    before_content = PR_FALSE;

    /*
     * Watch for the content field, at which point we want to instruct
     * the ASN.1 encoder to start taking bytes from the buffer.
     *
     * XXX The following assumes the inner content type is data;
     * if/when we want to handle fully nested types, this will have
     * to recurse until reaching the innermost data content.
     */
    kind = SEC_PKCS7ContentType (cinfo);
    switch (kind) {
      default:
      case SEC_OID_PKCS7_DATA:
	if (dest == &(cinfo->content.data))
	    before_content = PR_TRUE;
	break;

      case SEC_OID_PKCS7_DIGESTED_DATA:
	{
	    SEC_PKCS7DigestedData *digd;