swfparse.c

来自「支持SSL v2/v3, TLS, PKCS #5, PKCS #7, PKCS」· C语言 代码 · 共 539 行 · 第 1/2 页

/*
 * The contents of this file are subject to the Mozilla Public
 * License Version 1.1 (the "License"); you may not use this file
 * except in compliance with the License. You may obtain a copy of
 * the License at http://www.mozilla.org/MPL/
 * 
 * Software distributed under the License is distributed on an "AS
 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
 * implied. See the License for the specific language governing
 * rights and limitations under the License.
 * 
 * The Original Code is the Netscape security libraries.
 * 
 * The Initial Developer of the Original Code is Netscape
 * Communications Corporation.  Portions created by Netscape are 
 * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
 * Rights Reserved.
 * 
 * Contributor(s):
 * 
 * Alternatively, the contents of this file may be used under the
 * terms of the GNU General Public License Version 2 or later (the
 * "GPL"), in which case the provisions of the GPL are applicable 
 * instead of those above.  If you wish to allow use of your 
 * version of this file only under the terms of the GPL and not to
 * allow others to use your version of this file under the MPL,
 * indicate your decision by deleting the provisions above and
 * replace them with the notice and other provisions required by
 * the GPL.  If you do not delete the provisions above, a recipient
 * may use your version of this file under either the MPL or the
 * GPL.
 */
/*
 * The following program decodes the FORTEZZA Init File, and stores the result
 * into the fortezza directory.
 */
#include "secasn1.h"
#include "swforti.h"
#include "blapi.h"
#include "secoid.h"
#include "secitem.h"
#include "secder.h"


/*
 * templates for parsing the FORTEZZA Init File. These were taken from DER
 * definitions on SWF Initialization File Format Version 1.0 pp1-3.
 */

/* Key info structure... There are up to two of these per slot entry  */
static const SEC_ASN1Template fortKeyInfoTemplate[] = {
    { SEC_ASN1_SEQUENCE,
          0, NULL, sizeof(fortKeyInformation) },
    { SEC_ASN1_INTEGER,
          offsetof(fortKeyInformation,keyFlags) },
    { SEC_ASN1_OCTET_STRING,
          offsetof(fortKeyInformation,privateKeyWrappedWithKs) },
    { SEC_ASN1_ANY ,
          offsetof(fortKeyInformation, derPublicKey) },
    { SEC_ASN1_OCTET_STRING, offsetof(fortKeyInformation,p) },
    { SEC_ASN1_OCTET_STRING, offsetof(fortKeyInformation,g) },
    { SEC_ASN1_OCTET_STRING, offsetof(fortKeyInformation,q) },
    { 0 }
}; 

/* This is data that has been wrapped by Ks */
static const SEC_ASN1Template fortProtDataTemplate[] = {
    { SEC_ASN1_SEQUENCE,
          0, NULL, sizeof(fortProtectedData) },
    { SEC_ASN1_INTEGER,
          offsetof(fortProtectedData,length) },
    { SEC_ASN1_OCTET_STRING,
          offsetof(fortProtectedData,dataIV) },
    { SEC_ASN1_OCTET_STRING,
          offsetof(fortProtectedData,dataEncryptedWithKs) },
    { 0 }
};

/* DER to describe each Certificate Slot ... there are an arbitrary number */
static const SEC_ASN1Template fortSlotEntryTemplate[] = {
    { SEC_ASN1_SEQUENCE,
          0, NULL, sizeof(fortSlotEntry) },
    { SEC_ASN1_BOOLEAN,
          offsetof(fortSlotEntry,trusted) },
    { SEC_ASN1_INTEGER,
          offsetof(fortSlotEntry,certificateIndex) },
    { SEC_ASN1_INLINE,
          offsetof(fortSlotEntry,certificateLabel), fortProtDataTemplate },
    { SEC_ASN1_INLINE,
          offsetof(fortSlotEntry,certificateData), fortProtDataTemplate },
    { SEC_ASN1_POINTER | SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC |  
				SEC_ASN1_CONSTRUCTED | 0,
          offsetof(fortSlotEntry, exchangeKeyInformation),
						 fortKeyInfoTemplate },
    { SEC_ASN1_POINTER | SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | 
				SEC_ASN1_CONSTRUCTED | 1,
          offsetof(fortSlotEntry, signatureKeyInformation), 
						 fortKeyInfoTemplate },
    { 0 }
};

/* This data is used to check MemPhrases, and to generate Ks
 * each file has two mem phrases, one for SSO, one for User */
static const SEC_ASN1Template fortProtectedMemPhrase[]  = {
    { SEC_ASN1_SEQUENCE,
          0, NULL, sizeof(fortProtectedPhrase) },
    { SEC_ASN1_OCTET_STRING,
          offsetof(fortProtectedPhrase,kValueIV) },
    { SEC_ASN1_OCTET_STRING,
          offsetof(fortProtectedPhrase,wrappedKValue) },
    { SEC_ASN1_OCTET_STRING,
          offsetof(fortProtectedPhrase,memPhraseIV) },
    { SEC_ASN1_OCTET_STRING,
          offsetof(fortProtectedPhrase,hashedEncryptedMemPhrase) },
    { 0 }
};

/* This data is used to check the Mem Init Phrases, and to generate Kinit
 * each file has one mem init phrase, which is used only in transport of
 * this file */
static const SEC_ASN1Template fortMemInitPhrase[]  = {
    { SEC_ASN1_SEQUENCE,
          0, NULL, sizeof(fortProtectedPhrase) },
    { SEC_ASN1_OCTET_STRING,
          offsetof(fortProtectedPhrase,wrappedKValue) },
    { SEC_ASN1_OCTET_STRING,
          offsetof(fortProtectedPhrase,memPhraseIV) },
    { SEC_ASN1_OCTET_STRING,
          offsetof(fortProtectedPhrase,hashedEncryptedMemPhrase) },
    { 0 }
};

static const SEC_ASN1Template fortSlotEntriesTemplate[]  = {
    { SEC_ASN1_SEQUENCE_OF, 0, fortSlotEntryTemplate }
};

/* This is the complete file with all it's data, but has not been signed
 * yet. */
static const SEC_ASN1Template fortSwFortezzaInitFileToSign[]  = {
    { SEC_ASN1_SEQUENCE,
          0, NULL, sizeof(FORTSWFile) },
    { SEC_ASN1_INTEGER,
          offsetof(FORTSWFile,version) },
    { SEC_ASN1_ANY,
          offsetof(FORTSWFile,derIssuer) },
    { SEC_ASN1_OCTET_STRING,
          offsetof(FORTSWFile,serialID) },
    { SEC_ASN1_INLINE,
          offsetof(FORTSWFile,initMemPhrase), fortMemInitPhrase },
    { SEC_ASN1_INLINE,
          offsetof(FORTSWFile,ssoMemPhrase), fortProtectedMemPhrase },
    { SEC_ASN1_INLINE,
          offsetof(FORTSWFile,userMemPhrase), fortProtectedMemPhrase },
    { SEC_ASN1_INLINE,
          offsetof(FORTSWFile,ssoPinPhrase), fortProtectedMemPhrase },
    { SEC_ASN1_INLINE,
          offsetof(FORTSWFile,userPinPhrase), fortProtectedMemPhrase },
    { SEC_ASN1_OCTET_STRING,
          offsetof(FORTSWFile,wrappedRandomSeed) },
    { SEC_ASN1_SEQUENCE_OF, offsetof(FORTSWFile,slotEntries),
						 fortSlotEntryTemplate },
    /* optional extentions to ignore here... */
    { 0 }
};

/* The complete, signed init file */
static const SEC_ASN1Template fortSwFortezzaInitFile[]  = {
    { SEC_ASN1_SEQUENCE,
          0, NULL, sizeof(FORTSignedSWFile) },
    { SEC_ASN1_SAVE,
          offsetof(FORTSignedSWFile,signatureWrap.data) },
    { SEC_ASN1_INLINE,
          offsetof(FORTSignedSWFile,file),
          fortSwFortezzaInitFileToSign },
    { SEC_ASN1_INLINE,
          offsetof(FORTSignedSWFile,signatureWrap.signatureAlgorithm),
          SECOID_AlgorithmIDTemplate },
    { SEC_ASN1_BIT_STRING,
          offsetof(FORTSignedSWFile,signatureWrap.signature) },
    { 0 }
};

FORTSkipjackKeyPtr
fort_CalculateKMemPhrase(FORTSWFile *file, 
  fortProtectedPhrase * prot_phrase, char *phrase, FORTSkipjackKeyPtr wrapKey)
{
    unsigned char *data = NULL;
    unsigned char hashout[SHA1_LENGTH];
    int data_len = prot_phrase->wrappedKValue.len;
    int ret;
    unsigned int len;
    unsigned int version;
    unsigned char enc_version[2];
    FORTSkipjackKeyPtr Kout = NULL;
    FORTSkipjackKey Kfek;
    SHA1Context *sha;

    data = (unsigned char *) PORT_ZAlloc(data_len);
    if (data == NULL) goto fail;
    
    PORT_Memcpy(data,prot_phrase->wrappedKValue.data,data_len);

    /* if it's a real protected mem phrase, it's been wrapped by kinit, which
     * was passed to us. */
    if (wrapKey) {
	fort_skipjackDecrypt(wrapKey,
		&prot_phrase->kValueIV.data[SKIPJACK_LEAF_SIZE],data_len,
								data,data);
	data_len = sizeof(CI_KEY);
    }

    /* now calculate the PBE key for fortezza */
    sha = SHA1_NewContext();
    if (sha == NULL) goto fail;
    SHA1_Begin(sha);
    version = DER_GetUInteger(&file->version);
    enc_version[0] = (version >> 8) & 0xff;
    enc_version[1] = version & 0xff;
    SHA1_Update(sha,enc_version,sizeof(enc_version));
    SHA1_Update(sha,file->derIssuer.data, file->derIssuer.len);
    SHA1_Update(sha,file->serialID.data, file->serialID.len);
    SHA1_Update(sha,(unsigned char *)phrase,strlen(phrase));
    SHA1_End(sha,hashout,&len,SHA1_LENGTH);
    SHA1_DestroyContext(sha, PR_TRUE);
    PORT_Memcpy(Kfek,hashout,sizeof(FORTSkipjackKey));

    /* now use that key to unwrap */
    Kout = (FORTSkipjackKeyPtr) PORT_Alloc(sizeof(FORTSkipjackKey));
    ret = fort_skipjackUnwrap(Kfek,data_len,data,Kout);
    if (ret != CI_OK) {
	PORT_Free(Kout);
	Kout = NULL;
    }

fail:
    PORT_Memset(&Kfek, 0, sizeof(FORTSkipjackKey));
    if (data) PORT_ZFree(data,data_len);
    return Kout;
}


PRBool
fort_CheckMemPhrase(FORTSWFile *file, 
  fortProtectedPhrase * prot_phrase, char *phrase, FORTSkipjackKeyPtr wrapKey) 
{
    unsigned char *data = NULL;
    unsigned char hashout[SHA1_LENGTH];
    int data_len = prot_phrase->hashedEncryptedMemPhrase.len;
    unsigned int len;
    SHA1Context *sha;
    PRBool pinOK = PR_FALSE;
    unsigned char cw[4];
    int i;


    /* first, decrypt the hashed/Encrypted Memphrase */
    data = (unsigned char *) PORT_ZAlloc(data_len);
    if (data == NULL) goto failed;

    PORT_Memcpy(data,prot_phrase->hashedEncryptedMemPhrase.data,data_len);
    fort_skipjackDecrypt(wrapKey,
		&prot_phrase->memPhraseIV.data[SKIPJACK_LEAF_SIZE],data_len,
								data,data);

    /* now build the hash for comparisons */
    sha = SHA1_NewContext();
    if (sha == NULL) goto failed;
    SHA1_Begin(sha);
    SHA1_Update(sha,(unsigned char *)phrase,strlen(phrase));
    SHA1_End(sha,hashout,&len,SHA1_LENGTH);