The Tor Browser: security/nss/lib/smime/cmspubkey.c@7e26c7da4463 (annotated)

security/nss/lib/smime/cmspubkey.c@7e26c7da4463 (annotated)

security/nss/lib/smime/cmspubkey.c

Wed, 31 Dec 2014 06:55:50 +0100

author: Michael Schloh von Bennewitz <michael@schloh.com>
date: Wed, 31 Dec 2014 06:55:50 +0100
changeset 2: 7e26c7da4463
permissions: -rw-r--r--

Added tag UPSTREAM_283F7C6 for changeset ca08bd8f51b2

 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 /*
  * CMS public key crypto
  */
 #include "cmslocal.h"
 #include "cert.h"
 #include "key.h"
 #include "secasn1.h"
 #include "secitem.h"
 #include "secoid.h"
 #include "pk11func.h"
 #include "secerr.h"
 /* ====== RSA ======================================================================= */
 /*
  * NSS_CMSUtil_EncryptSymKey_RSA - wrap a symmetric key with RSA
  *
  * this function takes a symmetric key and encrypts it using an RSA public key
  * according to PKCS#1 and RFC2633 (S/MIME)
  */
 SECStatus
 NSS_CMSUtil_EncryptSymKey_RSA(PLArenaPool *poolp, CERTCertificate *cert,
                               PK11SymKey *bulkkey,
                               SECItem *encKey)
 {
     SECStatus rv;
     SECKEYPublicKey *publickey;
     publickey = CERT_ExtractPublicKey(cert);
     if (publickey == NULL)
 	return SECFailure;
     rv = NSS_CMSUtil_EncryptSymKey_RSAPubKey(poolp, publickey, bulkkey, encKey);
     SECKEY_DestroyPublicKey(publickey);
     return rv;
 }
 SECStatus
 NSS_CMSUtil_EncryptSymKey_RSAPubKey(PLArenaPool *poolp,
                                     SECKEYPublicKey *publickey,
                                     PK11SymKey *bulkkey, SECItem *encKey)
 {
     SECStatus rv;
     int data_len;
     KeyType keyType;
     void *mark = NULL;
     mark = PORT_ArenaMark(poolp);
     if (!mark)
 	goto loser;
     /* sanity check */
     keyType = SECKEY_GetPublicKeyType(publickey);
     PORT_Assert(keyType == rsaKey);
     if (keyType != rsaKey) {
 	goto loser;
     }
     /* allocate memory for the encrypted key */
     data_len = SECKEY_PublicKeyStrength(publickey);	/* block size (assumed to be > keylen) */
     encKey->data = (unsigned char*)PORT_ArenaAlloc(poolp, data_len);
     encKey->len = data_len;
     if (encKey->data == NULL)
 	goto loser;
     /* encrypt the key now */
     rv = PK11_PubWrapSymKey(PK11_AlgtagToMechanism(SEC_OID_PKCS1_RSA_ENCRYPTION),
 				publickey, bulkkey, encKey);
     if (rv != SECSuccess)
 	goto loser;
     PORT_ArenaUnmark(poolp, mark);
     return SECSuccess;
 loser:
     if (mark) {
 	PORT_ArenaRelease(poolp, mark);
     }
     return SECFailure;
 }
 /*
  * NSS_CMSUtil_DecryptSymKey_RSA - unwrap a RSA-wrapped symmetric key
  *
  * this function takes an RSA-wrapped symmetric key and unwraps it, returning a symmetric
  * key handle. Please note that the actual unwrapped key data may not be allowed to leave
  * a hardware token...
  */
 PK11SymKey *
 NSS_CMSUtil_DecryptSymKey_RSA(SECKEYPrivateKey *privkey, SECItem *encKey, SECOidTag bulkalgtag)
 {
     /* that's easy */
     CK_MECHANISM_TYPE target;
     PORT_Assert(bulkalgtag != SEC_OID_UNKNOWN);
     target = PK11_AlgtagToMechanism(bulkalgtag);
     if (bulkalgtag == SEC_OID_UNKNOWN || target == CKM_INVALID_MECHANISM) {
 	PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
 	return NULL;
     }
     return PK11_PubUnwrapSymKey(privkey, encKey, target, CKA_DECRYPT, 0);
 }
 /* ====== ESDH (Ephemeral-Static Diffie-Hellman) ==================================== */
 SECStatus
 NSS_CMSUtil_EncryptSymKey_ESDH(PLArenaPool *poolp, CERTCertificate *cert, PK11SymKey *key,
 			SECItem *encKey, SECItem **ukm, SECAlgorithmID *keyEncAlg,
 			SECItem *pubKey)
 {
 #if 0 /* not yet done */
     SECOidTag certalgtag;	/* the certificate's encryption algorithm */
     SECOidTag encalgtag;	/* the algorithm used for key exchange/agreement */
     SECStatus rv;
     SECItem *params = NULL;
     int data_len;
     SECStatus err;
     PK11SymKey *tek;
     CERTCertificate *ourCert;
     SECKEYPublicKey *ourPubKey;
     NSSCMSKEATemplateSelector whichKEA = NSSCMSKEAInvalid;
     certalgtag = SECOID_GetAlgorithmTag(&(cert->subjectPublicKeyInfo.algorithm));
     PORT_Assert(certalgtag == SEC_OID_X942_DIFFIE_HELMAN_KEY);
     /* We really want to show our KEA tag as the key exchange algorithm tag. */
     encalgtag = SEC_OID_CMS_EPHEMERAL_STATIC_DIFFIE_HELLMAN;
     /* Get the public key of the recipient. */
     publickey = CERT_ExtractPublicKey(cert);
     if (publickey == NULL) goto loser;
     /* XXXX generate a DH key pair on a PKCS11 module (XXX which parameters?) */
     /* XXXX */ourCert = PK11_FindBestKEAMatch(cert, wincx);
     if (ourCert == NULL) goto loser;
     arena = PORT_NewArena(1024);
     if (arena == NULL) goto loser;
     /* While we're here, extract the key pair's public key data and copy it into */
     /* the outgoing parameters. */
     /* XXXX */ourPubKey = CERT_ExtractPublicKey(ourCert);
     if (ourPubKey == NULL)
     {
 	goto loser;
     }
     SECITEM_CopyItem(arena, pubKey, /* XXX */&(ourPubKey->u.fortezza.KEAKey));
     SECKEY_DestroyPublicKey(ourPubKey); /* we only need the private key from now on */
     ourPubKey = NULL;
     /* Extract our private key in order to derive the KEA key. */
     ourPrivKey = PK11_FindKeyByAnyCert(ourCert,wincx);
     CERT_DestroyCertificate(ourCert); /* we're done with this */
     if (!ourPrivKey) goto loser;
     /* If ukm desired, prepare it - allocate enough space (filled with zeros). */
     if (ukm) {
 	ukm->data = (unsigned char*)PORT_ArenaZAlloc(arena,/* XXXX */);
 	ukm->len = /* XXXX */;
     }
     /* Generate the KEK (key exchange key) according to RFC2631 which we use
      * to wrap the bulk encryption key. */
     kek = PK11_PubDerive(ourPrivKey, publickey, PR_TRUE,
 			 ukm, NULL,
 			 /* XXXX */CKM_KEA_KEY_DERIVE, /* XXXX */CKM_SKIPJACK_WRAP,
 			 CKA_WRAP, 0, wincx);
     SECKEY_DestroyPublicKey(publickey);
     SECKEY_DestroyPrivateKey(ourPrivKey);
     publickey = NULL;
     ourPrivKey = NULL;
     if (!kek)
 	goto loser;
     /* allocate space for the encrypted CEK (bulk key) */
     encKey->data = (unsigned char*)PORT_ArenaAlloc(poolp, SMIME_FORTEZZA_MAX_KEY_SIZE);
     encKey->len = SMIME_FORTEZZA_MAX_KEY_SIZE;
     if (encKey->data == NULL)
     {
 	PK11_FreeSymKey(kek);
 	goto loser;
     }
     /* Wrap the bulk key using CMSRC2WRAP or CMS3DESWRAP, depending on the */
     /* bulk encryption algorithm */
     switch (/* XXXX */PK11_AlgtagToMechanism(enccinfo->encalg))
     {
     case /* XXXX */CKM_SKIPJACK_CFB8:
 	err = PK11_WrapSymKey(/* XXXX */CKM_CMS3DES_WRAP, NULL, kek, bulkkey, encKey);
 	whichKEA = NSSCMSKEAUsesSkipjack;
 	break;
     case /* XXXX */CKM_SKIPJACK_CFB8:
 	err = PK11_WrapSymKey(/* XXXX */CKM_CMSRC2_WRAP, NULL, kek, bulkkey, encKey);
 	whichKEA = NSSCMSKEAUsesSkipjack;
 	break;
     default:
 	/* XXXX what do we do here? Neither RC2 nor 3DES... */
         err = SECFailure;
         /* set error */
 	break;
     }
     PK11_FreeSymKey(kek);	/* we do not need the KEK anymore */
     if (err != SECSuccess)
 	goto loser;
     PORT_Assert(whichKEA != NSSCMSKEAInvalid);
     /* see RFC2630 12.3.1.1 "keyEncryptionAlgorithm must be ..." */
     /* params is the DER encoded key wrap algorithm (with parameters!) (XXX) */
     params = SEC_ASN1EncodeItem(arena, NULL, &keaParams, sec_pkcs7_get_kea_template(whichKEA));
     if (params == NULL)
 	goto loser;
     /* now set keyEncAlg */
     rv = SECOID_SetAlgorithmID(poolp, keyEncAlg, SEC_OID_CMS_EPHEMERAL_STATIC_DIFFIE_HELLMAN, params);
     if (rv != SECSuccess)
 	goto loser;
     /* XXXXXXX this is not right yet */
 loser:
     if (arena) {
 	PORT_FreeArena(arena, PR_FALSE);
     }
     if (publickey) {
         SECKEY_DestroyPublicKey(publickey);
     }
     if (ourPrivKey) {
         SECKEY_DestroyPrivateKey(ourPrivKey);
     }
 #endif
     return SECFailure;
 }
 PK11SymKey *
 NSS_CMSUtil_DecryptSymKey_ESDH(SECKEYPrivateKey *privkey, SECItem *encKey, SECAlgorithmID *keyEncAlg, SECOidTag bulkalgtag, void *pwfn_arg)
 {
 #if 0 /* not yet done */
     SECStatus err;
     CK_MECHANISM_TYPE bulkType;
     PK11SymKey *tek;
     SECKEYPublicKey *originatorPubKey;
     NSSCMSSMIMEKEAParameters keaParams;
    /* XXXX get originator's public key */
    originatorPubKey = PK11_MakeKEAPubKey(keaParams.originatorKEAKey.data,
 			   keaParams.originatorKEAKey.len);
    if (originatorPubKey == NULL)
       goto loser;
    /* Generate the TEK (token exchange key) which we use to unwrap the bulk encryption key.
       The Derive function generates a shared secret and combines it with the originatorRA
       data to come up with an unique session key */
    tek = PK11_PubDerive(privkey, originatorPubKey, PR_FALSE,
 			 &keaParams.originatorRA, NULL,
 			 CKM_KEA_KEY_DERIVE, CKM_SKIPJACK_WRAP,
 			 CKA_WRAP, 0, pwfn_arg);
    SECKEY_DestroyPublicKey(originatorPubKey);	/* not needed anymore */
    if (tek == NULL)
 	goto loser;
     /* Now that we have the TEK, unwrap the bulk key
        with which to decrypt the message. */
     /* Skipjack is being used as the bulk encryption algorithm.*/
     /* Unwrap the bulk key. */
     bulkkey = PK11_UnwrapSymKey(tek, CKM_SKIPJACK_WRAP, NULL,
 				encKey, CKM_SKIPJACK_CBC64, CKA_DECRYPT, 0);
     return bulkkey;
 loser:
 #endif
     return NULL;
 }

The Tor Browser / annotate

security/nss/lib/smime/cmspubkey.c@7e26c7da4463 (annotated)

security/nss/lib/smime/cmspubkey.c