1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/lib/pkcs7/p7encode.c Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,1110 @@
1.4 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.5 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.6 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.7 +
1.8 +/*
1.9 + * PKCS7 encoding.
1.10 + */
1.11 +
1.12 +#include "p7local.h"
1.13 +
1.14 +#include "cert.h"
1.15 +#include "cryptohi.h"
1.16 +#include "keyhi.h"
1.17 +#include "secasn1.h"
1.18 +#include "secoid.h"
1.19 +#include "secitem.h"
1.20 +#include "pk11func.h"
1.21 +#include "secerr.h"
1.22 +#include "sechash.h" /* for HASH_GetHashObject() */
1.23 +
1.24 +struct sec_pkcs7_encoder_output {
1.25 + SEC_PKCS7EncoderOutputCallback outputfn;
1.26 + void *outputarg;
1.27 +};
1.28 +
1.29 +struct SEC_PKCS7EncoderContextStr {
1.30 + SEC_ASN1EncoderContext *ecx;
1.31 + SEC_PKCS7ContentInfo *cinfo;
1.32 + struct sec_pkcs7_encoder_output output;
1.33 + sec_PKCS7CipherObject *encryptobj;
1.34 + const SECHashObject *digestobj;
1.35 + void *digestcx;
1.36 +};
1.37 +
1.38 +
1.39 +/*
1.40 + * The little output function that the ASN.1 encoder calls to hand
1.41 + * us bytes which we in turn hand back to our caller (via the callback
1.42 + * they gave us).
1.43 + */
1.44 +static void
1.45 +sec_pkcs7_encoder_out(void *arg, const char *buf, unsigned long len,
1.46 + int depth, SEC_ASN1EncodingPart data_kind)
1.47 +{
1.48 + struct sec_pkcs7_encoder_output *output;
1.49 +
1.50 + output = (struct sec_pkcs7_encoder_output*)arg;
1.51 + output->outputfn (output->outputarg, buf, len);
1.52 +}
1.53 +
1.54 +static sec_PKCS7CipherObject *
1.55 +sec_pkcs7_encoder_start_encrypt (SEC_PKCS7ContentInfo *cinfo,
1.56 + PK11SymKey *orig_bulkkey)
1.57 +{
1.58 + SECOidTag kind;
1.59 + sec_PKCS7CipherObject *encryptobj;
1.60 + SEC_PKCS7RecipientInfo **recipientinfos, *ri;
1.61 + SEC_PKCS7EncryptedContentInfo *enccinfo;
1.62 + SECKEYPublicKey *publickey = NULL;
1.63 + SECKEYPrivateKey *ourPrivKey = NULL;
1.64 + PK11SymKey *bulkkey;
1.65 + void *mark, *wincx;
1.66 + int i;
1.67 + PLArenaPool *arena = NULL;
1.68 +
1.69 + /* Get the context in case we need it below. */
1.70 + wincx = cinfo->pwfn_arg;
1.71 +
1.72 + kind = SEC_PKCS7ContentType (cinfo);
1.73 + switch (kind) {
1.74 + default:
1.75 + case SEC_OID_PKCS7_DATA:
1.76 + case SEC_OID_PKCS7_DIGESTED_DATA:
1.77 + case SEC_OID_PKCS7_SIGNED_DATA:
1.78 + recipientinfos = NULL;
1.79 + enccinfo = NULL;
1.80 + break;
1.81 + case SEC_OID_PKCS7_ENCRYPTED_DATA:
1.82 + {
1.83 + SEC_PKCS7EncryptedData *encdp;
1.84 +
1.85 + /* To do EncryptedData we *must* be given a bulk key. */
1.86 + PORT_Assert (orig_bulkkey != NULL);
1.87 + if (orig_bulkkey == NULL) {
1.88 + /* XXX error? */
1.89 + return NULL;
1.90 + }
1.91 +
1.92 + encdp = cinfo->content.encryptedData;
1.93 + recipientinfos = NULL;
1.94 + enccinfo = &(encdp->encContentInfo);
1.95 + }
1.96 + break;
1.97 + case SEC_OID_PKCS7_ENVELOPED_DATA:
1.98 + {
1.99 + SEC_PKCS7EnvelopedData *envdp;
1.100 +
1.101 + envdp = cinfo->content.envelopedData;
1.102 + recipientinfos = envdp->recipientInfos;
1.103 + enccinfo = &(envdp->encContentInfo);
1.104 + }
1.105 + break;
1.106 + case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA:
1.107 + {
1.108 + SEC_PKCS7SignedAndEnvelopedData *saedp;
1.109 +
1.110 + saedp = cinfo->content.signedAndEnvelopedData;
1.111 + recipientinfos = saedp->recipientInfos;
1.112 + enccinfo = &(saedp->encContentInfo);
1.113 + }
1.114 + break;
1.115 + }
1.116 +
1.117 + if (enccinfo == NULL)
1.118 + return NULL;
1.119 +
1.120 + bulkkey = orig_bulkkey;
1.121 + if (bulkkey == NULL) {
1.122 + CK_MECHANISM_TYPE type = PK11_AlgtagToMechanism(enccinfo->encalg);
1.123 + PK11SlotInfo *slot;
1.124 +
1.125 +
1.126 + slot = PK11_GetBestSlot(type,cinfo->pwfn_arg);
1.127 + if (slot == NULL) {
1.128 + return NULL;
1.129 + }
1.130 + bulkkey = PK11_KeyGen(slot,type,NULL, enccinfo->keysize/8,
1.131 + cinfo->pwfn_arg);
1.132 + PK11_FreeSlot(slot);
1.133 + if (bulkkey == NULL) {
1.134 + return NULL;
1.135 + }
1.136 + }
1.137 +
1.138 + encryptobj = NULL;
1.139 + mark = PORT_ArenaMark (cinfo->poolp);
1.140 +
1.141 + /*
1.142 + * Encrypt the bulk key with the public key of each recipient.
1.143 + */
1.144 + for (i = 0; recipientinfos && (ri = recipientinfos[i]) != NULL; i++) {
1.145 + CERTCertificate *cert;
1.146 + SECOidTag certalgtag, encalgtag;
1.147 + SECStatus rv;
1.148 + int data_len;
1.149 + SECItem *params = NULL;
1.150 +
1.151 + cert = ri->cert;
1.152 + PORT_Assert (cert != NULL);
1.153 + if (cert == NULL)
1.154 + continue;
1.155 +
1.156 + /*
1.157 + * XXX Want an interface that takes a cert and some data and
1.158 + * fills in an algorithmID and encrypts the data with the public
1.159 + * key from the cert. Or, give me two interfaces -- one which
1.160 + * gets the algorithm tag from a cert (I should not have to go
1.161 + * down into the subjectPublicKeyInfo myself) and another which
1.162 + * takes a public key and algorithm tag and data and encrypts
1.163 + * the data. Or something like that. The point is that all
1.164 + * of the following hardwired RSA stuff should be done elsewhere.
1.165 + */
1.166 +
1.167 + certalgtag=SECOID_GetAlgorithmTag(&(cert->subjectPublicKeyInfo.algorithm));
1.168 +
1.169 + switch (certalgtag) {
1.170 + case SEC_OID_PKCS1_RSA_ENCRYPTION:
1.171 + encalgtag = certalgtag;
1.172 + publickey = CERT_ExtractPublicKey (cert);
1.173 + if (publickey == NULL) goto loser;
1.174 +
1.175 + data_len = SECKEY_PublicKeyStrength(publickey);
1.176 + ri->encKey.data =
1.177 + (unsigned char*)PORT_ArenaAlloc(cinfo->poolp ,data_len);
1.178 + ri->encKey.len = data_len;
1.179 + if (ri->encKey.data == NULL) goto loser;
1.180 +
1.181 + rv = PK11_PubWrapSymKey(PK11_AlgtagToMechanism(certalgtag),publickey,
1.182 + bulkkey,&ri->encKey);
1.183 +
1.184 + SECKEY_DestroyPublicKey(publickey);
1.185 + publickey = NULL;
1.186 + if (rv != SECSuccess) goto loser;
1.187 + params = NULL; /* paranoia */
1.188 + break;
1.189 + default:
1.190 + PORT_SetError (SEC_ERROR_INVALID_ALGORITHM);
1.191 + goto loser;
1.192 + }
1.193 +
1.194 + rv = SECOID_SetAlgorithmID(cinfo->poolp, &ri->keyEncAlg, encalgtag,
1.195 + params);
1.196 + if (rv != SECSuccess)
1.197 + goto loser;
1.198 + if (arena) PORT_FreeArena(arena,PR_FALSE);
1.199 + arena = NULL;
1.200 + }
1.201 +
1.202 + encryptobj = sec_PKCS7CreateEncryptObject (cinfo->poolp, bulkkey,
1.203 + enccinfo->encalg,
1.204 + &(enccinfo->contentEncAlg));
1.205 + if (encryptobj != NULL) {
1.206 + PORT_ArenaUnmark (cinfo->poolp, mark);
1.207 + mark = NULL; /* good one; do not want to release */
1.208 + }
1.209 + /* fallthru */
1.210 +
1.211 +loser:
1.212 + if (arena) {
1.213 + PORT_FreeArena(arena, PR_FALSE);
1.214 + }
1.215 + if (publickey) {
1.216 + SECKEY_DestroyPublicKey(publickey);
1.217 + }
1.218 + if (ourPrivKey) {
1.219 + SECKEY_DestroyPrivateKey(ourPrivKey);
1.220 + }
1.221 + if (mark != NULL) {
1.222 + PORT_ArenaRelease (cinfo->poolp, mark);
1.223 + }
1.224 + if (orig_bulkkey == NULL) {
1.225 + if (bulkkey) PK11_FreeSymKey(bulkkey);
1.226 + }
1.227 +
1.228 + return encryptobj;
1.229 +}
1.230 +
1.231 +
1.232 +static void
1.233 +sec_pkcs7_encoder_notify (void *arg, PRBool before, void *dest, int depth)
1.234 +{
1.235 + SEC_PKCS7EncoderContext *p7ecx;
1.236 + SEC_PKCS7ContentInfo *cinfo;
1.237 + SECOidTag kind;
1.238 + PRBool before_content;
1.239 +
1.240 + /*
1.241 + * We want to notice just before the content field. After fields are
1.242 + * not interesting to us.
1.243 + */
1.244 + if (!before)
1.245 + return;
1.246 +
1.247 + p7ecx = (SEC_PKCS7EncoderContext*)arg;
1.248 + cinfo = p7ecx->cinfo;
1.249 +
1.250 + before_content = PR_FALSE;
1.251 +
1.252 + /*
1.253 + * Watch for the content field, at which point we want to instruct
1.254 + * the ASN.1 encoder to start taking bytes from the buffer.
1.255 + *
1.256 + * XXX The following assumes the inner content type is data;
1.257 + * if/when we want to handle fully nested types, this will have
1.258 + * to recurse until reaching the innermost data content.
1.259 + */
1.260 + kind = SEC_PKCS7ContentType (cinfo);
1.261 + switch (kind) {
1.262 + default:
1.263 + case SEC_OID_PKCS7_DATA:
1.264 + if (dest == &(cinfo->content.data))
1.265 + before_content = PR_TRUE;
1.266 + break;
1.267 +
1.268 + case SEC_OID_PKCS7_DIGESTED_DATA:
1.269 + {
1.270 + SEC_PKCS7DigestedData *digd;
1.271 +
1.272 + digd = cinfo->content.digestedData;
1.273 + if (digd == NULL)
1.274 + break;
1.275 +
1.276 + if (dest == &(digd->contentInfo.content))
1.277 + before_content = PR_TRUE;
1.278 + }
1.279 + break;
1.280 +
1.281 + case SEC_OID_PKCS7_ENCRYPTED_DATA:
1.282 + {
1.283 + SEC_PKCS7EncryptedData *encd;
1.284 +
1.285 + encd = cinfo->content.encryptedData;
1.286 + if (encd == NULL)
1.287 + break;
1.288 +
1.289 + if (dest == &(encd->encContentInfo.encContent))
1.290 + before_content = PR_TRUE;
1.291 + }
1.292 + break;
1.293 +
1.294 + case SEC_OID_PKCS7_ENVELOPED_DATA:
1.295 + {
1.296 + SEC_PKCS7EnvelopedData *envd;
1.297 +
1.298 + envd = cinfo->content.envelopedData;
1.299 + if (envd == NULL)
1.300 + break;
1.301 +
1.302 + if (dest == &(envd->encContentInfo.encContent))
1.303 + before_content = PR_TRUE;
1.304 + }
1.305 + break;
1.306 +
1.307 + case SEC_OID_PKCS7_SIGNED_DATA:
1.308 + {
1.309 + SEC_PKCS7SignedData *sigd;
1.310 +
1.311 + sigd = cinfo->content.signedData;
1.312 + if (sigd == NULL)
1.313 + break;
1.314 +
1.315 + if (dest == &(sigd->contentInfo.content))
1.316 + before_content = PR_TRUE;
1.317 + }
1.318 + break;
1.319 +
1.320 + case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA:
1.321 + {
1.322 + SEC_PKCS7SignedAndEnvelopedData *saed;
1.323 +
1.324 + saed = cinfo->content.signedAndEnvelopedData;
1.325 + if (saed == NULL)
1.326 + break;
1.327 +
1.328 + if (dest == &(saed->encContentInfo.encContent))
1.329 + before_content = PR_TRUE;
1.330 + }
1.331 + break;
1.332 + }
1.333 +
1.334 + if (before_content) {
1.335 + /*
1.336 + * This will cause the next SEC_ASN1EncoderUpdate to take the
1.337 + * contents bytes from the passed-in buffer.
1.338 + */
1.339 + SEC_ASN1EncoderSetTakeFromBuf (p7ecx->ecx);
1.340 + /*
1.341 + * And that is all we needed this notify function for.
1.342 + */
1.343 + SEC_ASN1EncoderClearNotifyProc (p7ecx->ecx);
1.344 + }
1.345 +}
1.346 +
1.347 +
1.348 +static SEC_PKCS7EncoderContext *
1.349 +sec_pkcs7_encoder_start_contexts (SEC_PKCS7ContentInfo *cinfo,
1.350 + PK11SymKey *bulkkey)
1.351 +{
1.352 + SEC_PKCS7EncoderContext *p7ecx;
1.353 + SECOidTag kind;
1.354 + PRBool encrypt;
1.355 + SECItem **digests;
1.356 + SECAlgorithmID *digestalg, **digestalgs;
1.357 +
1.358 + p7ecx =
1.359 + (SEC_PKCS7EncoderContext*)PORT_ZAlloc (sizeof(SEC_PKCS7EncoderContext));
1.360 + if (p7ecx == NULL)
1.361 + return NULL;
1.362 +
1.363 + digests = NULL;
1.364 + digestalg = NULL;
1.365 + digestalgs = NULL;
1.366 + encrypt = PR_FALSE;
1.367 +
1.368 + kind = SEC_PKCS7ContentType (cinfo);
1.369 + switch (kind) {
1.370 + default:
1.371 + case SEC_OID_PKCS7_DATA:
1.372 + break;
1.373 + case SEC_OID_PKCS7_DIGESTED_DATA:
1.374 + digestalg = &(cinfo->content.digestedData->digestAlg);
1.375 + break;
1.376 + case SEC_OID_PKCS7_SIGNED_DATA:
1.377 + digests = cinfo->content.signedData->digests;
1.378 + digestalgs = cinfo->content.signedData->digestAlgorithms;
1.379 + break;
1.380 + case SEC_OID_PKCS7_ENCRYPTED_DATA:
1.381 + case SEC_OID_PKCS7_ENVELOPED_DATA:
1.382 + encrypt = PR_TRUE;
1.383 + break;
1.384 + case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA:
1.385 + digests = cinfo->content.signedAndEnvelopedData->digests;
1.386 + digestalgs = cinfo->content.signedAndEnvelopedData->digestAlgorithms;
1.387 + encrypt = PR_TRUE;
1.388 + break;
1.389 + }
1.390 +
1.391 + if (encrypt) {
1.392 + p7ecx->encryptobj = sec_pkcs7_encoder_start_encrypt (cinfo, bulkkey);
1.393 + if (p7ecx->encryptobj == NULL) {
1.394 + PORT_Free (p7ecx);
1.395 + return NULL;
1.396 + }
1.397 + }
1.398 +
1.399 + if (digestalgs != NULL) {
1.400 + if (digests != NULL) {
1.401 + /* digests already created (probably for detached data) */
1.402 + digestalg = NULL;
1.403 + } else {
1.404 + /*
1.405 + * XXX Some day we should handle multiple digests; for now,
1.406 + * assume only one will be done.
1.407 + */
1.408 + PORT_Assert (digestalgs[0] != NULL && digestalgs[1] == NULL);
1.409 + digestalg = digestalgs[0];
1.410 + }
1.411 + }
1.412 +
1.413 + if (digestalg != NULL) {
1.414 + SECOidTag oidTag = SECOID_FindOIDTag(&(digestalg->algorithm));
1.415 +
1.416 + p7ecx->digestobj = HASH_GetHashObjectByOidTag(oidTag);
1.417 + if (p7ecx->digestobj != NULL) {
1.418 + p7ecx->digestcx = (* p7ecx->digestobj->create) ();
1.419 + if (p7ecx->digestcx == NULL)
1.420 + p7ecx->digestobj = NULL;
1.421 + else
1.422 + (* p7ecx->digestobj->begin) (p7ecx->digestcx);
1.423 + }
1.424 + if (p7ecx->digestobj == NULL) {
1.425 + if (p7ecx->encryptobj != NULL)
1.426 + sec_PKCS7DestroyEncryptObject (p7ecx->encryptobj);
1.427 + PORT_Free (p7ecx);
1.428 + return NULL;
1.429 + }
1.430 + }
1.431 +
1.432 + p7ecx->cinfo = cinfo;
1.433 + return p7ecx;
1.434 +}
1.435 +
1.436 +
1.437 +SEC_PKCS7EncoderContext *
1.438 +SEC_PKCS7EncoderStart (SEC_PKCS7ContentInfo *cinfo,
1.439 + SEC_PKCS7EncoderOutputCallback outputfn,
1.440 + void *outputarg,
1.441 + PK11SymKey *bulkkey)
1.442 +{
1.443 + SEC_PKCS7EncoderContext *p7ecx;
1.444 + SECStatus rv;
1.445 +
1.446 + p7ecx = sec_pkcs7_encoder_start_contexts (cinfo, bulkkey);
1.447 + if (p7ecx == NULL)
1.448 + return NULL;
1.449 +
1.450 + p7ecx->output.outputfn = outputfn;
1.451 + p7ecx->output.outputarg = outputarg;
1.452 +
1.453 + /*
1.454 + * Initialize the BER encoder.
1.455 + */
1.456 + p7ecx->ecx = SEC_ASN1EncoderStart (cinfo, sec_PKCS7ContentInfoTemplate,
1.457 + sec_pkcs7_encoder_out, &(p7ecx->output));
1.458 + if (p7ecx->ecx == NULL) {
1.459 + PORT_Free (p7ecx);
1.460 + return NULL;
1.461 + }
1.462 +
1.463 + /*
1.464 + * Indicate that we are streaming. We will be streaming until we
1.465 + * get past the contents bytes.
1.466 + */
1.467 + SEC_ASN1EncoderSetStreaming (p7ecx->ecx);
1.468 +
1.469 + /*
1.470 + * The notify function will watch for the contents field.
1.471 + */
1.472 + SEC_ASN1EncoderSetNotifyProc (p7ecx->ecx, sec_pkcs7_encoder_notify, p7ecx);
1.473 +
1.474 + /*
1.475 + * This will encode everything up to the content bytes. (The notify
1.476 + * function will then cause the encoding to stop there.) Then our
1.477 + * caller can start passing contents bytes to our Update, which we
1.478 + * will pass along.
1.479 + */
1.480 + rv = SEC_ASN1EncoderUpdate (p7ecx->ecx, NULL, 0);
1.481 + if (rv != SECSuccess) {
1.482 + PORT_Free (p7ecx);
1.483 + return NULL;
1.484 + }
1.485 +
1.486 + return p7ecx;
1.487 +}
1.488 +
1.489 +
1.490 +/*
1.491 + * XXX If/when we support nested contents, this needs to be revised.
1.492 + */
1.493 +static SECStatus
1.494 +sec_pkcs7_encoder_work_data (SEC_PKCS7EncoderContext *p7ecx, SECItem *dest,
1.495 + const unsigned char *data, unsigned long len,
1.496 + PRBool final)
1.497 +{
1.498 + unsigned char *buf = NULL;
1.499 + SECStatus rv;
1.500 +
1.501 +
1.502 + rv = SECSuccess; /* may as well be optimistic */
1.503 +
1.504 + /*
1.505 + * We should really have data to process, or we should be trying
1.506 + * to finish/flush the last block. (This is an overly paranoid
1.507 + * check since all callers are in this file and simple inspection
1.508 + * proves they do it right. But it could find a bug in future
1.509 + * modifications/development, that is why it is here.)
1.510 + */
1.511 + PORT_Assert ((data != NULL && len) || final);
1.512 +
1.513 + /*
1.514 + * Update the running digest.
1.515 + * XXX This needs modification if/when we handle multiple digests.
1.516 + */
1.517 + if (len && p7ecx->digestobj != NULL) {
1.518 + (* p7ecx->digestobj->update) (p7ecx->digestcx, data, len);
1.519 + }
1.520 +
1.521 + /*
1.522 + * Encrypt this chunk.
1.523 + */
1.524 + if (p7ecx->encryptobj != NULL) {
1.525 + /* XXX the following lengths should all be longs? */
1.526 + unsigned int inlen; /* length of data being encrypted */
1.527 + unsigned int outlen; /* length of encrypted data */
1.528 + unsigned int buflen; /* length available for encrypted data */
1.529 +
1.530 + inlen = len;
1.531 + buflen = sec_PKCS7EncryptLength (p7ecx->encryptobj, inlen, final);
1.532 + if (buflen == 0) {
1.533 + /*
1.534 + * No output is expected, but the input data may be buffered
1.535 + * so we still have to call Encrypt.
1.536 + */
1.537 + rv = sec_PKCS7Encrypt (p7ecx->encryptobj, NULL, NULL, 0,
1.538 + data, inlen, final);
1.539 + if (final) {
1.540 + len = 0;
1.541 + goto done;
1.542 + }
1.543 + return rv;
1.544 + }
1.545 +
1.546 + if (dest != NULL)
1.547 + buf = (unsigned char*)PORT_ArenaAlloc(p7ecx->cinfo->poolp, buflen);
1.548 + else
1.549 + buf = (unsigned char*)PORT_Alloc (buflen);
1.550 +
1.551 + if (buf == NULL) {
1.552 + rv = SECFailure;
1.553 + } else {
1.554 + rv = sec_PKCS7Encrypt (p7ecx->encryptobj, buf, &outlen, buflen,
1.555 + data, inlen, final);
1.556 + data = buf;
1.557 + len = outlen;
1.558 + }
1.559 + if (rv != SECSuccess) {
1.560 + if (final)
1.561 + goto done;
1.562 + return rv;
1.563 + }
1.564 + }
1.565 +
1.566 + if (p7ecx->ecx != NULL) {
1.567 + /*
1.568 + * Encode the contents bytes.
1.569 + */
1.570 + if(len) {
1.571 + rv = SEC_ASN1EncoderUpdate (p7ecx->ecx, (const char *)data, len);
1.572 + }
1.573 + }
1.574 +
1.575 +done:
1.576 + if (p7ecx->encryptobj != NULL) {
1.577 + if (final)
1.578 + sec_PKCS7DestroyEncryptObject (p7ecx->encryptobj);
1.579 + if (dest != NULL) {
1.580 + dest->data = buf;
1.581 + dest->len = len;
1.582 + } else if (buf != NULL) {
1.583 + PORT_Free (buf);
1.584 + }
1.585 + }
1.586 +
1.587 + if (final && p7ecx->digestobj != NULL) {
1.588 + SECItem *digest, **digests, ***digestsp;
1.589 + unsigned char *digdata;
1.590 + SECOidTag kind;
1.591 +
1.592 + kind = SEC_PKCS7ContentType (p7ecx->cinfo);
1.593 + switch (kind) {
1.594 + default:
1.595 + PORT_Assert (0);
1.596 + return SECFailure;
1.597 + case SEC_OID_PKCS7_DIGESTED_DATA:
1.598 + digest = &(p7ecx->cinfo->content.digestedData->digest);
1.599 + digestsp = NULL;
1.600 + break;
1.601 + case SEC_OID_PKCS7_SIGNED_DATA:
1.602 + digest = NULL;
1.603 + digestsp = &(p7ecx->cinfo->content.signedData->digests);
1.604 + break;
1.605 + case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA:
1.606 + digest = NULL;
1.607 + digestsp = &(p7ecx->cinfo->content.signedAndEnvelopedData->digests);
1.608 + break;
1.609 + }
1.610 +
1.611 + digdata = (unsigned char*)PORT_ArenaAlloc (p7ecx->cinfo->poolp,
1.612 + p7ecx->digestobj->length);
1.613 + if (digdata == NULL)
1.614 + return SECFailure;
1.615 +
1.616 + if (digestsp != NULL) {
1.617 + PORT_Assert (digest == NULL);
1.618 +
1.619 + digest = (SECItem*)PORT_ArenaAlloc (p7ecx->cinfo->poolp,
1.620 + sizeof(SECItem));
1.621 + digests = (SECItem**)PORT_ArenaAlloc (p7ecx->cinfo->poolp,
1.622 + 2 * sizeof(SECItem *));
1.623 + if (digests == NULL || digest == NULL)
1.624 + return SECFailure;
1.625 +
1.626 + digests[0] = digest;
1.627 + digests[1] = NULL;
1.628 +
1.629 + *digestsp = digests;
1.630 + }
1.631 +
1.632 + PORT_Assert (digest != NULL);
1.633 +
1.634 + digest->data = digdata;
1.635 + digest->len = p7ecx->digestobj->length;
1.636 +
1.637 + (* p7ecx->digestobj->end) (p7ecx->digestcx, digest->data,
1.638 + &(digest->len), digest->len);
1.639 + (* p7ecx->digestobj->destroy) (p7ecx->digestcx, PR_TRUE);
1.640 + }
1.641 +
1.642 + return rv;
1.643 +}
1.644 +
1.645 +
1.646 +SECStatus
1.647 +SEC_PKCS7EncoderUpdate (SEC_PKCS7EncoderContext *p7ecx,
1.648 + const char *data, unsigned long len)
1.649 +{
1.650 + /* XXX Error handling needs help. Return what? Do "Finish" on failure? */
1.651 + return sec_pkcs7_encoder_work_data (p7ecx, NULL,
1.652 + (const unsigned char *)data, len,
1.653 + PR_FALSE);
1.654 +}
1.655 +
1.656 +static SECStatus
1.657 +sec_pkcs7_encoder_sig_and_certs (SEC_PKCS7ContentInfo *cinfo,
1.658 + SECKEYGetPasswordKey pwfn, void *pwfnarg)
1.659 +{
1.660 + SECOidTag kind;
1.661 + CERTCertificate **certs;
1.662 + CERTCertificateList **certlists;
1.663 + SECAlgorithmID **digestalgs;
1.664 + SECItem **digests;
1.665 + SEC_PKCS7SignerInfo *signerinfo, **signerinfos;
1.666 + SECItem **rawcerts, ***rawcertsp;
1.667 + PLArenaPool *poolp;
1.668 + int certcount;
1.669 + int ci, cli, rci, si;
1.670 +
1.671 + kind = SEC_PKCS7ContentType (cinfo);
1.672 + switch (kind) {
1.673 + default:
1.674 + case SEC_OID_PKCS7_DATA:
1.675 + case SEC_OID_PKCS7_DIGESTED_DATA:
1.676 + case SEC_OID_PKCS7_ENCRYPTED_DATA:
1.677 + case SEC_OID_PKCS7_ENVELOPED_DATA:
1.678 + certs = NULL;
1.679 + certlists = NULL;
1.680 + digestalgs = NULL;
1.681 + digests = NULL;
1.682 + signerinfos = NULL;
1.683 + rawcertsp = NULL;
1.684 + break;
1.685 + case SEC_OID_PKCS7_SIGNED_DATA:
1.686 + {
1.687 + SEC_PKCS7SignedData *sdp;
1.688 +
1.689 + sdp = cinfo->content.signedData;
1.690 + certs = sdp->certs;
1.691 + certlists = sdp->certLists;
1.692 + digestalgs = sdp->digestAlgorithms;
1.693 + digests = sdp->digests;
1.694 + signerinfos = sdp->signerInfos;
1.695 + rawcertsp = &(sdp->rawCerts);
1.696 + }
1.697 + break;
1.698 + case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA:
1.699 + {
1.700 + SEC_PKCS7SignedAndEnvelopedData *saedp;
1.701 +
1.702 + saedp = cinfo->content.signedAndEnvelopedData;
1.703 + certs = saedp->certs;
1.704 + certlists = saedp->certLists;
1.705 + digestalgs = saedp->digestAlgorithms;
1.706 + digests = saedp->digests;
1.707 + signerinfos = saedp->signerInfos;
1.708 + rawcertsp = &(saedp->rawCerts);
1.709 + }
1.710 + break;
1.711 + }
1.712 +
1.713 + if (certs == NULL && certlists == NULL && signerinfos == NULL)
1.714 + return SECSuccess; /* nothing for us to do! */
1.715 +
1.716 + poolp = cinfo->poolp;
1.717 + certcount = 0;
1.718 +
1.719 + if (signerinfos != NULL) {
1.720 + SECOidTag digestalgtag;
1.721 + int di;
1.722 + SECStatus rv;
1.723 + CERTCertificate *cert;
1.724 + SECKEYPrivateKey *privkey;
1.725 + SECItem signature;
1.726 + SECOidTag signalgtag;
1.727 +
1.728 + PORT_Assert (digestalgs != NULL && digests != NULL);
1.729 +
1.730 + /*
1.731 + * If one fails, we bail right then. If we want to continue and
1.732 + * try to do subsequent signatures, this loop, and the departures
1.733 + * from it, will need to be reworked.
1.734 + */
1.735 + for (si = 0; signerinfos[si] != NULL; si++) {
1.736 +
1.737 + signerinfo = signerinfos[si];
1.738 +
1.739 + /* find right digest */
1.740 + digestalgtag = SECOID_GetAlgorithmTag (&(signerinfo->digestAlg));
1.741 + for (di = 0; digestalgs[di] != NULL; di++) {
1.742 + /* XXX Should I be comparing more than the tag? */
1.743 + if (digestalgtag == SECOID_GetAlgorithmTag (digestalgs[di]))
1.744 + break;
1.745 + }
1.746 + if (digestalgs[di] == NULL) {
1.747 + /* XXX oops; do what? set an error? */
1.748 + return SECFailure;
1.749 + }
1.750 + PORT_Assert (digests[di] != NULL);
1.751 +
1.752 + cert = signerinfo->cert;
1.753 + privkey = PK11_FindKeyByAnyCert (cert, pwfnarg);
1.754 + if (privkey == NULL)
1.755 + return SECFailure;
1.756 +
1.757 + /*
1.758 + * XXX I think there should be a cert-level interface for this,
1.759 + * so that I do not have to know about subjectPublicKeyInfo...
1.760 + */
1.761 + signalgtag = SECOID_GetAlgorithmTag (&(cert->subjectPublicKeyInfo.algorithm));
1.762 +
1.763 + if (signerinfo->authAttr != NULL) {
1.764 + SEC_PKCS7Attribute *attr;
1.765 + SECItem encoded_attrs;
1.766 + SECItem *dummy;
1.767 + SECOidTag algid;
1.768 +
1.769 + /*
1.770 + * First, find and fill in the message digest attribute.
1.771 + */
1.772 + attr = sec_PKCS7FindAttribute (signerinfo->authAttr,
1.773 + SEC_OID_PKCS9_MESSAGE_DIGEST,
1.774 + PR_TRUE);
1.775 + PORT_Assert (attr != NULL);
1.776 + if (attr == NULL) {
1.777 + SECKEY_DestroyPrivateKey (privkey);
1.778 + return SECFailure;
1.779 + }
1.780 +
1.781 + /*
1.782 + * XXX The second half of the following assertion prevents
1.783 + * the encoder from being called twice on the same content.
1.784 + * Either just remove the second half the assertion, or
1.785 + * change the code to check if the value already there is
1.786 + * the same as digests[di], whichever seems more right.
1.787 + */
1.788 + PORT_Assert (attr->values != NULL && attr->values[0] == NULL);
1.789 + attr->values[0] = digests[di];
1.790 +
1.791 + /*
1.792 + * Before encoding, reorder the attributes so that when they
1.793 + * are encoded, they will be conforming DER, which is required
1.794 + * to have a specific order and that is what must be used for
1.795 + * the hash/signature. We do this here, rather than building
1.796 + * it into EncodeAttributes, because we do not want to do
1.797 + * such reordering on incoming messages (which also uses
1.798 + * EncodeAttributes) or our old signatures (and other "broken"
1.799 + * implementations) will not verify. So, we want to guarantee
1.800 + * that we send out good DER encodings of attributes, but not
1.801 + * to expect to receive them.
1.802 + */
1.803 + rv = sec_PKCS7ReorderAttributes (signerinfo->authAttr);
1.804 + if (rv != SECSuccess) {
1.805 + SECKEY_DestroyPrivateKey (privkey);
1.806 + return SECFailure;
1.807 + }
1.808 +
1.809 + encoded_attrs.data = NULL;
1.810 + encoded_attrs.len = 0;
1.811 + dummy = sec_PKCS7EncodeAttributes (NULL, &encoded_attrs,
1.812 + &(signerinfo->authAttr));
1.813 + if (dummy == NULL) {
1.814 + SECKEY_DestroyPrivateKey (privkey);
1.815 + return SECFailure;
1.816 + }
1.817 +
1.818 + algid = SEC_GetSignatureAlgorithmOidTag(privkey->keyType,
1.819 + digestalgtag);
1.820 + if (algid == SEC_OID_UNKNOWN) {
1.821 + PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
1.822 + SECKEY_DestroyPrivateKey (privkey);
1.823 + return SECFailure;
1.824 + }
1.825 + rv = SEC_SignData (&signature,
1.826 + encoded_attrs.data, encoded_attrs.len,
1.827 + privkey,
1.828 + algid);
1.829 + SECITEM_FreeItem (&encoded_attrs, PR_FALSE);
1.830 + } else {
1.831 + rv = SGN_Digest (privkey, digestalgtag, &signature,
1.832 + digests[di]);
1.833 + }
1.834 +
1.835 + SECKEY_DestroyPrivateKey (privkey);
1.836 +
1.837 + if (rv != SECSuccess)
1.838 + return rv;
1.839 +
1.840 + rv = SECITEM_CopyItem (poolp, &(signerinfo->encDigest), &signature);
1.841 + if (rv != SECSuccess)
1.842 + return rv;
1.843 +
1.844 + SECITEM_FreeItem (&signature, PR_FALSE);
1.845 +
1.846 + rv = SECOID_SetAlgorithmID (poolp, &(signerinfo->digestEncAlg),
1.847 + signalgtag, NULL);
1.848 + if (rv != SECSuccess)
1.849 + return SECFailure;
1.850 +
1.851 + /*
1.852 + * Count the cert chain for this signer.
1.853 + */
1.854 + if (signerinfo->certList != NULL)
1.855 + certcount += signerinfo->certList->len;
1.856 + }
1.857 + }
1.858 +
1.859 + if (certs != NULL) {
1.860 + for (ci = 0; certs[ci] != NULL; ci++)
1.861 + certcount++;
1.862 + }
1.863 +
1.864 + if (certlists != NULL) {
1.865 + for (cli = 0; certlists[cli] != NULL; cli++)
1.866 + certcount += certlists[cli]->len;
1.867 + }
1.868 +
1.869 + if (certcount == 0)
1.870 + return SECSuccess; /* signing done; no certs */
1.871 +
1.872 + /*
1.873 + * Combine all of the certs and cert chains into rawcerts.
1.874 + * Note: certcount is an upper bound; we may not need that many slots
1.875 + * but we will allocate anyway to avoid having to do another pass.
1.876 + * (The temporary space saving is not worth it.)
1.877 + */
1.878 + rawcerts = (SECItem**)PORT_ArenaAlloc (poolp,
1.879 + (certcount + 1) * sizeof(SECItem *));
1.880 + if (rawcerts == NULL)
1.881 + return SECFailure;
1.882 +
1.883 + /*
1.884 + * XXX Want to check for duplicates and not add *any* cert that is
1.885 + * already in the set. This will be more important when we start
1.886 + * dealing with larger sets of certs, dual-key certs (signing and
1.887 + * encryption), etc. For the time being we can slide by...
1.888 + */
1.889 + rci = 0;
1.890 + if (signerinfos != NULL) {
1.891 + for (si = 0; signerinfos[si] != NULL; si++) {
1.892 + signerinfo = signerinfos[si];
1.893 + for (ci = 0; ci < signerinfo->certList->len; ci++)
1.894 + rawcerts[rci++] = &(signerinfo->certList->certs[ci]);
1.895 + }
1.896 +
1.897 + }
1.898 +
1.899 + if (certs != NULL) {
1.900 + for (ci = 0; certs[ci] != NULL; ci++)
1.901 + rawcerts[rci++] = &(certs[ci]->derCert);
1.902 + }
1.903 +
1.904 + if (certlists != NULL) {
1.905 + for (cli = 0; certlists[cli] != NULL; cli++) {
1.906 + for (ci = 0; ci < certlists[cli]->len; ci++)
1.907 + rawcerts[rci++] = &(certlists[cli]->certs[ci]);
1.908 + }
1.909 + }
1.910 +
1.911 + rawcerts[rci] = NULL;
1.912 + *rawcertsp = rawcerts;
1.913 +
1.914 + return SECSuccess;
1.915 +}
1.916 +
1.917 +
1.918 +SECStatus
1.919 +SEC_PKCS7EncoderFinish (SEC_PKCS7EncoderContext *p7ecx,
1.920 + SECKEYGetPasswordKey pwfn, void *pwfnarg)
1.921 +{
1.922 + SECStatus rv;
1.923 +
1.924 + /*
1.925 + * Flush out any remaining data.
1.926 + */
1.927 + rv = sec_pkcs7_encoder_work_data (p7ecx, NULL, NULL, 0, PR_TRUE);
1.928 +
1.929 + /*
1.930 + * Turn off streaming stuff.
1.931 + */
1.932 + SEC_ASN1EncoderClearTakeFromBuf (p7ecx->ecx);
1.933 + SEC_ASN1EncoderClearStreaming (p7ecx->ecx);
1.934 +
1.935 + if (rv != SECSuccess)
1.936 + goto loser;
1.937 +
1.938 + rv = sec_pkcs7_encoder_sig_and_certs (p7ecx->cinfo, pwfn, pwfnarg);
1.939 + if (rv != SECSuccess)
1.940 + goto loser;
1.941 +
1.942 + rv = SEC_ASN1EncoderUpdate (p7ecx->ecx, NULL, 0);
1.943 +
1.944 +loser:
1.945 + SEC_ASN1EncoderFinish (p7ecx->ecx);
1.946 + PORT_Free (p7ecx);
1.947 + return rv;
1.948 +}
1.949 +
1.950 +/*
1.951 + * Abort the ASN.1 stream. Used by pkcs 12
1.952 + */
1.953 +void
1.954 +SEC_PKCS7EncoderAbort(SEC_PKCS7EncoderContext *p7ecx, int error)
1.955 +{
1.956 + PORT_Assert(p7ecx);
1.957 + SEC_ASN1EncoderAbort(p7ecx->ecx, error);
1.958 +}
1.959 +
1.960 +/*
1.961 + * After this routine is called, the entire PKCS7 contentInfo is ready
1.962 + * to be encoded. This is used internally, but can also be called from
1.963 + * elsewhere for those who want to be able to just have pointers to
1.964 + * the ASN1 template for pkcs7 contentInfo built into their own encodings.
1.965 + */
1.966 +SECStatus
1.967 +SEC_PKCS7PrepareForEncode (SEC_PKCS7ContentInfo *cinfo,
1.968 + PK11SymKey *bulkkey,
1.969 + SECKEYGetPasswordKey pwfn,
1.970 + void *pwfnarg)
1.971 +{
1.972 + SEC_PKCS7EncoderContext *p7ecx;
1.973 + SECItem *content, *enc_content;
1.974 + SECStatus rv;
1.975 +
1.976 + p7ecx = sec_pkcs7_encoder_start_contexts (cinfo, bulkkey);
1.977 + if (p7ecx == NULL)
1.978 + return SECFailure;
1.979 +
1.980 + content = SEC_PKCS7GetContent (cinfo);
1.981 +
1.982 + if (p7ecx->encryptobj != NULL) {
1.983 + SECOidTag kind;
1.984 + SEC_PKCS7EncryptedContentInfo *enccinfo;
1.985 +
1.986 + kind = SEC_PKCS7ContentType (p7ecx->cinfo);
1.987 + switch (kind) {
1.988 + default:
1.989 + PORT_Assert (0);
1.990 + rv = SECFailure;
1.991 + goto loser;
1.992 + case SEC_OID_PKCS7_ENCRYPTED_DATA:
1.993 + enccinfo = &(p7ecx->cinfo->content.encryptedData->encContentInfo);
1.994 + break;
1.995 + case SEC_OID_PKCS7_ENVELOPED_DATA:
1.996 + enccinfo = &(p7ecx->cinfo->content.envelopedData->encContentInfo);
1.997 + break;
1.998 + case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA:
1.999 + enccinfo = &(p7ecx->cinfo->content.signedAndEnvelopedData->encContentInfo);
1.1000 + break;
1.1001 + }
1.1002 + enc_content = &(enccinfo->encContent);
1.1003 + } else {
1.1004 + enc_content = NULL;
1.1005 + }
1.1006 +
1.1007 + if (content != NULL && content->data != NULL && content->len) {
1.1008 + rv = sec_pkcs7_encoder_work_data (p7ecx, enc_content,
1.1009 + content->data, content->len, PR_TRUE);
1.1010 + if (rv != SECSuccess)
1.1011 + goto loser;
1.1012 + }
1.1013 +
1.1014 + rv = sec_pkcs7_encoder_sig_and_certs (cinfo, pwfn, pwfnarg);
1.1015 +
1.1016 +loser:
1.1017 + PORT_Free (p7ecx);
1.1018 + return rv;
1.1019 +}
1.1020 +
1.1021 +
1.1022 +/*
1.1023 + * Encode a PKCS7 object, in one shot. All necessary components
1.1024 + * of the object must already be specified. Either the data has
1.1025 + * already been included (via SetContent), or the data is detached,
1.1026 + * or there is no data at all (certs-only).
1.1027 + *
1.1028 + * "cinfo" specifies the object to be encoded.
1.1029 + *
1.1030 + * "outputfn" is where the encoded bytes will be passed.
1.1031 + *
1.1032 + * "outputarg" is an opaque argument to the above callback.
1.1033 + *
1.1034 + * "bulkkey" specifies the bulk encryption key to use. This argument
1.1035 + * can be NULL if no encryption is being done, or if the bulk key should
1.1036 + * be generated internally (usually the case for EnvelopedData but never
1.1037 + * for EncryptedData, which *must* provide a bulk encryption key).
1.1038 + *
1.1039 + * "pwfn" is a callback for getting the password which protects the
1.1040 + * private key of the signer. This argument can be NULL if it is known
1.1041 + * that no signing is going to be done.
1.1042 + *
1.1043 + * "pwfnarg" is an opaque argument to the above callback.
1.1044 + */
1.1045 +SECStatus
1.1046 +SEC_PKCS7Encode (SEC_PKCS7ContentInfo *cinfo,
1.1047 + SEC_PKCS7EncoderOutputCallback outputfn,
1.1048 + void *outputarg,
1.1049 + PK11SymKey *bulkkey,
1.1050 + SECKEYGetPasswordKey pwfn,
1.1051 + void *pwfnarg)
1.1052 +{
1.1053 + SECStatus rv;
1.1054 +
1.1055 + rv = SEC_PKCS7PrepareForEncode (cinfo, bulkkey, pwfn, pwfnarg);
1.1056 + if (rv == SECSuccess) {
1.1057 + struct sec_pkcs7_encoder_output outputcx;
1.1058 +
1.1059 + outputcx.outputfn = outputfn;
1.1060 + outputcx.outputarg = outputarg;
1.1061 +
1.1062 + rv = SEC_ASN1Encode (cinfo, sec_PKCS7ContentInfoTemplate,
1.1063 + sec_pkcs7_encoder_out, &outputcx);
1.1064 + }
1.1065 +
1.1066 + return rv;
1.1067 +}
1.1068 +
1.1069 +
1.1070 +/*
1.1071 + * Encode a PKCS7 object, in one shot. All necessary components
1.1072 + * of the object must already be specified. Either the data has
1.1073 + * already been included (via SetContent), or the data is detached,
1.1074 + * or there is no data at all (certs-only). The output, rather than
1.1075 + * being passed to an output function as is done above, is all put
1.1076 + * into a SECItem.
1.1077 + *
1.1078 + * "pool" specifies a pool from which to allocate the result.
1.1079 + * It can be NULL, in which case memory is allocated generically.
1.1080 + *
1.1081 + * "dest" specifies a SECItem in which to put the result data.
1.1082 + * It can be NULL, in which case the entire item is allocated, too.
1.1083 + *
1.1084 + * "cinfo" specifies the object to be encoded.
1.1085 + *
1.1086 + * "bulkkey" specifies the bulk encryption key to use. This argument
1.1087 + * can be NULL if no encryption is being done, or if the bulk key should
1.1088 + * be generated internally (usually the case for EnvelopedData but never
1.1089 + * for EncryptedData, which *must* provide a bulk encryption key).
1.1090 + *
1.1091 + * "pwfn" is a callback for getting the password which protects the
1.1092 + * private key of the signer. This argument can be NULL if it is known
1.1093 + * that no signing is going to be done.
1.1094 + *
1.1095 + * "pwfnarg" is an opaque argument to the above callback.
1.1096 + */
1.1097 +SECItem *
1.1098 +SEC_PKCS7EncodeItem (PLArenaPool *pool,
1.1099 + SECItem *dest,
1.1100 + SEC_PKCS7ContentInfo *cinfo,
1.1101 + PK11SymKey *bulkkey,
1.1102 + SECKEYGetPasswordKey pwfn,
1.1103 + void *pwfnarg)
1.1104 +{
1.1105 + SECStatus rv;
1.1106 +
1.1107 + rv = SEC_PKCS7PrepareForEncode (cinfo, bulkkey, pwfn, pwfnarg);
1.1108 + if (rv != SECSuccess)
1.1109 + return NULL;
1.1110 +
1.1111 + return SEC_ASN1EncodeItem (pool, dest, cinfo, sec_PKCS7ContentInfoTemplate);
1.1112 +}
1.1113 +
