michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: michael@0: #include "plarena.h" michael@0: michael@0: #include "seccomon.h" michael@0: #include "secitem.h" michael@0: #include "secport.h" michael@0: #include "hasht.h" michael@0: #include "pkcs11t.h" michael@0: #include "blapi.h" michael@0: #include "hasht.h" michael@0: #include "secasn1.h" michael@0: #include "secder.h" michael@0: #include "lowpbe.h" michael@0: #include "secoid.h" michael@0: #include "alghmac.h" michael@0: #include "softoken.h" michael@0: #include "secerr.h" michael@0: michael@0: SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate) michael@0: michael@0: /* template for PKCS 5 PBE Parameter. This template has been expanded michael@0: * based upon the additions in PKCS 12. This should eventually be moved michael@0: * if RSA updates PKCS 5. michael@0: */ michael@0: static const SEC_ASN1Template NSSPKCS5PBEParameterTemplate[] = michael@0: { michael@0: { SEC_ASN1_SEQUENCE, michael@0: 0, NULL, sizeof(NSSPKCS5PBEParameter) }, michael@0: { SEC_ASN1_OCTET_STRING, michael@0: offsetof(NSSPKCS5PBEParameter, salt) }, michael@0: { SEC_ASN1_INTEGER, michael@0: offsetof(NSSPKCS5PBEParameter, iteration) }, michael@0: { 0 } michael@0: }; michael@0: michael@0: static const SEC_ASN1Template NSSPKCS5PKCS12V2PBEParameterTemplate[] = michael@0: { michael@0: { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSSPKCS5PBEParameter) }, michael@0: { SEC_ASN1_OCTET_STRING, offsetof(NSSPKCS5PBEParameter, salt) }, michael@0: { SEC_ASN1_INTEGER, offsetof(NSSPKCS5PBEParameter, iteration) }, michael@0: { 0 } michael@0: }; michael@0: michael@0: michael@0: /* PKCS5 v2 */ michael@0: michael@0: struct nsspkcs5V2PBEParameterStr { michael@0: SECAlgorithmID keyParams; /* parameters of the key generation */ michael@0: SECAlgorithmID algParams; /* parameters for the encryption or mac op */ michael@0: }; michael@0: michael@0: typedef struct nsspkcs5V2PBEParameterStr nsspkcs5V2PBEParameter; michael@0: #define PBKDF2 michael@0: michael@0: #ifdef PBKDF2 michael@0: static const SEC_ASN1Template NSSPKCS5V2PBES2ParameterTemplate[] = michael@0: { michael@0: { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(nsspkcs5V2PBEParameter) }, michael@0: { SEC_ASN1_INLINE | SEC_ASN1_XTRN, michael@0: offsetof(nsspkcs5V2PBEParameter, keyParams), michael@0: SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, michael@0: { SEC_ASN1_INLINE | SEC_ASN1_XTRN, michael@0: offsetof(nsspkcs5V2PBEParameter, algParams), michael@0: SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, michael@0: { 0 } michael@0: }; michael@0: michael@0: static const SEC_ASN1Template NSSPKCS5V2PBEParameterTemplate[] = michael@0: { michael@0: { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSSPKCS5PBEParameter) }, michael@0: /* this is really a choice, but since we don't understand any other michael@0: *choice, just inline it. */ michael@0: { SEC_ASN1_OCTET_STRING, offsetof(NSSPKCS5PBEParameter, salt) }, michael@0: { SEC_ASN1_INTEGER, offsetof(NSSPKCS5PBEParameter, iteration) }, michael@0: { SEC_ASN1_INTEGER, offsetof(NSSPKCS5PBEParameter, keyLength) }, michael@0: { SEC_ASN1_INLINE | SEC_ASN1_XTRN, michael@0: offsetof(NSSPKCS5PBEParameter, prfAlg), michael@0: SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, michael@0: { 0 } michael@0: }; michael@0: #endif michael@0: michael@0: SECStatus michael@0: nsspkcs5_HashBuf(const SECHashObject *hashObj, unsigned char *dest, michael@0: unsigned char *src, int len) michael@0: { michael@0: void *ctx; michael@0: unsigned int retLen; michael@0: michael@0: ctx = hashObj->create(); michael@0: if(ctx == NULL) { michael@0: return SECFailure; michael@0: } michael@0: hashObj->begin(ctx); michael@0: hashObj->update(ctx, src, len); michael@0: hashObj->end(ctx, dest, &retLen, hashObj->length); michael@0: hashObj->destroy(ctx, PR_TRUE); michael@0: return SECSuccess; michael@0: } michael@0: michael@0: /* generate bits using any hash michael@0: */ michael@0: static SECItem * michael@0: nsspkcs5_PBKDF1(const SECHashObject *hashObj, SECItem *salt, SECItem *pwd, michael@0: int iter, PRBool faulty3DES) michael@0: { michael@0: SECItem *hash = NULL, *pre_hash = NULL; michael@0: SECStatus rv = SECFailure; michael@0: michael@0: if((salt == NULL) || (pwd == NULL) || (iter < 0)) { michael@0: return NULL; michael@0: } michael@0: michael@0: hash = (SECItem *)PORT_ZAlloc(sizeof(SECItem)); michael@0: pre_hash = (SECItem *)PORT_ZAlloc(sizeof(SECItem)); michael@0: michael@0: if((hash != NULL) && (pre_hash != NULL)) { michael@0: int i, ph_len; michael@0: michael@0: ph_len = hashObj->length; michael@0: if((salt->len + pwd->len) > hashObj->length) { michael@0: ph_len = salt->len + pwd->len; michael@0: } michael@0: michael@0: rv = SECFailure; michael@0: michael@0: /* allocate buffers */ michael@0: hash->len = hashObj->length; michael@0: hash->data = (unsigned char *)PORT_ZAlloc(hash->len); michael@0: pre_hash->data = (unsigned char *)PORT_ZAlloc(ph_len); michael@0: michael@0: /* in pbeSHA1TripleDESCBC there was an allocation error that made michael@0: * it into the caller. We do not want to propagate those errors michael@0: * further, so we are doing it correctly, but reading the old method. michael@0: */ michael@0: if (faulty3DES) { michael@0: pre_hash->len = ph_len; michael@0: } else { michael@0: pre_hash->len = salt->len + pwd->len; michael@0: } michael@0: michael@0: /* preform hash */ michael@0: if ((hash->data != NULL) && (pre_hash->data != NULL)) { michael@0: rv = SECSuccess; michael@0: /* check for 0 length password */ michael@0: if(pwd->len > 0) { michael@0: PORT_Memcpy(pre_hash->data, pwd->data, pwd->len); michael@0: } michael@0: if(salt->len > 0) { michael@0: PORT_Memcpy((pre_hash->data+pwd->len), salt->data, salt->len); michael@0: } michael@0: for(i = 0; ((i < iter) && (rv == SECSuccess)); i++) { michael@0: rv = nsspkcs5_HashBuf(hashObj, hash->data, michael@0: pre_hash->data, pre_hash->len); michael@0: if(rv != SECFailure) { michael@0: pre_hash->len = hashObj->length; michael@0: PORT_Memcpy(pre_hash->data, hash->data, hashObj->length); michael@0: } michael@0: } michael@0: } michael@0: } michael@0: michael@0: if(pre_hash != NULL) { michael@0: SECITEM_FreeItem(pre_hash, PR_TRUE); michael@0: } michael@0: michael@0: if((rv != SECSuccess) && (hash != NULL)) { michael@0: SECITEM_FreeItem(hash, PR_TRUE); michael@0: hash = NULL; michael@0: } michael@0: michael@0: return hash; michael@0: } michael@0: michael@0: /* this bit generation routine is described in PKCS 12 and the proposed michael@0: * extensions to PKCS 5. an initial hash is generated following the michael@0: * instructions laid out in PKCS 5. If the number of bits generated is michael@0: * insufficient, then the method discussed in the proposed extensions to michael@0: * PKCS 5 in PKCS 12 are used. This extension makes use of the HMAC michael@0: * function. And the P_Hash function from the TLS standard. michael@0: */ michael@0: static SECItem * michael@0: nsspkcs5_PFXPBE(const SECHashObject *hashObj, NSSPKCS5PBEParameter *pbe_param, michael@0: SECItem *init_hash, unsigned int bytes_needed) michael@0: { michael@0: SECItem *ret_bits = NULL; michael@0: int hash_size = 0; michael@0: unsigned int i; michael@0: unsigned int hash_iter; michael@0: unsigned int dig_len; michael@0: SECStatus rv = SECFailure; michael@0: unsigned char *state = NULL; michael@0: unsigned int state_len; michael@0: HMACContext *cx = NULL; michael@0: michael@0: hash_size = hashObj->length; michael@0: hash_iter = (bytes_needed + (unsigned int)hash_size - 1) / hash_size; michael@0: michael@0: /* allocate return buffer */ michael@0: ret_bits = (SECItem *)PORT_ZAlloc(sizeof(SECItem)); michael@0: if(ret_bits == NULL) michael@0: return NULL; michael@0: ret_bits->data = (unsigned char *)PORT_ZAlloc((hash_iter * hash_size) + 1); michael@0: ret_bits->len = (hash_iter * hash_size); michael@0: if(ret_bits->data == NULL) { michael@0: PORT_Free(ret_bits); michael@0: return NULL; michael@0: } michael@0: michael@0: /* allocate intermediate hash buffer. 8 is for the 8 bytes of michael@0: * data which are added based on iteration number michael@0: */ michael@0: michael@0: if ((unsigned int)hash_size > pbe_param->salt.len) { michael@0: state_len = hash_size; michael@0: } else { michael@0: state_len = pbe_param->salt.len; michael@0: } michael@0: state = (unsigned char *)PORT_ZAlloc(state_len); michael@0: if(state == NULL) { michael@0: rv = SECFailure; michael@0: goto loser; michael@0: } michael@0: if(pbe_param->salt.len > 0) { michael@0: PORT_Memcpy(state, pbe_param->salt.data, pbe_param->salt.len); michael@0: } michael@0: michael@0: cx = HMAC_Create(hashObj, init_hash->data, init_hash->len, PR_TRUE); michael@0: if (cx == NULL) { michael@0: rv = SECFailure; michael@0: goto loser; michael@0: } michael@0: michael@0: for(i = 0; i < hash_iter; i++) { michael@0: michael@0: /* generate output bits */ michael@0: HMAC_Begin(cx); michael@0: HMAC_Update(cx, state, state_len); michael@0: HMAC_Update(cx, pbe_param->salt.data, pbe_param->salt.len); michael@0: rv = HMAC_Finish(cx, ret_bits->data + (i * hash_size), michael@0: &dig_len, hash_size); michael@0: if (rv != SECSuccess) michael@0: goto loser; michael@0: PORT_Assert((unsigned int)hash_size == dig_len); michael@0: michael@0: /* generate new state */ michael@0: HMAC_Begin(cx); michael@0: HMAC_Update(cx, state, state_len); michael@0: rv = HMAC_Finish(cx, state, &state_len, state_len); michael@0: if (rv != SECSuccess) michael@0: goto loser; michael@0: PORT_Assert(state_len == dig_len); michael@0: } michael@0: michael@0: loser: michael@0: if (state != NULL) michael@0: PORT_ZFree(state, state_len); michael@0: HMAC_Destroy(cx, PR_TRUE); michael@0: michael@0: if(rv != SECSuccess) { michael@0: SECITEM_ZfreeItem(ret_bits, PR_TRUE); michael@0: ret_bits = NULL; michael@0: } michael@0: michael@0: return ret_bits; michael@0: } michael@0: michael@0: /* generate bits for the key and iv determination. if enough bits michael@0: * are not generated using PKCS 5, then we need to generate more bits michael@0: * based on the extension proposed in PKCS 12 michael@0: */ michael@0: static SECItem * michael@0: nsspkcs5_PBKDF1Extended(const SECHashObject *hashObj, michael@0: NSSPKCS5PBEParameter *pbe_param, SECItem *pwitem, PRBool faulty3DES) michael@0: { michael@0: SECItem * hash = NULL; michael@0: SECItem * newHash = NULL; michael@0: int bytes_needed; michael@0: int bytes_available; michael@0: michael@0: bytes_needed = pbe_param->ivLen + pbe_param->keyLen; michael@0: bytes_available = hashObj->length; michael@0: michael@0: hash = nsspkcs5_PBKDF1(hashObj, &pbe_param->salt, pwitem, michael@0: pbe_param->iter, faulty3DES); michael@0: michael@0: if(hash == NULL) { michael@0: return NULL; michael@0: } michael@0: michael@0: if(bytes_needed <= bytes_available) { michael@0: return hash; michael@0: } michael@0: michael@0: newHash = nsspkcs5_PFXPBE(hashObj, pbe_param, hash, bytes_needed); michael@0: if (hash != newHash) michael@0: SECITEM_FreeItem(hash, PR_TRUE); michael@0: return newHash; michael@0: } michael@0: michael@0: #ifdef PBKDF2 michael@0: michael@0: /* michael@0: * PBDKDF2 is PKCS #5 v2.0 it's currently not used by NSS michael@0: */ michael@0: static void michael@0: do_xor(unsigned char *dest, unsigned char *src, int len) michael@0: { michael@0: /* use byt xor, not all platforms are happy about inaligned michael@0: * integer fetches */ michael@0: while (len--) { michael@0: *dest = *dest ^ *src; michael@0: dest++; michael@0: src++; michael@0: } michael@0: } michael@0: michael@0: static SECStatus michael@0: nsspkcs5_PBKFD2_F(const SECHashObject *hashobj, SECItem *pwitem, SECItem *salt, michael@0: int iterations, unsigned int i, unsigned char *T) michael@0: { michael@0: int j; michael@0: HMACContext *cx = NULL; michael@0: unsigned int hLen = hashobj->length; michael@0: SECStatus rv = SECFailure; michael@0: unsigned char *last = NULL; michael@0: unsigned int lastLength = salt->len + 4; michael@0: unsigned int lastBufLength; michael@0: michael@0: cx=HMAC_Create(hashobj,pwitem->data,pwitem->len,PR_FALSE); michael@0: if (cx == NULL) { michael@0: goto loser; michael@0: } michael@0: PORT_Memset(T,0,hLen); michael@0: lastBufLength = PR_MAX(lastLength, hLen); michael@0: last = PORT_Alloc(lastBufLength); michael@0: if (last == NULL) { michael@0: goto loser; michael@0: } michael@0: PORT_Memcpy(last,salt->data,salt->len); michael@0: last[salt->len ] = (i >> 24) & 0xff; michael@0: last[salt->len+1] = (i >> 16) & 0xff; michael@0: last[salt->len+2] = (i >> 8) & 0xff; michael@0: last[salt->len+3] = i & 0xff; michael@0: michael@0: /* NOTE: we need at least one iteration to return success! */ michael@0: for (j=0; j < iterations; j++) { michael@0: HMAC_Begin(cx); michael@0: HMAC_Update(cx,last,lastLength); michael@0: rv =HMAC_Finish(cx,last,&lastLength,hLen); michael@0: if (rv !=SECSuccess) { michael@0: break; michael@0: } michael@0: do_xor(T,last,hLen); michael@0: } michael@0: loser: michael@0: if (cx) { michael@0: HMAC_Destroy(cx, PR_TRUE); michael@0: } michael@0: if (last) { michael@0: PORT_ZFree(last,lastBufLength); michael@0: } michael@0: return rv; michael@0: } michael@0: michael@0: static SECItem * michael@0: nsspkcs5_PBKDF2(const SECHashObject *hashobj, NSSPKCS5PBEParameter *pbe_param, michael@0: SECItem *pwitem) michael@0: { michael@0: int iterations = pbe_param->iter; michael@0: int bytesNeeded = pbe_param->keyLen; michael@0: unsigned int dkLen = bytesNeeded; michael@0: unsigned int hLen = hashobj->length; michael@0: unsigned int nblocks = (dkLen+hLen-1) / hLen; michael@0: unsigned int i; michael@0: unsigned char *rp; michael@0: unsigned char *T = NULL; michael@0: SECItem *result = NULL; michael@0: SECItem *salt = &pbe_param->salt; michael@0: SECStatus rv = SECFailure; michael@0: michael@0: result = SECITEM_AllocItem(NULL,NULL,nblocks*hLen); michael@0: if (result == NULL) { michael@0: return NULL; michael@0: } michael@0: michael@0: T = PORT_Alloc(hLen); michael@0: if (T == NULL) { michael@0: goto loser; michael@0: } michael@0: michael@0: for (i=1,rp=result->data; i <= nblocks ; i++, rp +=hLen) { michael@0: rv = nsspkcs5_PBKFD2_F(hashobj,pwitem,salt,iterations,i,T); michael@0: if (rv != SECSuccess) { michael@0: break; michael@0: } michael@0: PORT_Memcpy(rp,T,hLen); michael@0: } michael@0: michael@0: loser: michael@0: if (T) { michael@0: PORT_ZFree(T,hLen); michael@0: } michael@0: if (rv != SECSuccess) { michael@0: SECITEM_FreeItem(result,PR_TRUE); michael@0: result = NULL; michael@0: } else { michael@0: result->len = dkLen; michael@0: } michael@0: michael@0: return result; michael@0: } michael@0: #endif michael@0: michael@0: #define HMAC_BUFFER 64 michael@0: #define NSSPBE_ROUNDUP(x,y) ((((x)+((y)-1))/(y))*(y)) michael@0: #define NSSPBE_MIN(x,y) ((x) < (y) ? (x) : (y)) michael@0: /* michael@0: * This is the extended PBE function defined by the final PKCS #12 spec. michael@0: */ michael@0: static SECItem * michael@0: nsspkcs5_PKCS12PBE(const SECHashObject *hashObject, michael@0: NSSPKCS5PBEParameter *pbe_param, SECItem *pwitem, michael@0: PBEBitGenID bitGenPurpose, unsigned int bytesNeeded) michael@0: { michael@0: PLArenaPool *arena = NULL; michael@0: unsigned int SLen,PLen; michael@0: unsigned int hashLength = hashObject->length; michael@0: unsigned char *S, *P; michael@0: SECItem *A = NULL, B, D, I; michael@0: SECItem *salt = &pbe_param->salt; michael@0: unsigned int c,i = 0; michael@0: unsigned int hashLen; michael@0: int iter; michael@0: unsigned char *iterBuf; michael@0: void *hash = NULL; michael@0: michael@0: arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); michael@0: if(!arena) { michael@0: return NULL; michael@0: } michael@0: michael@0: /* how many hash object lengths are needed */ michael@0: c = (bytesNeeded + (hashLength-1))/hashLength; michael@0: michael@0: /* initialize our buffers */ michael@0: D.len = HMAC_BUFFER; michael@0: /* B and D are the same length, use one alloc go get both */ michael@0: D.data = (unsigned char*)PORT_ArenaZAlloc(arena, D.len*2); michael@0: B.len = D.len; michael@0: B.data = D.data + D.len; michael@0: michael@0: /* if all goes well, A will be returned, so don't use our temp arena */ michael@0: A = SECITEM_AllocItem(NULL,NULL,c*hashLength); michael@0: if (A == NULL) { michael@0: goto loser; michael@0: } michael@0: michael@0: SLen = NSSPBE_ROUNDUP(salt->len,HMAC_BUFFER); michael@0: PLen = NSSPBE_ROUNDUP(pwitem->len,HMAC_BUFFER); michael@0: I.len = SLen+PLen; michael@0: I.data = (unsigned char*)PORT_ArenaZAlloc(arena, I.len); michael@0: if (I.data == NULL) { michael@0: goto loser; michael@0: } michael@0: michael@0: /* S & P are only used to initialize I */ michael@0: S = I.data; michael@0: P = S + SLen; michael@0: michael@0: PORT_Memset(D.data, (char)bitGenPurpose, D.len); michael@0: if (SLen) { michael@0: for (i=0; i < SLen; i += salt->len) { michael@0: PORT_Memcpy(S+i, salt->data, NSSPBE_MIN(SLen-i,salt->len)); michael@0: } michael@0: } michael@0: if (PLen) { michael@0: for (i=0; i < PLen; i += pwitem->len) { michael@0: PORT_Memcpy(P+i, pwitem->data, NSSPBE_MIN(PLen-i,pwitem->len)); michael@0: } michael@0: } michael@0: michael@0: iterBuf = (unsigned char*)PORT_ArenaZAlloc(arena,hashLength); michael@0: if (iterBuf == NULL) { michael@0: goto loser; michael@0: } michael@0: michael@0: hash = hashObject->create(); michael@0: if(!hash) { michael@0: goto loser; michael@0: } michael@0: /* calculate the PBE now */ michael@0: for(i = 0; i < c; i++) { michael@0: int Bidx; /* must be signed or the for loop won't terminate */ michael@0: unsigned int k, j; michael@0: unsigned char *Ai = A->data+i*hashLength; michael@0: michael@0: michael@0: for(iter = 0; iter < pbe_param->iter; iter++) { michael@0: hashObject->begin(hash); michael@0: michael@0: if (iter) { michael@0: hashObject->update(hash, iterBuf, hashLen); michael@0: } else { michael@0: hashObject->update(hash, D.data, D.len); michael@0: hashObject->update(hash, I.data, I.len); michael@0: } michael@0: michael@0: hashObject->end(hash, iterBuf, &hashLen, hashObject->length); michael@0: if(hashLen != hashObject->length) { michael@0: break; michael@0: } michael@0: } michael@0: michael@0: PORT_Memcpy(Ai, iterBuf, hashLength); michael@0: for (Bidx = 0; Bidx < B.len; Bidx += hashLength) { michael@0: PORT_Memcpy(B.data+Bidx,iterBuf,NSSPBE_MIN(B.len-Bidx,hashLength)); michael@0: } michael@0: michael@0: k = I.len/B.len; michael@0: for(j = 0; j < k; j++) { michael@0: unsigned int q, carryBit; michael@0: unsigned char *Ij = I.data + j*B.len; michael@0: michael@0: /* (Ij = Ij+B+1) */ michael@0: for (Bidx = (B.len-1), q=1, carryBit=0; Bidx >= 0; Bidx--,q=0) { michael@0: q += (unsigned int)Ij[Bidx]; michael@0: q += (unsigned int)B.data[Bidx]; michael@0: q += carryBit; michael@0: michael@0: carryBit = (q > 0xff); michael@0: Ij[Bidx] = (unsigned char)(q & 0xff); michael@0: } michael@0: } michael@0: } michael@0: loser: michael@0: if (hash) { michael@0: hashObject->destroy(hash, PR_TRUE); michael@0: } michael@0: if(arena) { michael@0: PORT_FreeArena(arena, PR_TRUE); michael@0: } michael@0: michael@0: if (A) { michael@0: /* if i != c, then we didn't complete the loop above and must of failed michael@0: * somwhere along the way */ michael@0: if (i != c) { michael@0: SECITEM_ZfreeItem(A,PR_TRUE); michael@0: A = NULL; michael@0: } else { michael@0: A->len = bytesNeeded; michael@0: } michael@0: } michael@0: michael@0: return A; michael@0: } michael@0: michael@0: /* michael@0: * generate key as per PKCS 5 michael@0: */ michael@0: SECItem * michael@0: nsspkcs5_ComputeKeyAndIV(NSSPKCS5PBEParameter *pbe_param, SECItem *pwitem, michael@0: SECItem *iv, PRBool faulty3DES) michael@0: { michael@0: SECItem *hash = NULL, *key = NULL; michael@0: const SECHashObject *hashObj; michael@0: PRBool getIV = PR_FALSE; michael@0: michael@0: if((pbe_param == NULL) || (pwitem == NULL)) { michael@0: return NULL; michael@0: } michael@0: michael@0: key = SECITEM_AllocItem(NULL,NULL,pbe_param->keyLen); michael@0: if (key == NULL) { michael@0: return NULL; michael@0: } michael@0: michael@0: if (iv && (pbe_param->ivLen) && (iv->data == NULL)) { michael@0: getIV = PR_TRUE; michael@0: iv->data = (unsigned char *)PORT_Alloc(pbe_param->ivLen); michael@0: if (iv->data == NULL) { michael@0: goto loser; michael@0: } michael@0: iv->len = pbe_param->ivLen; michael@0: } michael@0: michael@0: hashObj = HASH_GetRawHashObject(pbe_param->hashType); michael@0: switch (pbe_param->pbeType) { michael@0: case NSSPKCS5_PBKDF1: michael@0: hash = nsspkcs5_PBKDF1Extended(hashObj,pbe_param,pwitem,faulty3DES); michael@0: if (hash == NULL) { michael@0: goto loser; michael@0: } michael@0: PORT_Assert(hash->len >= key->len+(getIV ? iv->len : 0)); michael@0: if (getIV) { michael@0: PORT_Memcpy(iv->data, hash->data+(hash->len - iv->len),iv->len); michael@0: } michael@0: michael@0: break; michael@0: #ifdef PBKDF2 michael@0: case NSSPKCS5_PBKDF2: michael@0: hash = nsspkcs5_PBKDF2(hashObj,pbe_param,pwitem); michael@0: if (getIV) { michael@0: PORT_Memcpy(iv->data, pbe_param->ivData, iv->len); michael@0: } michael@0: break; michael@0: #endif michael@0: case NSSPKCS5_PKCS12_V2: michael@0: if (getIV) { michael@0: hash = nsspkcs5_PKCS12PBE(hashObj,pbe_param,pwitem, michael@0: pbeBitGenCipherIV,iv->len); michael@0: if (hash == NULL) { michael@0: goto loser; michael@0: } michael@0: PORT_Memcpy(iv->data,hash->data,iv->len); michael@0: SECITEM_ZfreeItem(hash,PR_TRUE); michael@0: hash = NULL; michael@0: } michael@0: hash = nsspkcs5_PKCS12PBE(hashObj,pbe_param,pwitem, michael@0: pbe_param->keyID,key->len); michael@0: default: michael@0: break; michael@0: } michael@0: michael@0: if (hash == NULL) { michael@0: goto loser; michael@0: } michael@0: michael@0: if (pbe_param->is2KeyDES) { michael@0: PORT_Memcpy(key->data, hash->data, (key->len * 2) / 3); michael@0: PORT_Memcpy(&(key->data[(key->len * 2) / 3]), key->data, michael@0: key->len / 3); michael@0: } else { michael@0: PORT_Memcpy(key->data, hash->data, key->len); michael@0: } michael@0: michael@0: SECITEM_ZfreeItem(hash, PR_TRUE); michael@0: return key; michael@0: michael@0: loser: michael@0: if (getIV && iv->data) { michael@0: PORT_ZFree(iv->data,iv->len); michael@0: iv->data = NULL; michael@0: } michael@0: michael@0: SECITEM_ZfreeItem(key, PR_TRUE); michael@0: return NULL; michael@0: } michael@0: michael@0: static SECStatus michael@0: nsspkcs5_FillInParam(SECOidTag algorithm, NSSPKCS5PBEParameter *pbe_param) michael@0: { michael@0: PRBool skipType = PR_FALSE; michael@0: michael@0: pbe_param->keyLen = 5; michael@0: pbe_param->ivLen = 8; michael@0: pbe_param->hashType = HASH_AlgSHA1; michael@0: pbe_param->pbeType = NSSPKCS5_PBKDF1; michael@0: pbe_param->encAlg = SEC_OID_RC2_CBC; michael@0: pbe_param->is2KeyDES = PR_FALSE; michael@0: switch(algorithm) { michael@0: /* DES3 Algorithms */ michael@0: case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_2KEY_TRIPLE_DES_CBC: michael@0: pbe_param->is2KeyDES = PR_TRUE; michael@0: /* fall through */ michael@0: case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC: michael@0: pbe_param->pbeType = NSSPKCS5_PKCS12_V2; michael@0: /* fall through */ michael@0: case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC: michael@0: pbe_param->keyLen = 24; michael@0: pbe_param->encAlg = SEC_OID_DES_EDE3_CBC; michael@0: break; michael@0: michael@0: /* DES Algorithms */ michael@0: case SEC_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC: michael@0: pbe_param->hashType = HASH_AlgMD2; michael@0: goto finish_des; michael@0: case SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC: michael@0: pbe_param->hashType = HASH_AlgMD5; michael@0: /* fall through */ michael@0: case SEC_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC: michael@0: finish_des: michael@0: pbe_param->keyLen = 8; michael@0: pbe_param->encAlg = SEC_OID_DES_CBC; michael@0: break; michael@0: michael@0: /* RC2 Algorithms */ michael@0: case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC: michael@0: pbe_param->keyLen = 16; michael@0: /* fall through */ michael@0: case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC: michael@0: pbe_param->pbeType = NSSPKCS5_PKCS12_V2; michael@0: break; michael@0: case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC: michael@0: pbe_param->keyLen = 16; michael@0: /* fall through */ michael@0: case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC: michael@0: break; michael@0: michael@0: /* RC4 algorithms */ michael@0: case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC4: michael@0: skipType = PR_TRUE; michael@0: /* fall through */ michael@0: case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC4: michael@0: pbe_param->keyLen = 16; michael@0: /* fall through */ michael@0: case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4: michael@0: if (!skipType) { michael@0: pbe_param->pbeType = NSSPKCS5_PKCS12_V2; michael@0: } michael@0: /* fall through */ michael@0: case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC4: michael@0: pbe_param->ivLen = 0; michael@0: pbe_param->encAlg = SEC_OID_RC4; michael@0: break; michael@0: michael@0: #ifdef PBKDF2 michael@0: case SEC_OID_PKCS5_PBKDF2: michael@0: case SEC_OID_PKCS5_PBES2: michael@0: case SEC_OID_PKCS5_PBMAC1: michael@0: /* everything else will be filled in by the template */ michael@0: pbe_param->ivLen = 0; michael@0: pbe_param->pbeType = NSSPKCS5_PBKDF2; michael@0: pbe_param->encAlg = SEC_OID_PKCS5_PBKDF2; michael@0: pbe_param->keyLen = 0; /* needs to be set by caller after return */ michael@0: break; michael@0: #endif michael@0: michael@0: default: michael@0: return SECFailure; michael@0: } michael@0: michael@0: return SECSuccess; michael@0: } michael@0: michael@0: /* decode the algid and generate a PKCS 5 parameter from it michael@0: */ michael@0: NSSPKCS5PBEParameter * michael@0: nsspkcs5_NewParam(SECOidTag alg, SECItem *salt, int iterator) michael@0: { michael@0: PLArenaPool *arena = NULL; michael@0: NSSPKCS5PBEParameter *pbe_param = NULL; michael@0: SECStatus rv = SECFailure; michael@0: michael@0: arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE); michael@0: if (arena == NULL) michael@0: return NULL; michael@0: michael@0: /* allocate memory for the parameter */ michael@0: pbe_param = (NSSPKCS5PBEParameter *)PORT_ArenaZAlloc(arena, michael@0: sizeof(NSSPKCS5PBEParameter)); michael@0: michael@0: if (pbe_param == NULL) { michael@0: goto loser; michael@0: } michael@0: michael@0: pbe_param->poolp = arena; michael@0: michael@0: rv = nsspkcs5_FillInParam(alg, pbe_param); michael@0: if (rv != SECSuccess) { michael@0: goto loser; michael@0: } michael@0: michael@0: pbe_param->iter = iterator; michael@0: if (salt) { michael@0: rv = SECITEM_CopyItem(arena,&pbe_param->salt,salt); michael@0: } michael@0: michael@0: /* default key gen */ michael@0: pbe_param->keyID = pbeBitGenCipherKey; michael@0: michael@0: loser: michael@0: if (rv != SECSuccess) { michael@0: PORT_FreeArena(arena, PR_TRUE); michael@0: pbe_param = NULL; michael@0: } michael@0: michael@0: return pbe_param; michael@0: } michael@0: michael@0: /* michael@0: * find the hash type needed to implement a specific HMAC. michael@0: * OID definitions are from pkcs 5 v2.0 and 2.1 michael@0: */ michael@0: HASH_HashType michael@0: HASH_FromHMACOid(SECOidTag hmac) michael@0: { michael@0: switch (hmac) { michael@0: case SEC_OID_HMAC_SHA1: michael@0: return HASH_AlgSHA1; michael@0: case SEC_OID_HMAC_SHA256: michael@0: return HASH_AlgSHA256; michael@0: case SEC_OID_HMAC_SHA384: michael@0: return HASH_AlgSHA384; michael@0: case SEC_OID_HMAC_SHA512: michael@0: return HASH_AlgSHA512; michael@0: case SEC_OID_HMAC_SHA224: michael@0: default: michael@0: break; michael@0: } michael@0: return HASH_AlgNULL; michael@0: } michael@0: michael@0: /* decode the algid and generate a PKCS 5 parameter from it michael@0: */ michael@0: NSSPKCS5PBEParameter * michael@0: nsspkcs5_AlgidToParam(SECAlgorithmID *algid) michael@0: { michael@0: NSSPKCS5PBEParameter *pbe_param = NULL; michael@0: nsspkcs5V2PBEParameter pbev2_param; michael@0: SECOidTag algorithm; michael@0: SECStatus rv = SECFailure; michael@0: michael@0: if (algid == NULL) { michael@0: return NULL; michael@0: } michael@0: michael@0: algorithm = SECOID_GetAlgorithmTag(algid); michael@0: if (algorithm == SEC_OID_UNKNOWN) { michael@0: goto loser; michael@0: } michael@0: michael@0: pbe_param = nsspkcs5_NewParam(algorithm, NULL, 1); michael@0: if (pbe_param == NULL) { michael@0: goto loser; michael@0: } michael@0: michael@0: /* decode parameter */ michael@0: rv = SECFailure; michael@0: switch (pbe_param->pbeType) { michael@0: case NSSPKCS5_PBKDF1: michael@0: rv = SEC_ASN1DecodeItem(pbe_param->poolp, pbe_param, michael@0: NSSPKCS5PBEParameterTemplate, &algid->parameters); michael@0: break; michael@0: case NSSPKCS5_PKCS12_V2: michael@0: rv = SEC_ASN1DecodeItem(pbe_param->poolp, pbe_param, michael@0: NSSPKCS5PKCS12V2PBEParameterTemplate, &algid->parameters); michael@0: break; michael@0: #ifdef PBKDF2 michael@0: case NSSPKCS5_PBKDF2: michael@0: PORT_Memset(&pbev2_param,0, sizeof(pbev2_param)); michael@0: /* just the PBE */ michael@0: if (algorithm == SEC_OID_PKCS5_PBKDF2) { michael@0: rv = SEC_ASN1DecodeItem(pbe_param->poolp, pbe_param, michael@0: NSSPKCS5V2PBEParameterTemplate, &algid->parameters); michael@0: } else { michael@0: /* PBE data an others */ michael@0: rv = SEC_ASN1DecodeItem(pbe_param->poolp, &pbev2_param, michael@0: NSSPKCS5V2PBES2ParameterTemplate, &algid->parameters); michael@0: if (rv != SECSuccess) { michael@0: break; michael@0: } michael@0: pbe_param->encAlg = SECOID_GetAlgorithmTag(&pbev2_param.algParams); michael@0: rv = SEC_ASN1DecodeItem(pbe_param->poolp, pbe_param, michael@0: NSSPKCS5V2PBEParameterTemplate, michael@0: &pbev2_param.keyParams.parameters); michael@0: if (rv != SECSuccess) { michael@0: break; michael@0: } michael@0: pbe_param->keyLen = DER_GetInteger(&pbe_param->keyLength); michael@0: } michael@0: /* we we are encrypting, save any iv's */ michael@0: if (algorithm == SEC_OID_PKCS5_PBES2) { michael@0: pbe_param->ivLen = pbev2_param.algParams.parameters.len; michael@0: pbe_param->ivData = pbev2_param.algParams.parameters.data; michael@0: } michael@0: pbe_param->hashType = michael@0: HASH_FromHMACOid(SECOID_GetAlgorithmTag(&pbe_param->prfAlg)); michael@0: if (pbe_param->hashType == HASH_AlgNULL) { michael@0: PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); michael@0: rv = SECFailure; michael@0: } michael@0: break; michael@0: #endif michael@0: } michael@0: michael@0: loser: michael@0: if (rv == SECSuccess) { michael@0: pbe_param->iter = DER_GetInteger(&pbe_param->iteration); michael@0: } else { michael@0: nsspkcs5_DestroyPBEParameter(pbe_param); michael@0: pbe_param = NULL; michael@0: } michael@0: michael@0: return pbe_param; michael@0: } michael@0: michael@0: /* destroy a pbe parameter. it assumes that the parameter was michael@0: * generated using the appropriate create function and therefor michael@0: * contains an arena pool. michael@0: */ michael@0: void michael@0: nsspkcs5_DestroyPBEParameter(NSSPKCS5PBEParameter *pbe_param) michael@0: { michael@0: if (pbe_param != NULL) { michael@0: PORT_FreeArena(pbe_param->poolp, PR_FALSE); michael@0: } michael@0: } michael@0: michael@0: michael@0: /* crypto routines */ michael@0: /* perform DES encryption and decryption. these routines are called michael@0: * by nsspkcs5_CipherData. In the case of an error, NULL is returned. michael@0: */ michael@0: static SECItem * michael@0: sec_pkcs5_des(SECItem *key, SECItem *iv, SECItem *src, PRBool triple_des, michael@0: PRBool encrypt) michael@0: { michael@0: SECItem *dest; michael@0: SECItem *dup_src; michael@0: SECStatus rv = SECFailure; michael@0: int pad; michael@0: michael@0: if((src == NULL) || (key == NULL) || (iv == NULL)) michael@0: return NULL; michael@0: michael@0: dup_src = SECITEM_DupItem(src); michael@0: if(dup_src == NULL) { michael@0: return NULL; michael@0: } michael@0: michael@0: if(encrypt != PR_FALSE) { michael@0: void *dummy; michael@0: michael@0: dummy = CBC_PadBuffer(NULL, dup_src->data, michael@0: dup_src->len, &dup_src->len, 8 /* DES_BLOCK_SIZE */); michael@0: if(dummy == NULL) { michael@0: SECITEM_FreeItem(dup_src, PR_TRUE); michael@0: return NULL; michael@0: } michael@0: dup_src->data = (unsigned char*)dummy; michael@0: } michael@0: michael@0: dest = (SECItem *)PORT_ZAlloc(sizeof(SECItem)); michael@0: if(dest != NULL) { michael@0: /* allocate with over flow */ michael@0: dest->data = (unsigned char *)PORT_ZAlloc(dup_src->len + 64); michael@0: if(dest->data != NULL) { michael@0: DESContext *ctxt; michael@0: ctxt = DES_CreateContext(key->data, iv->data, michael@0: (triple_des ? NSS_DES_EDE3_CBC : NSS_DES_CBC), michael@0: encrypt); michael@0: michael@0: if(ctxt != NULL) { michael@0: rv = (encrypt ? DES_Encrypt : DES_Decrypt)( michael@0: ctxt, dest->data, &dest->len, michael@0: dup_src->len + 64, dup_src->data, dup_src->len); michael@0: michael@0: /* remove padding -- assumes 64 bit blocks */ michael@0: if((encrypt == PR_FALSE) && (rv == SECSuccess)) { michael@0: pad = dest->data[dest->len-1]; michael@0: if((pad > 0) && (pad <= 8)) { michael@0: if(dest->data[dest->len-pad] != pad) { michael@0: rv = SECFailure; michael@0: PORT_SetError(SEC_ERROR_BAD_PASSWORD); michael@0: } else { michael@0: dest->len -= pad; michael@0: } michael@0: } else { michael@0: rv = SECFailure; michael@0: PORT_SetError(SEC_ERROR_BAD_PASSWORD); michael@0: } michael@0: } michael@0: DES_DestroyContext(ctxt, PR_TRUE); michael@0: } michael@0: } michael@0: } michael@0: michael@0: if(rv == SECFailure) { michael@0: if(dest != NULL) { michael@0: SECITEM_FreeItem(dest, PR_TRUE); michael@0: } michael@0: dest = NULL; michael@0: } michael@0: michael@0: if(dup_src != NULL) { michael@0: SECITEM_FreeItem(dup_src, PR_TRUE); michael@0: } michael@0: michael@0: return dest; michael@0: } michael@0: michael@0: /* perform aes encryption/decryption if an error occurs, NULL is returned michael@0: */ michael@0: static SECItem * michael@0: sec_pkcs5_aes(SECItem *key, SECItem *iv, SECItem *src, PRBool triple_des, michael@0: PRBool encrypt) michael@0: { michael@0: SECItem *dest; michael@0: SECItem *dup_src; michael@0: SECStatus rv = SECFailure; michael@0: int pad; michael@0: michael@0: if((src == NULL) || (key == NULL) || (iv == NULL)) michael@0: return NULL; michael@0: michael@0: dup_src = SECITEM_DupItem(src); michael@0: if(dup_src == NULL) { michael@0: return NULL; michael@0: } michael@0: michael@0: if(encrypt != PR_FALSE) { michael@0: void *dummy; michael@0: michael@0: dummy = CBC_PadBuffer(NULL, dup_src->data, michael@0: dup_src->len, &dup_src->len,AES_BLOCK_SIZE); michael@0: if(dummy == NULL) { michael@0: SECITEM_FreeItem(dup_src, PR_TRUE); michael@0: return NULL; michael@0: } michael@0: dup_src->data = (unsigned char*)dummy; michael@0: } michael@0: michael@0: dest = (SECItem *)PORT_ZAlloc(sizeof(SECItem)); michael@0: if(dest != NULL) { michael@0: /* allocate with over flow */ michael@0: dest->data = (unsigned char *)PORT_ZAlloc(dup_src->len + 64); michael@0: if(dest->data != NULL) { michael@0: AESContext *ctxt; michael@0: ctxt = AES_CreateContext(key->data, iv->data, michael@0: NSS_AES_CBC, encrypt, key->len, 16); michael@0: michael@0: if(ctxt != NULL) { michael@0: rv = (encrypt ? AES_Encrypt : AES_Decrypt)( michael@0: ctxt, dest->data, &dest->len, michael@0: dup_src->len + 64, dup_src->data, dup_src->len); michael@0: michael@0: /* remove padding -- assumes 64 bit blocks */ michael@0: if((encrypt == PR_FALSE) && (rv == SECSuccess)) { michael@0: pad = dest->data[dest->len-1]; michael@0: if((pad > 0) && (pad <= 16)) { michael@0: if(dest->data[dest->len-pad] != pad) { michael@0: rv = SECFailure; michael@0: PORT_SetError(SEC_ERROR_BAD_PASSWORD); michael@0: } else { michael@0: dest->len -= pad; michael@0: } michael@0: } else { michael@0: rv = SECFailure; michael@0: PORT_SetError(SEC_ERROR_BAD_PASSWORD); michael@0: } michael@0: } michael@0: AES_DestroyContext(ctxt, PR_TRUE); michael@0: } michael@0: } michael@0: } michael@0: michael@0: if(rv == SECFailure) { michael@0: if(dest != NULL) { michael@0: SECITEM_FreeItem(dest, PR_TRUE); michael@0: } michael@0: dest = NULL; michael@0: } michael@0: michael@0: if(dup_src != NULL) { michael@0: SECITEM_FreeItem(dup_src, PR_TRUE); michael@0: } michael@0: michael@0: return dest; michael@0: } michael@0: michael@0: /* perform rc2 encryption/decryption if an error occurs, NULL is returned michael@0: */ michael@0: static SECItem * michael@0: sec_pkcs5_rc2(SECItem *key, SECItem *iv, SECItem *src, PRBool dummy, michael@0: PRBool encrypt) michael@0: { michael@0: SECItem *dest; michael@0: SECItem *dup_src; michael@0: SECStatus rv = SECFailure; michael@0: int pad; michael@0: michael@0: if((src == NULL) || (key == NULL) || (iv == NULL)) { michael@0: return NULL; michael@0: } michael@0: michael@0: dup_src = SECITEM_DupItem(src); michael@0: if(dup_src == NULL) { michael@0: return NULL; michael@0: } michael@0: michael@0: if(encrypt != PR_FALSE) { michael@0: void *dummy; michael@0: michael@0: dummy = CBC_PadBuffer(NULL, dup_src->data, michael@0: dup_src->len, &dup_src->len, 8 /* RC2_BLOCK_SIZE */); michael@0: if(dummy == NULL) { michael@0: SECITEM_FreeItem(dup_src, PR_TRUE); michael@0: return NULL; michael@0: } michael@0: dup_src->data = (unsigned char*)dummy; michael@0: } michael@0: michael@0: dest = (SECItem *)PORT_ZAlloc(sizeof(SECItem)); michael@0: if(dest != NULL) { michael@0: dest->data = (unsigned char *)PORT_ZAlloc(dup_src->len + 64); michael@0: if(dest->data != NULL) { michael@0: RC2Context *ctxt; michael@0: michael@0: ctxt = RC2_CreateContext(key->data, key->len, iv->data, michael@0: NSS_RC2_CBC, key->len); michael@0: michael@0: if(ctxt != NULL) { michael@0: rv = (encrypt ? RC2_Encrypt: RC2_Decrypt)( michael@0: ctxt, dest->data, &dest->len, michael@0: dup_src->len + 64, dup_src->data, dup_src->len); michael@0: michael@0: /* assumes 8 byte blocks -- remove padding */ michael@0: if((rv == SECSuccess) && (encrypt != PR_TRUE)) { michael@0: pad = dest->data[dest->len-1]; michael@0: if((pad > 0) && (pad <= 8)) { michael@0: if(dest->data[dest->len-pad] != pad) { michael@0: PORT_SetError(SEC_ERROR_BAD_PASSWORD); michael@0: rv = SECFailure; michael@0: } else { michael@0: dest->len -= pad; michael@0: } michael@0: } else { michael@0: PORT_SetError(SEC_ERROR_BAD_PASSWORD); michael@0: rv = SECFailure; michael@0: } michael@0: } michael@0: michael@0: } michael@0: } michael@0: } michael@0: michael@0: if((rv != SECSuccess) && (dest != NULL)) { michael@0: SECITEM_FreeItem(dest, PR_TRUE); michael@0: dest = NULL; michael@0: } michael@0: michael@0: if(dup_src != NULL) { michael@0: SECITEM_FreeItem(dup_src, PR_TRUE); michael@0: } michael@0: michael@0: return dest; michael@0: } michael@0: michael@0: /* perform rc4 encryption and decryption */ michael@0: static SECItem * michael@0: sec_pkcs5_rc4(SECItem *key, SECItem *iv, SECItem *src, PRBool dummy_op, michael@0: PRBool encrypt) michael@0: { michael@0: SECItem *dest; michael@0: SECStatus rv = SECFailure; michael@0: michael@0: if((src == NULL) || (key == NULL) || (iv == NULL)) { michael@0: return NULL; michael@0: } michael@0: michael@0: dest = (SECItem *)PORT_ZAlloc(sizeof(SECItem)); michael@0: if(dest != NULL) { michael@0: dest->data = (unsigned char *)PORT_ZAlloc(sizeof(unsigned char) * michael@0: (src->len + 64)); michael@0: if(dest->data != NULL) { michael@0: RC4Context *ctxt; michael@0: michael@0: ctxt = RC4_CreateContext(key->data, key->len); michael@0: if(ctxt) { michael@0: rv = (encrypt ? RC4_Encrypt : RC4_Decrypt)( michael@0: ctxt, dest->data, &dest->len, michael@0: src->len + 64, src->data, src->len); michael@0: RC4_DestroyContext(ctxt, PR_TRUE); michael@0: } michael@0: } michael@0: } michael@0: michael@0: if((rv != SECSuccess) && (dest)) { michael@0: SECITEM_FreeItem(dest, PR_TRUE); michael@0: dest = NULL; michael@0: } michael@0: michael@0: return dest; michael@0: } michael@0: /* function pointer template for crypto functions */ michael@0: typedef SECItem *(* pkcs5_crypto_func)(SECItem *key, SECItem *iv, michael@0: SECItem *src, PRBool op1, PRBool op2); michael@0: michael@0: /* performs the cipher operation on the src and returns the result. michael@0: * if an error occurs, NULL is returned. michael@0: * michael@0: * a null length password is allowed. this corresponds to encrypting michael@0: * the data with ust the salt. michael@0: */ michael@0: /* change this to use PKCS 11? */ michael@0: SECItem * michael@0: nsspkcs5_CipherData(NSSPKCS5PBEParameter *pbe_param, SECItem *pwitem, michael@0: SECItem *src, PRBool encrypt, PRBool *update) michael@0: { michael@0: SECItem *key = NULL, iv; michael@0: SECItem *dest = NULL; michael@0: PRBool tripleDES = PR_TRUE; michael@0: pkcs5_crypto_func cryptof; michael@0: michael@0: iv.data = NULL; michael@0: michael@0: if (update) { michael@0: *update = PR_FALSE; michael@0: } michael@0: michael@0: if ((pwitem == NULL) || (src == NULL)) { michael@0: return NULL; michael@0: } michael@0: michael@0: /* get key, and iv */ michael@0: key = nsspkcs5_ComputeKeyAndIV(pbe_param, pwitem, &iv, PR_FALSE); michael@0: if(key == NULL) { michael@0: return NULL; michael@0: } michael@0: michael@0: switch(pbe_param->encAlg) { michael@0: /* PKCS 5 v2 only */ michael@0: case SEC_OID_AES_128_CBC: michael@0: case SEC_OID_AES_192_CBC: michael@0: case SEC_OID_AES_256_CBC: michael@0: cryptof = sec_pkcs5_aes; michael@0: break; michael@0: case SEC_OID_DES_EDE3_CBC: michael@0: cryptof = sec_pkcs5_des; michael@0: tripleDES = PR_TRUE; michael@0: break; michael@0: case SEC_OID_DES_CBC: michael@0: cryptof = sec_pkcs5_des; michael@0: tripleDES = PR_FALSE; michael@0: break; michael@0: case SEC_OID_RC2_CBC: michael@0: cryptof = sec_pkcs5_rc2; michael@0: break; michael@0: case SEC_OID_RC4: michael@0: cryptof = sec_pkcs5_rc4; michael@0: break; michael@0: default: michael@0: cryptof = NULL; michael@0: break; michael@0: } michael@0: michael@0: if (cryptof == NULL) { michael@0: goto loser; michael@0: } michael@0: michael@0: dest = (*cryptof)(key, &iv, src, tripleDES, encrypt); michael@0: /* michael@0: * it's possible for some keys and keydb's to claim to michael@0: * be triple des when they're really des. In this case michael@0: * we simply try des. If des works we set the update flag michael@0: * so the key db knows it needs to update all it's entries. michael@0: * The case can only happen on decrypted of a michael@0: * SEC_OID_DES_EDE3_CBD. michael@0: */ michael@0: if ((dest == NULL) && (encrypt == PR_FALSE) && michael@0: (pbe_param->encAlg == SEC_OID_DES_EDE3_CBC)) { michael@0: dest = (*cryptof)(key, &iv, src, PR_FALSE, encrypt); michael@0: if (update && (dest != NULL)) *update = PR_TRUE; michael@0: } michael@0: michael@0: loser: michael@0: if (key != NULL) { michael@0: SECITEM_ZfreeItem(key, PR_TRUE); michael@0: } michael@0: if (iv.data != NULL) { michael@0: SECITEM_ZfreeItem(&iv, PR_FALSE); michael@0: } michael@0: michael@0: return dest; michael@0: } michael@0: michael@0: /* creates a algorithm ID containing the PBE algorithm and appropriate michael@0: * parameters. the required parameter is the algorithm. if salt is michael@0: * not specified, it is generated randomly. if IV is specified, it overrides michael@0: * the PKCS 5 generation of the IV. michael@0: * michael@0: * the returned SECAlgorithmID should be destroyed using michael@0: * SECOID_DestroyAlgorithmID michael@0: */ michael@0: SECAlgorithmID * michael@0: nsspkcs5_CreateAlgorithmID(PLArenaPool *arena, SECOidTag algorithm, michael@0: NSSPKCS5PBEParameter *pbe_param) michael@0: { michael@0: SECAlgorithmID *algid, *ret_algid = NULL; michael@0: SECItem der_param; michael@0: nsspkcs5V2PBEParameter pkcs5v2_param; michael@0: michael@0: SECStatus rv = SECFailure; michael@0: void *dummy = NULL; michael@0: michael@0: if (arena == NULL) { michael@0: return NULL; michael@0: } michael@0: michael@0: der_param.data = NULL; michael@0: der_param.len = 0; michael@0: michael@0: /* generate the algorithm id */ michael@0: algid = (SECAlgorithmID *)PORT_ArenaZAlloc(arena, sizeof(SECAlgorithmID)); michael@0: if (algid == NULL) { michael@0: goto loser; michael@0: } michael@0: michael@0: if (pbe_param->iteration.data == NULL) { michael@0: dummy = SEC_ASN1EncodeInteger(pbe_param->poolp,&pbe_param->iteration, michael@0: pbe_param->iter); michael@0: if (dummy == NULL) { michael@0: goto loser; michael@0: } michael@0: } michael@0: switch (pbe_param->pbeType) { michael@0: case NSSPKCS5_PBKDF1: michael@0: dummy = SEC_ASN1EncodeItem(arena, &der_param, pbe_param, michael@0: NSSPKCS5PBEParameterTemplate); michael@0: break; michael@0: case NSSPKCS5_PKCS12_V2: michael@0: dummy = SEC_ASN1EncodeItem(arena, &der_param, pbe_param, michael@0: NSSPKCS5PKCS12V2PBEParameterTemplate); michael@0: break; michael@0: #ifdef PBKDF2 michael@0: case NSSPKCS5_PBKDF2: michael@0: if (pbe_param->keyLength.data == NULL) { michael@0: dummy = SEC_ASN1EncodeInteger(pbe_param->poolp, michael@0: &pbe_param->keyLength, pbe_param->keyLen); michael@0: if (dummy == NULL) { michael@0: goto loser; michael@0: } michael@0: } michael@0: PORT_Memset(&pkcs5v2_param, 0, sizeof(pkcs5v2_param)); michael@0: dummy = SEC_ASN1EncodeItem(arena, &der_param, pbe_param, michael@0: NSSPKCS5V2PBEParameterTemplate); michael@0: if (dummy == NULL) { michael@0: break; michael@0: } michael@0: dummy = NULL; michael@0: rv = SECOID_SetAlgorithmID(arena, &pkcs5v2_param.keyParams, michael@0: SEC_OID_PKCS5_PBKDF2, &der_param); michael@0: if (rv != SECSuccess) { michael@0: break; michael@0: } michael@0: der_param.data = pbe_param->ivData; michael@0: der_param.len = pbe_param->ivLen; michael@0: rv = SECOID_SetAlgorithmID(arena, &pkcs5v2_param.algParams, michael@0: pbe_param->encAlg, pbe_param->ivLen ? &der_param : NULL); michael@0: if (rv != SECSuccess) { michael@0: break; michael@0: } michael@0: dummy = SEC_ASN1EncodeItem(arena, &der_param, &pkcs5v2_param, michael@0: NSSPKCS5V2PBES2ParameterTemplate); michael@0: break; michael@0: #endif michael@0: default: michael@0: break; michael@0: } michael@0: michael@0: if (dummy == NULL) { michael@0: goto loser; michael@0: } michael@0: michael@0: rv = SECOID_SetAlgorithmID(arena, algid, algorithm, &der_param); michael@0: if (rv != SECSuccess) { michael@0: goto loser; michael@0: } michael@0: michael@0: ret_algid = (SECAlgorithmID *)PORT_ZAlloc(sizeof(SECAlgorithmID)); michael@0: if (ret_algid == NULL) { michael@0: goto loser; michael@0: } michael@0: michael@0: rv = SECOID_CopyAlgorithmID(NULL, ret_algid, algid); michael@0: if (rv != SECSuccess) { michael@0: SECOID_DestroyAlgorithmID(ret_algid, PR_TRUE); michael@0: ret_algid = NULL; michael@0: } michael@0: michael@0: loser: michael@0: michael@0: return ret_algid; michael@0: }