andre@0: /* This Source Code Form is subject to the terms of the Mozilla Public andre@0: * License, v. 2.0. If a copy of the MPL was not distributed with this andre@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ andre@0: andre@0: #include "plarena.h" andre@0: andre@0: #include "seccomon.h" andre@0: #include "secitem.h" andre@0: #include "secport.h" andre@0: #include "hasht.h" andre@0: #include "pkcs11t.h" andre@0: #include "sechash.h" andre@0: #include "secasn1.h" andre@0: #include "secder.h" andre@0: #include "secoid.h" andre@0: #include "secerr.h" andre@0: #include "secmod.h" andre@0: #include "pk11func.h" andre@0: #include "secpkcs5.h" andre@0: #include "secmodi.h" andre@0: #include "secmodti.h" andre@0: #include "pkcs11.h" andre@0: #include "pk11func.h" andre@0: #include "secitem.h" andre@0: #include "key.h" andre@0: andre@0: typedef struct SEC_PKCS5PBEParameterStr SEC_PKCS5PBEParameter; andre@0: struct SEC_PKCS5PBEParameterStr { andre@0: PLArenaPool *poolp; andre@0: SECItem salt; /* octet string */ andre@0: SECItem iteration; /* integer */ andre@0: SECItem keyLength; /* PKCS5v2 only */ andre@0: SECAlgorithmID *pPrfAlgId; /* PKCS5v2 only */ andre@0: SECAlgorithmID prfAlgId; /* PKCS5v2 only */ andre@0: }; andre@0: andre@0: /* PKCS5 V2 has an algorithm ID for the encryption and for andre@0: * the key generation. This is valid for SEC_OID_PKCS5_PBES2 andre@0: * and SEC_OID_PKCS5_PBMAC1 andre@0: */ andre@0: struct sec_pkcs5V2ParameterStr { andre@0: PLArenaPool *poolp; andre@0: SECAlgorithmID pbeAlgId; /* real pbe algorithms */ andre@0: SECAlgorithmID cipherAlgId; /* encryption/mac */ andre@0: }; andre@0: andre@0: typedef struct sec_pkcs5V2ParameterStr sec_pkcs5V2Parameter; andre@0: andre@0: andre@0: /* template for PKCS 5 PBE Parameter. This template has been expanded andre@0: * based upon the additions in PKCS 12. This should eventually be moved andre@0: * if RSA updates PKCS 5. andre@0: */ andre@0: const SEC_ASN1Template SEC_PKCS5PBEParameterTemplate[] = andre@0: { andre@0: { SEC_ASN1_SEQUENCE, andre@0: 0, NULL, sizeof(SEC_PKCS5PBEParameter) }, andre@0: { SEC_ASN1_OCTET_STRING, andre@0: offsetof(SEC_PKCS5PBEParameter, salt) }, andre@0: { SEC_ASN1_INTEGER, andre@0: offsetof(SEC_PKCS5PBEParameter, iteration) }, andre@0: { 0 } andre@0: }; andre@0: andre@0: const SEC_ASN1Template SEC_V2PKCS12PBEParameterTemplate[] = andre@0: { andre@0: { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS5PBEParameter) }, andre@0: { SEC_ASN1_OCTET_STRING, offsetof(SEC_PKCS5PBEParameter, salt) }, andre@0: { SEC_ASN1_INTEGER, offsetof(SEC_PKCS5PBEParameter, iteration) }, andre@0: { 0 } andre@0: }; andre@0: andre@0: SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate) andre@0: andre@0: /* SECOID_PKCS5_PBKDF2 */ andre@0: const SEC_ASN1Template SEC_PKCS5V2PBEParameterTemplate[] = andre@0: { andre@0: { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS5PBEParameter) }, andre@0: /* This is really a choice, but since we only understand this andre@0: * choice, just inline it */ andre@0: { SEC_ASN1_OCTET_STRING, offsetof(SEC_PKCS5PBEParameter, salt) }, andre@0: { SEC_ASN1_INTEGER, offsetof(SEC_PKCS5PBEParameter, iteration) }, andre@0: { SEC_ASN1_INTEGER|SEC_ASN1_OPTIONAL, andre@0: offsetof(SEC_PKCS5PBEParameter, keyLength) }, andre@0: { SEC_ASN1_POINTER | SEC_ASN1_XTRN | SEC_ASN1_OPTIONAL, andre@0: offsetof(SEC_PKCS5PBEParameter, pPrfAlgId), andre@0: SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, andre@0: { 0 } andre@0: }; andre@0: andre@0: /* SEC_OID_PKCS5_PBES2, SEC_OID_PKCS5_PBMAC1 */ andre@0: const SEC_ASN1Template SEC_PKCS5V2ParameterTemplate[] = andre@0: { andre@0: { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS5PBEParameter) }, andre@0: { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(sec_pkcs5V2Parameter, pbeAlgId), andre@0: SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, andre@0: { SEC_ASN1_INLINE | SEC_ASN1_XTRN, andre@0: offsetof(sec_pkcs5V2Parameter, cipherAlgId), andre@0: SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, andre@0: { 0 } andre@0: }; andre@0: andre@0: andre@0: /* andre@0: * maps a PBE algorithm to a crypto algorithm. for PKCS12 and PKCS5v1 andre@0: * for PKCS5v2 it returns SEC_OID_PKCS5_PBKDF2. andre@0: */ andre@0: SECOidTag andre@0: sec_pkcs5GetCryptoFromAlgTag(SECOidTag algorithm) andre@0: { andre@0: switch(algorithm) andre@0: { andre@0: case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC: andre@0: case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_2KEY_TRIPLE_DES_CBC: andre@0: case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC: andre@0: return SEC_OID_DES_EDE3_CBC; andre@0: case SEC_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC: andre@0: case SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC: andre@0: case SEC_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC: andre@0: return SEC_OID_DES_CBC; andre@0: case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC: andre@0: case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC: andre@0: case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC: andre@0: case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC: andre@0: return SEC_OID_RC2_CBC; andre@0: case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC4: andre@0: case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC4: andre@0: case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC4: andre@0: case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4: andre@0: return SEC_OID_RC4; andre@0: case SEC_OID_PKCS5_PBKDF2: andre@0: case SEC_OID_PKCS5_PBES2: andre@0: case SEC_OID_PKCS5_PBMAC1: andre@0: return SEC_OID_PKCS5_PBKDF2; andre@0: default: andre@0: break; andre@0: } andre@0: andre@0: return SEC_OID_UNKNOWN; andre@0: } andre@0: andre@0: /* andre@0: * get a new PKCS5 V2 Parameter from the algorithm id. andre@0: * if arena is passed in, use it, otherwise create a new arena. andre@0: */ andre@0: sec_pkcs5V2Parameter * andre@0: sec_pkcs5_v2_get_v2_param(PLArenaPool *arena, SECAlgorithmID *algid) andre@0: { andre@0: PLArenaPool *localArena = NULL; andre@0: sec_pkcs5V2Parameter *pbeV2_param; andre@0: SECStatus rv; andre@0: andre@0: if (arena == NULL) { andre@0: localArena = arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE); andre@0: if (arena == NULL) { andre@0: return NULL; andre@0: } andre@0: } andre@0: pbeV2_param = PORT_ArenaZNew(arena, sec_pkcs5V2Parameter); andre@0: if (pbeV2_param == NULL) { andre@0: goto loser; andre@0: } andre@0: andre@0: rv = SEC_ASN1DecodeItem(arena, pbeV2_param, andre@0: SEC_PKCS5V2ParameterTemplate, &algid->parameters); andre@0: if (rv == SECFailure) { andre@0: goto loser; andre@0: } andre@0: andre@0: pbeV2_param->poolp = arena; andre@0: return pbeV2_param; andre@0: loser: andre@0: if (localArena) { andre@0: PORT_FreeArena(arena, PR_FALSE); andre@0: } andre@0: return NULL; andre@0: } andre@0: andre@0: void andre@0: sec_pkcs5_v2_destroy_v2_param(sec_pkcs5V2Parameter *param) andre@0: { andre@0: if (param && param->poolp) { andre@0: PORT_FreeArena(param->poolp, PR_TRUE); andre@0: } andre@0: } andre@0: andre@0: andre@0: /* maps crypto algorithm from PBE algorithm. andre@0: */ andre@0: SECOidTag andre@0: SEC_PKCS5GetCryptoAlgorithm(SECAlgorithmID *algid) andre@0: { andre@0: andre@0: SECOidTag pbeAlg; andre@0: SECOidTag cipherAlg; andre@0: andre@0: if(algid == NULL) andre@0: return SEC_OID_UNKNOWN; andre@0: andre@0: pbeAlg = SECOID_GetAlgorithmTag(algid); andre@0: cipherAlg = sec_pkcs5GetCryptoFromAlgTag(pbeAlg); andre@0: if ((cipherAlg == SEC_OID_PKCS5_PBKDF2) && andre@0: (pbeAlg != SEC_OID_PKCS5_PBKDF2)) { andre@0: sec_pkcs5V2Parameter *pbeV2_param; andre@0: cipherAlg = SEC_OID_UNKNOWN; andre@0: andre@0: pbeV2_param = sec_pkcs5_v2_get_v2_param(NULL, algid); andre@0: if (pbeV2_param != NULL) { andre@0: cipherAlg = SECOID_GetAlgorithmTag(&pbeV2_param->cipherAlgId); andre@0: sec_pkcs5_v2_destroy_v2_param(pbeV2_param); andre@0: } andre@0: } andre@0: andre@0: return cipherAlg; andre@0: } andre@0: andre@0: /* check to see if an oid is a pbe algorithm andre@0: */ andre@0: PRBool andre@0: SEC_PKCS5IsAlgorithmPBEAlg(SECAlgorithmID *algid) andre@0: { andre@0: return (PRBool)(SEC_PKCS5GetCryptoAlgorithm(algid) != SEC_OID_UNKNOWN); andre@0: } andre@0: andre@0: PRBool andre@0: SEC_PKCS5IsAlgorithmPBEAlgTag(SECOidTag algtag) andre@0: { andre@0: return (PRBool)(sec_pkcs5GetCryptoFromAlgTag(algtag) != SEC_OID_UNKNOWN); andre@0: } andre@0: andre@0: /* andre@0: * find the most appropriate PKCS5v2 overall oid tag from a regular andre@0: * cipher/hash algorithm tag. andre@0: */ andre@0: static SECOidTag andre@0: sec_pkcs5v2_get_pbe(SECOidTag algTag) andre@0: { andre@0: /* if it's a valid hash oid... */ andre@0: if (HASH_GetHashOidTagByHMACOidTag(algTag) != SEC_OID_UNKNOWN) { andre@0: /* use the MAC tag */ andre@0: return SEC_OID_PKCS5_PBMAC1; andre@0: } andre@0: if (HASH_GetHashTypeByOidTag(algTag) != HASH_AlgNULL) { andre@0: /* eliminate Hash algorithms */ andre@0: return SEC_OID_UNKNOWN; andre@0: } andre@0: if (PK11_AlgtagToMechanism(algTag) != CKM_INVALID_MECHANISM) { andre@0: /* it's not a hash, if it has a PKCS #11 mechanism associated andre@0: * with it, assume it's a cipher. (NOTE this will generate andre@0: * some false positives). */ andre@0: return SEC_OID_PKCS5_PBES2; andre@0: } andre@0: return SEC_OID_UNKNOWN; andre@0: } andre@0: andre@0: /* andre@0: * maps PBE algorithm from crypto algorithm, assumes SHA1 hashing. andre@0: * input keyLen in bits. andre@0: */ andre@0: SECOidTag andre@0: SEC_PKCS5GetPBEAlgorithm(SECOidTag algTag, int keyLen) andre@0: { andre@0: switch(algTag) andre@0: { andre@0: case SEC_OID_DES_EDE3_CBC: andre@0: switch(keyLen) { andre@0: case 168: andre@0: case 192: andre@0: case 0: andre@0: return SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC; andre@0: case 128: andre@0: case 92: andre@0: return SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_2KEY_TRIPLE_DES_CBC; andre@0: default: andre@0: break; andre@0: } andre@0: break; andre@0: case SEC_OID_DES_CBC: andre@0: return SEC_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC; andre@0: case SEC_OID_RC2_CBC: andre@0: switch(keyLen) { andre@0: case 40: andre@0: return SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC; andre@0: case 128: andre@0: case 0: andre@0: return SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC; andre@0: default: andre@0: break; andre@0: } andre@0: break; andre@0: case SEC_OID_RC4: andre@0: switch(keyLen) { andre@0: case 40: andre@0: return SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4; andre@0: case 128: andre@0: case 0: andre@0: return SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC4; andre@0: default: andre@0: break; andre@0: } andre@0: break; andre@0: default: andre@0: return sec_pkcs5v2_get_pbe(algTag); andre@0: } andre@0: andre@0: return SEC_OID_UNKNOWN; andre@0: } andre@0: andre@0: /* andre@0: * get the key length in bytes from a PKCS5 PBE andre@0: */ andre@0: int andre@0: sec_pkcs5v2_key_length(SECAlgorithmID *algid) andre@0: { andre@0: SECOidTag algorithm; andre@0: PLArenaPool *arena = NULL; andre@0: SEC_PKCS5PBEParameter p5_param; andre@0: SECStatus rv; andre@0: int length = -1; andre@0: andre@0: algorithm = SECOID_GetAlgorithmTag(algid); andre@0: /* sanity check, they should all be PBKDF2 here */ andre@0: if (algorithm != SEC_OID_PKCS5_PBKDF2) { andre@0: return -1; andre@0: } andre@0: andre@0: arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE); andre@0: if (arena == NULL) { andre@0: goto loser; andre@0: } andre@0: PORT_Memset(&p5_param, 0, sizeof(p5_param)); andre@0: rv = SEC_ASN1DecodeItem(arena,&p5_param, andre@0: SEC_PKCS5V2PBEParameterTemplate, &algid->parameters); andre@0: if (rv != SECSuccess) { andre@0: goto loser; andre@0: } andre@0: andre@0: if (p5_param.keyLength.data != NULL) { andre@0: length = DER_GetInteger(&p5_param.keyLength); andre@0: } andre@0: andre@0: loser: andre@0: if (arena) { andre@0: PORT_FreeArena(arena, PR_FALSE); andre@0: } andre@0: return length; andre@0: } andre@0: andre@0: /* andre@0: * get the key length in bytes needed for the PBE algorithm andre@0: */ andre@0: int andre@0: SEC_PKCS5GetKeyLength(SECAlgorithmID *algid) andre@0: { andre@0: andre@0: SECOidTag algorithm; andre@0: andre@0: if(algid == NULL) andre@0: return SEC_OID_UNKNOWN; andre@0: andre@0: algorithm = SECOID_GetAlgorithmTag(algid); andre@0: andre@0: switch(algorithm) andre@0: { andre@0: case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC: andre@0: case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC: andre@0: case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_2KEY_TRIPLE_DES_CBC: andre@0: return 24; andre@0: case SEC_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC: andre@0: case SEC_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC: andre@0: case SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC: andre@0: return 8; andre@0: case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC: andre@0: case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC4: andre@0: case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4: andre@0: case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC: andre@0: return 5; andre@0: case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC: andre@0: case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC4: andre@0: case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC: andre@0: case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC4: andre@0: return 16; andre@0: case SEC_OID_PKCS5_PBKDF2: andre@0: return sec_pkcs5v2_key_length(algid); andre@0: case SEC_OID_PKCS5_PBES2: andre@0: case SEC_OID_PKCS5_PBMAC1: andre@0: { andre@0: sec_pkcs5V2Parameter *pbeV2_param; andre@0: int length = -1; andre@0: pbeV2_param = sec_pkcs5_v2_get_v2_param(NULL, algid); andre@0: if (pbeV2_param != NULL) { andre@0: length = sec_pkcs5v2_key_length(&pbeV2_param->pbeAlgId); andre@0: sec_pkcs5_v2_destroy_v2_param(pbeV2_param); andre@0: } andre@0: return length; andre@0: } andre@0: andre@0: default: andre@0: break; andre@0: } andre@0: return -1; andre@0: } andre@0: andre@0: andre@0: /* the PKCS12 V2 algorithms only encode the salt, there is no iteration andre@0: * count so we need a check for V2 algorithm parameters. andre@0: */ andre@0: static PRBool andre@0: sec_pkcs5_is_algorithm_v2_pkcs12_algorithm(SECOidTag algorithm) andre@0: { andre@0: switch(algorithm) andre@0: { andre@0: case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC4: andre@0: case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4: andre@0: case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC: andre@0: case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_2KEY_TRIPLE_DES_CBC: andre@0: case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC: andre@0: case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC: andre@0: return PR_TRUE; andre@0: default: andre@0: break; andre@0: } andre@0: andre@0: return PR_FALSE; andre@0: } andre@0: andre@0: static PRBool andre@0: sec_pkcs5_is_algorithm_v2_pkcs5_algorithm(SECOidTag algorithm) andre@0: { andre@0: switch(algorithm) andre@0: { andre@0: case SEC_OID_PKCS5_PBES2: andre@0: case SEC_OID_PKCS5_PBMAC1: andre@0: case SEC_OID_PKCS5_PBKDF2: andre@0: return PR_TRUE; andre@0: default: andre@0: break; andre@0: } andre@0: andre@0: return PR_FALSE; andre@0: } andre@0: andre@0: /* destroy a pbe parameter. it assumes that the parameter was andre@0: * generated using the appropriate create function and therefor andre@0: * contains an arena pool. andre@0: */ andre@0: static void andre@0: sec_pkcs5_destroy_pbe_param(SEC_PKCS5PBEParameter *pbe_param) andre@0: { andre@0: if(pbe_param != NULL) andre@0: PORT_FreeArena(pbe_param->poolp, PR_TRUE); andre@0: } andre@0: andre@0: /* creates a PBE parameter based on the PBE algorithm. the only required andre@0: * parameters are algorithm and interation. the return is a PBE parameter andre@0: * which conforms to PKCS 5 parameter unless an extended parameter is needed. andre@0: * this is primarily if keyLength and a variable key length algorithm are andre@0: * specified. andre@0: * salt - if null, a salt will be generated from random bytes. andre@0: * iteration - number of iterations to perform hashing. andre@0: * keyLength - only used in variable key length algorithms. if specified, andre@0: * should be in bytes. andre@0: * once a parameter is allocated, it should be destroyed calling andre@0: * sec_pkcs5_destroy_pbe_parameter or SEC_PKCS5DestroyPBEParameter. andre@0: */ andre@0: #define DEFAULT_SALT_LENGTH 16 andre@0: static SEC_PKCS5PBEParameter * andre@0: sec_pkcs5_create_pbe_parameter(SECOidTag algorithm, andre@0: SECItem *salt, andre@0: int iteration, andre@0: int keyLength, andre@0: SECOidTag prfAlg) andre@0: { andre@0: PLArenaPool *poolp = NULL; andre@0: SEC_PKCS5PBEParameter *pbe_param = NULL; andre@0: SECStatus rv= SECSuccess; andre@0: void *dummy = NULL; andre@0: andre@0: if(iteration < 0) { andre@0: return NULL; andre@0: } andre@0: andre@0: poolp = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE); andre@0: if(poolp == NULL) andre@0: return NULL; andre@0: andre@0: pbe_param = (SEC_PKCS5PBEParameter *)PORT_ArenaZAlloc(poolp, andre@0: sizeof(SEC_PKCS5PBEParameter)); andre@0: if(!pbe_param) { andre@0: PORT_FreeArena(poolp, PR_TRUE); andre@0: return NULL; andre@0: } andre@0: andre@0: pbe_param->poolp = poolp; andre@0: andre@0: rv = SECFailure; andre@0: if (salt && salt->data) { andre@0: rv = SECITEM_CopyItem(poolp, &pbe_param->salt, salt); andre@0: } else { andre@0: /* sigh, the old interface generated salt on the fly, so we have to andre@0: * preserve the semantics */ andre@0: pbe_param->salt.len = DEFAULT_SALT_LENGTH; andre@0: pbe_param->salt.data = PORT_ArenaZAlloc(poolp,DEFAULT_SALT_LENGTH); andre@0: if (pbe_param->salt.data) { andre@0: rv = PK11_GenerateRandom(pbe_param->salt.data,DEFAULT_SALT_LENGTH); andre@0: } andre@0: } andre@0: andre@0: if(rv != SECSuccess) { andre@0: PORT_FreeArena(poolp, PR_TRUE); andre@0: return NULL; andre@0: } andre@0: andre@0: /* encode the integer */ andre@0: dummy = SEC_ASN1EncodeInteger(poolp, &pbe_param->iteration, andre@0: iteration); andre@0: rv = (dummy) ? SECSuccess : SECFailure; andre@0: andre@0: if(rv != SECSuccess) { andre@0: PORT_FreeArena(poolp, PR_FALSE); andre@0: return NULL; andre@0: } andre@0: andre@0: /* andre@0: * for PKCS5 v2 Add the keylength and the prf andre@0: */ andre@0: if (algorithm == SEC_OID_PKCS5_PBKDF2) { andre@0: dummy = SEC_ASN1EncodeInteger(poolp, &pbe_param->keyLength, andre@0: keyLength); andre@0: rv = (dummy) ? SECSuccess : SECFailure; andre@0: if (rv != SECSuccess) { andre@0: PORT_FreeArena(poolp, PR_FALSE); andre@0: return NULL; andre@0: } andre@0: rv = SECOID_SetAlgorithmID(poolp, &pbe_param->prfAlgId, prfAlg, NULL); andre@0: if (rv != SECSuccess) { andre@0: PORT_FreeArena(poolp, PR_FALSE); andre@0: return NULL; andre@0: } andre@0: pbe_param->pPrfAlgId = &pbe_param->prfAlgId; andre@0: } andre@0: andre@0: return pbe_param; andre@0: } andre@0: andre@0: /* creates a algorithm ID containing the PBE algorithm and appropriate andre@0: * parameters. the required parameter is the algorithm. if salt is andre@0: * not specified, it is generated randomly. andre@0: * andre@0: * the returned SECAlgorithmID should be destroyed using andre@0: * SECOID_DestroyAlgorithmID andre@0: */ andre@0: SECAlgorithmID * andre@0: sec_pkcs5CreateAlgorithmID(SECOidTag algorithm, andre@0: SECOidTag cipherAlgorithm, andre@0: SECOidTag prfAlg, andre@0: SECOidTag *pPbeAlgorithm, andre@0: int keyLength, andre@0: SECItem *salt, andre@0: int iteration) andre@0: { andre@0: PLArenaPool *poolp = NULL; andre@0: SECAlgorithmID *algid, *ret_algid = NULL; andre@0: SECOidTag pbeAlgorithm = algorithm; andre@0: SECItem der_param; andre@0: void *dummy; andre@0: SECStatus rv = SECFailure; andre@0: SEC_PKCS5PBEParameter *pbe_param = NULL; andre@0: sec_pkcs5V2Parameter pbeV2_param; andre@0: andre@0: if(iteration <= 0) { andre@0: return NULL; andre@0: } andre@0: andre@0: poolp = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE); andre@0: if(!poolp) { andre@0: goto loser; andre@0: } andre@0: andre@0: if (!SEC_PKCS5IsAlgorithmPBEAlgTag(algorithm) || andre@0: sec_pkcs5_is_algorithm_v2_pkcs5_algorithm(algorithm)) { andre@0: /* use PKCS 5 v2 */ andre@0: SECItem *cipherParams; andre@0: andre@0: /* andre@0: * if we ask for pkcs5 Algorithms directly, then the andre@0: * application needs to supply the cipher algorithm, andre@0: * otherwise we are implicitly using pkcs5 v2 and the andre@0: * passed in algorithm is the encryption algorithm. andre@0: */ andre@0: if (sec_pkcs5_is_algorithm_v2_pkcs5_algorithm(algorithm)) { andre@0: if (cipherAlgorithm == SEC_OID_UNKNOWN) { andre@0: goto loser; andre@0: } andre@0: } else { andre@0: cipherAlgorithm = algorithm; andre@0: /* force algorithm to be chosen below */ andre@0: algorithm = SEC_OID_PKCS5_PBKDF2; andre@0: } andre@0: andre@0: pbeAlgorithm = SEC_OID_PKCS5_PBKDF2; andre@0: /* andre@0: * 'algorithm' is the overall algorithm oid tag used to wrap the andre@0: * entire algoithm ID block. For PKCS5v1 and PKCS12, this andre@0: * algorithm OID has encoded in it both the PBE KDF function andre@0: * and the encryption algorithm. For PKCS 5v2, PBE KDF and andre@0: * encryption/macing oids are encoded as parameters in andre@0: * the algorithm ID block. andre@0: * andre@0: * Thus in PKCS5 v1 and PKCS12, this algorithm maps to a pkcs #11 andre@0: * mechanism, where as in PKCS 5v2, this alogithm tag does not map andre@0: * directly to a PKCS #11 mechanim, instead the 2 oids in the andre@0: * algorithm ID block map the the actual PKCS #11 mechanism. andre@0: * gorithm is). We use choose this algorithm oid based on the andre@0: * cipherAlgorithm to determine what this should be (MAC1 or PBES2). andre@0: */ andre@0: if (algorithm == SEC_OID_PKCS5_PBKDF2) { andre@0: /* choose mac or pbes */ andre@0: algorithm = sec_pkcs5v2_get_pbe(cipherAlgorithm); andre@0: } andre@0: andre@0: /* set the PKCS5v2 specific parameters */ andre@0: if (keyLength == 0) { andre@0: SECOidTag hashAlg = HASH_GetHashOidTagByHMACOidTag(cipherAlgorithm); andre@0: if (hashAlg != SEC_OID_UNKNOWN) { andre@0: keyLength = HASH_ResultLenByOidTag(hashAlg); andre@0: } else { andre@0: CK_MECHANISM_TYPE cryptoMech; andre@0: cryptoMech = PK11_AlgtagToMechanism(cipherAlgorithm); andre@0: if (cryptoMech == CKM_INVALID_MECHANISM) { andre@0: goto loser; andre@0: } andre@0: keyLength = PK11_GetMaxKeyLength(cryptoMech); andre@0: } andre@0: if (keyLength == 0) { andre@0: goto loser; andre@0: } andre@0: } andre@0: /* currently only SEC_OID_HMAC_SHA1 is defined */ andre@0: if (prfAlg == SEC_OID_UNKNOWN) { andre@0: prfAlg = SEC_OID_HMAC_SHA1; andre@0: } andre@0: andre@0: /* build the PKCS5v2 cipher algorithm id */ andre@0: cipherParams = pk11_GenerateNewParamWithKeyLen( andre@0: PK11_AlgtagToMechanism(cipherAlgorithm), keyLength); andre@0: if (!cipherParams) { andre@0: goto loser; andre@0: } andre@0: andre@0: PORT_Memset(&pbeV2_param, 0, sizeof (pbeV2_param)); andre@0: andre@0: rv = PK11_ParamToAlgid(cipherAlgorithm, cipherParams, andre@0: poolp, &pbeV2_param.cipherAlgId); andre@0: SECITEM_FreeItem(cipherParams, PR_TRUE); andre@0: if (rv != SECSuccess) { andre@0: goto loser; andre@0: } andre@0: } andre@0: andre@0: andre@0: /* generate the parameter */ andre@0: pbe_param = sec_pkcs5_create_pbe_parameter(pbeAlgorithm, salt, iteration, andre@0: keyLength, prfAlg); andre@0: if(!pbe_param) { andre@0: goto loser; andre@0: } andre@0: andre@0: /* generate the algorithm id */ andre@0: algid = (SECAlgorithmID *)PORT_ArenaZAlloc(poolp, sizeof(SECAlgorithmID)); andre@0: if(algid == NULL) { andre@0: goto loser; andre@0: } andre@0: andre@0: der_param.data = NULL; andre@0: der_param.len = 0; andre@0: if (sec_pkcs5_is_algorithm_v2_pkcs5_algorithm(algorithm)) { andre@0: /* first encode the PBE algorithm ID */ andre@0: dummy = SEC_ASN1EncodeItem(poolp, &der_param, pbe_param, andre@0: SEC_PKCS5V2PBEParameterTemplate); andre@0: if (dummy == NULL) { andre@0: goto loser; andre@0: } andre@0: rv = SECOID_SetAlgorithmID(poolp, &pbeV2_param.pbeAlgId, andre@0: pbeAlgorithm, &der_param); andre@0: if (rv != SECSuccess) { andre@0: goto loser; andre@0: } andre@0: andre@0: /* now encode the Full PKCS 5 parameter */ andre@0: der_param.data = NULL; andre@0: der_param.len = 0; andre@0: dummy = SEC_ASN1EncodeItem(poolp, &der_param, &pbeV2_param, andre@0: SEC_PKCS5V2ParameterTemplate); andre@0: } else if(!sec_pkcs5_is_algorithm_v2_pkcs12_algorithm(algorithm)) { andre@0: dummy = SEC_ASN1EncodeItem(poolp, &der_param, pbe_param, andre@0: SEC_PKCS5PBEParameterTemplate); andre@0: } else { andre@0: dummy = SEC_ASN1EncodeItem(poolp, &der_param, pbe_param, andre@0: SEC_V2PKCS12PBEParameterTemplate); andre@0: } andre@0: if (dummy == NULL) { andre@0: goto loser; andre@0: } andre@0: andre@0: rv = SECOID_SetAlgorithmID(poolp, algid, algorithm, &der_param); andre@0: if (rv != SECSuccess) { andre@0: goto loser; andre@0: } andre@0: andre@0: ret_algid = (SECAlgorithmID *)PORT_ZAlloc(sizeof(SECAlgorithmID)); andre@0: if (ret_algid == NULL) { andre@0: goto loser; andre@0: } andre@0: andre@0: rv = SECOID_CopyAlgorithmID(NULL, ret_algid, algid); andre@0: if (rv != SECSuccess) { andre@0: SECOID_DestroyAlgorithmID(ret_algid, PR_TRUE); andre@0: ret_algid = NULL; andre@0: } else if (pPbeAlgorithm) { andre@0: *pPbeAlgorithm = pbeAlgorithm; andre@0: } andre@0: andre@0: loser: andre@0: if (poolp != NULL) { andre@0: PORT_FreeArena(poolp, PR_TRUE); andre@0: algid = NULL; andre@0: } andre@0: andre@0: if (pbe_param) { andre@0: sec_pkcs5_destroy_pbe_param(pbe_param); andre@0: } andre@0: andre@0: return ret_algid; andre@0: } andre@0: andre@0: SECStatus andre@0: pbe_PK11AlgidToParam(SECAlgorithmID *algid,SECItem *mech) andre@0: { andre@0: SEC_PKCS5PBEParameter p5_param; andre@0: SECItem *salt = NULL; andre@0: SECOidTag algorithm = SECOID_GetAlgorithmTag(algid); andre@0: PLArenaPool *arena = NULL; andre@0: SECStatus rv = SECFailure; andre@0: unsigned char *paramData = NULL; andre@0: unsigned char *pSalt = NULL; andre@0: CK_ULONG iterations; andre@0: int paramLen = 0; andre@0: int iv_len; andre@0: andre@0: andre@0: arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE); andre@0: if (arena == NULL) { andre@0: goto loser; andre@0: } andre@0: andre@0: andre@0: /* andre@0: * decode the algid based on the pbe type andre@0: */ andre@0: PORT_Memset(&p5_param, 0, sizeof(p5_param)); andre@0: if (sec_pkcs5_is_algorithm_v2_pkcs12_algorithm(algorithm)) { andre@0: iv_len = PK11_GetIVLength(PK11_AlgtagToMechanism(algorithm)); andre@0: rv = SEC_ASN1DecodeItem(arena, &p5_param, andre@0: SEC_V2PKCS12PBEParameterTemplate, &algid->parameters); andre@0: } else if (algorithm == SEC_OID_PKCS5_PBKDF2) { andre@0: iv_len = 0; andre@0: rv = SEC_ASN1DecodeItem(arena,&p5_param, andre@0: SEC_PKCS5V2PBEParameterTemplate, &algid->parameters); andre@0: } else { andre@0: iv_len = PK11_GetIVLength(PK11_AlgtagToMechanism(algorithm)); andre@0: rv = SEC_ASN1DecodeItem(arena,&p5_param,SEC_PKCS5PBEParameterTemplate, andre@0: &algid->parameters); andre@0: } andre@0: andre@0: if (iv_len < 0) { andre@0: goto loser; andre@0: } andre@0: andre@0: if (rv != SECSuccess) { andre@0: goto loser; andre@0: } andre@0: andre@0: /* get salt */ andre@0: salt = &p5_param.salt; andre@0: iterations = (CK_ULONG) DER_GetInteger(&p5_param.iteration); andre@0: andre@0: /* allocate and fill in the PKCS #11 parameters andre@0: * based on the algorithm. */ andre@0: if (algorithm == SEC_OID_PKCS5_PBKDF2) { andre@0: SECOidTag prfAlgTag; andre@0: CK_PKCS5_PBKD2_PARAMS *pbeV2_params = andre@0: (CK_PKCS5_PBKD2_PARAMS *)PORT_ZAlloc( andre@0: sizeof(CK_PKCS5_PBKD2_PARAMS)+ salt->len); andre@0: andre@0: if (pbeV2_params == NULL) { andre@0: goto loser; andre@0: } andre@0: paramData = (unsigned char *)pbeV2_params; andre@0: paramLen = sizeof(CK_PKCS5_PBKD2_PARAMS); andre@0: andre@0: /* set the prf */ andre@0: prfAlgTag = SEC_OID_HMAC_SHA1; andre@0: if (p5_param.pPrfAlgId && andre@0: p5_param.pPrfAlgId->algorithm.data != 0) { andre@0: prfAlgTag = SECOID_GetAlgorithmTag(p5_param.pPrfAlgId); andre@0: } andre@0: if (prfAlgTag == SEC_OID_HMAC_SHA1) { andre@0: pbeV2_params->prf = CKP_PKCS5_PBKD2_HMAC_SHA1; andre@0: } else { andre@0: /* only SHA1_HMAC is currently supported by PKCS #11 */ andre@0: PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); andre@0: goto loser; andre@0: } andre@0: andre@0: /* probably should fetch these from the prfAlgid */ andre@0: pbeV2_params->pPrfData = NULL; andre@0: pbeV2_params->ulPrfDataLen = 0; andre@0: pbeV2_params->saltSource = CKZ_SALT_SPECIFIED; andre@0: pSalt = ((CK_CHAR_PTR) pbeV2_params)+sizeof(CK_PKCS5_PBKD2_PARAMS); andre@0: PORT_Memcpy(pSalt, salt->data, salt->len); andre@0: pbeV2_params->pSaltSourceData = pSalt; andre@0: pbeV2_params->ulSaltSourceDataLen = salt->len; andre@0: pbeV2_params->iterations = iterations; andre@0: } else { andre@0: CK_PBE_PARAMS *pbe_params = NULL; andre@0: pbe_params = (CK_PBE_PARAMS *)PORT_ZAlloc(sizeof(CK_PBE_PARAMS)+ andre@0: salt->len+iv_len); andre@0: if (pbe_params == NULL) { andre@0: goto loser; andre@0: } andre@0: paramData = (unsigned char *)pbe_params; andre@0: paramLen = sizeof(CK_PBE_PARAMS); andre@0: andre@0: pSalt = ((CK_CHAR_PTR) pbe_params)+sizeof(CK_PBE_PARAMS); andre@0: pbe_params->pSalt = pSalt; andre@0: PORT_Memcpy(pSalt, salt->data, salt->len); andre@0: pbe_params->ulSaltLen = salt->len; andre@0: if (iv_len) { andre@0: pbe_params->pInitVector = andre@0: ((CK_CHAR_PTR) pbe_params)+ sizeof(CK_PBE_PARAMS)+salt->len; andre@0: } andre@0: pbe_params->ulIteration = iterations; andre@0: } andre@0: andre@0: /* copy into the mechanism sec item */ andre@0: mech->data = paramData; andre@0: mech->len = paramLen; andre@0: if (arena) { andre@0: PORT_FreeArena(arena,PR_TRUE); andre@0: } andre@0: return SECSuccess; andre@0: andre@0: loser: andre@0: if (paramData) { andre@0: PORT_Free(paramData); andre@0: } andre@0: if (arena) { andre@0: PORT_FreeArena(arena,PR_TRUE); andre@0: } andre@0: return SECFailure; andre@0: } andre@0: andre@0: /* andre@0: * public, deprecated, not valid for pkcs5 v2 andre@0: * andre@0: * use PK11_CreatePBEV2AlgorithmID or PK11_CreatePBEAlgorithmID to create andre@0: * PBE algorithmID's directly. andre@0: */ andre@0: SECStatus andre@0: PBE_PK11ParamToAlgid(SECOidTag algTag, SECItem *param, PLArenaPool *arena, andre@0: SECAlgorithmID *algId) andre@0: { andre@0: CK_PBE_PARAMS *pbe_param; andre@0: SECItem pbeSalt; andre@0: SECAlgorithmID *pbeAlgID = NULL; andre@0: SECStatus rv; andre@0: andre@0: if(!param || !algId) { andre@0: return SECFailure; andre@0: } andre@0: andre@0: pbe_param = (CK_PBE_PARAMS *)param->data; andre@0: pbeSalt.data = (unsigned char *)pbe_param->pSalt; andre@0: pbeSalt.len = pbe_param->ulSaltLen; andre@0: pbeAlgID = sec_pkcs5CreateAlgorithmID(algTag, SEC_OID_UNKNOWN, andre@0: SEC_OID_UNKNOWN, NULL, 0, &pbeSalt, (int)pbe_param->ulIteration); andre@0: if(!pbeAlgID) { andre@0: return SECFailure; andre@0: } andre@0: andre@0: rv = SECOID_CopyAlgorithmID(arena, algId, pbeAlgID); andre@0: SECOID_DestroyAlgorithmID(pbeAlgID, PR_TRUE); andre@0: return rv; andre@0: } andre@0: andre@0: /* andre@0: * public, Deprecated, This function is only for binary compatibility with andre@0: * older applications. Does not support PKCS5v2. andre@0: * andre@0: * Applications should use PK11_PBEKeyGen() for keys and PK11_GetPBEIV() for andre@0: * iv values rather than generating PBE bits directly. andre@0: */ andre@0: PBEBitGenContext * andre@0: PBE_CreateContext(SECOidTag hashAlgorithm, PBEBitGenID bitGenPurpose, andre@0: SECItem *pwitem, SECItem *salt, unsigned int bitsNeeded, andre@0: unsigned int iterations) andre@0: { andre@0: SECItem *context = NULL; andre@0: SECItem mechItem; andre@0: CK_PBE_PARAMS pbe_params; andre@0: CK_MECHANISM_TYPE mechanism = CKM_INVALID_MECHANISM; andre@0: PK11SlotInfo *slot; andre@0: PK11SymKey *symKey = NULL; andre@0: unsigned char ivData[8]; andre@0: andre@0: andre@0: /* use the purpose to select the low level keygen algorithm */ andre@0: switch (bitGenPurpose) { andre@0: case pbeBitGenIntegrityKey: andre@0: switch (hashAlgorithm) { andre@0: case SEC_OID_SHA1: andre@0: mechanism = CKM_PBA_SHA1_WITH_SHA1_HMAC; andre@0: break; andre@0: case SEC_OID_MD2: andre@0: mechanism = CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN; andre@0: break; andre@0: case SEC_OID_MD5: andre@0: mechanism = CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN; andre@0: break; andre@0: default: andre@0: break; andre@0: } andre@0: break; andre@0: case pbeBitGenCipherIV: andre@0: if (bitsNeeded > 64) { andre@0: break; andre@0: } andre@0: if (hashAlgorithm != SEC_OID_SHA1) { andre@0: break; andre@0: } andre@0: mechanism = CKM_PBE_SHA1_DES3_EDE_CBC; andre@0: break; andre@0: case pbeBitGenCipherKey: andre@0: if (hashAlgorithm != SEC_OID_SHA1) { andre@0: break; andre@0: } andre@0: switch (bitsNeeded) { andre@0: case 40: andre@0: mechanism = CKM_PBE_SHA1_RC4_40; andre@0: break; andre@0: case 128: andre@0: mechanism = CKM_PBE_SHA1_RC4_128; andre@0: break; andre@0: default: andre@0: break; andre@0: } andre@0: case pbeBitGenIDNull: andre@0: break; andre@0: } andre@0: andre@0: if (mechanism == CKM_INVALID_MECHANISM) { andre@0: /* we should set an error, but this is a deprecated function, and andre@0: * we are keeping bug for bug compatibility;)... */ andre@0: return NULL; andre@0: } andre@0: andre@0: pbe_params.pInitVector = ivData; andre@0: pbe_params.pPassword = pwitem->data; andre@0: pbe_params.ulPasswordLen = pwitem->len; andre@0: pbe_params.pSalt = salt->data; andre@0: pbe_params.ulSaltLen = salt->len; andre@0: pbe_params.ulIteration = iterations; andre@0: mechItem.data = (unsigned char *) &pbe_params; andre@0: mechItem.len = sizeof(pbe_params); andre@0: andre@0: andre@0: slot = PK11_GetInternalSlot(); andre@0: symKey = PK11_RawPBEKeyGen(slot,mechanism, andre@0: &mechItem, pwitem, PR_FALSE, NULL); andre@0: PK11_FreeSlot(slot); andre@0: if (symKey != NULL) { andre@0: if (bitGenPurpose == pbeBitGenCipherIV) { andre@0: /* NOTE: this assumes that bitsNeeded is a multiple of 8! */ andre@0: SECItem ivItem; andre@0: andre@0: ivItem.data = ivData; andre@0: ivItem.len = bitsNeeded/8; andre@0: context = SECITEM_DupItem(&ivItem); andre@0: } else { andre@0: SECItem *keyData; andre@0: PK11_ExtractKeyValue(symKey); andre@0: keyData = PK11_GetKeyData(symKey); andre@0: andre@0: /* assert bitsNeeded with length? */ andre@0: if (keyData) { andre@0: context = SECITEM_DupItem(keyData); andre@0: } andre@0: } andre@0: PK11_FreeSymKey(symKey); andre@0: } andre@0: andre@0: return (PBEBitGenContext *)context; andre@0: } andre@0: andre@0: /* andre@0: * public, Deprecated, This function is only for binary compatibility with andre@0: * older applications. Does not support PKCS5v2. andre@0: * andre@0: * Applications should use PK11_PBEKeyGen() for keys and PK11_GetIV() for andre@0: * iv values rather than generating PBE bits directly. andre@0: */ andre@0: SECItem * andre@0: PBE_GenerateBits(PBEBitGenContext *context) andre@0: { andre@0: return (SECItem *)context; andre@0: } andre@0: andre@0: /* andre@0: * public, Deprecated, This function is only for binary compatibility with andre@0: * older applications. Does not support PKCS5v2. andre@0: * andre@0: * Applications should use PK11_PBEKeyGen() for keys and PK11_GetPBEIV() for andre@0: * iv values rather than generating PBE bits directly. andre@0: */ andre@0: void andre@0: PBE_DestroyContext(PBEBitGenContext *context) andre@0: { andre@0: SECITEM_FreeItem((SECItem *)context,PR_TRUE); andre@0: } andre@0: andre@0: /* andre@0: * public, deprecated. Replaced with PK11_GetPBEIV(). andre@0: */ andre@0: SECItem * andre@0: SEC_PKCS5GetIV(SECAlgorithmID *algid, SECItem *pwitem, PRBool faulty3DES) andre@0: { andre@0: /* pbe stuff */ andre@0: CK_MECHANISM_TYPE type; andre@0: SECItem *param = NULL; andre@0: SECItem *iv = NULL; andre@0: SECItem src; andre@0: int iv_len = 0; andre@0: PK11SymKey *symKey; andre@0: PK11SlotInfo *slot; andre@0: CK_PBE_PARAMS_PTR pPBEparams; andre@0: SECOidTag pbeAlg; andre@0: andre@0: pbeAlg = SECOID_GetAlgorithmTag(algid); andre@0: if (sec_pkcs5_is_algorithm_v2_pkcs5_algorithm(pbeAlg)) { andre@0: unsigned char *ivData; andre@0: sec_pkcs5V2Parameter *pbeV2_param = NULL; andre@0: andre@0: /* can only return the IV if the crypto Algorithm exists */ andre@0: if (pbeAlg == SEC_OID_PKCS5_PBKDF2) { andre@0: PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); andre@0: goto loser; andre@0: } andre@0: pbeV2_param = sec_pkcs5_v2_get_v2_param(NULL, algid); andre@0: if (pbeV2_param == NULL) { andre@0: goto loser; andre@0: } andre@0: /* extract the IV from the cipher algid portion of our pkcs 5 v2 andre@0: * algorithm id */ andre@0: type = PK11_AlgtagToMechanism( andre@0: SECOID_GetAlgorithmTag(&pbeV2_param->cipherAlgId)); andre@0: param = PK11_ParamFromAlgid(&pbeV2_param->cipherAlgId); andre@0: sec_pkcs5_v2_destroy_v2_param(pbeV2_param); andre@0: if (!param) { andre@0: goto loser; andre@0: } andre@0: /* NOTE: NULL is a permissible return here */ andre@0: ivData = PK11_IVFromParam(type, param, &iv_len); andre@0: src.data = ivData; andre@0: src.len = iv_len; andre@0: goto done; andre@0: } andre@0: andre@0: type = PK11_AlgtagToMechanism(pbeAlg); andre@0: param = PK11_ParamFromAlgid(algid); andre@0: if (param == NULL) { andre@0: goto done; andre@0: } andre@0: slot = PK11_GetInternalSlot(); andre@0: symKey = PK11_RawPBEKeyGen(slot, type, param, pwitem, faulty3DES, NULL); andre@0: PK11_FreeSlot(slot); andre@0: if (symKey == NULL) { andre@0: goto loser; andre@0: } andre@0: PK11_FreeSymKey(symKey); andre@0: pPBEparams = (CK_PBE_PARAMS_PTR)param->data; andre@0: iv_len = PK11_GetIVLength(type); andre@0: andre@0: src.data = (unsigned char *)pPBEparams->pInitVector; andre@0: src.len = iv_len; andre@0: andre@0: done: andre@0: iv = SECITEM_DupItem(&src); andre@0: andre@0: loser: andre@0: if (param) { andre@0: SECITEM_ZfreeItem(param, PR_TRUE); andre@0: } andre@0: return iv; andre@0: } andre@0: andre@0: /* andre@0: * Subs from nss 3.x that are deprecated andre@0: */ andre@0: PBEBitGenContext * andre@0: __PBE_CreateContext(SECOidTag hashAlgorithm, PBEBitGenID bitGenPurpose, andre@0: SECItem *pwitem, SECItem *salt, unsigned int bitsNeeded, andre@0: unsigned int iterations) andre@0: { andre@0: PORT_Assert("__PBE_CreateContext is Deprecated" == NULL); andre@0: return NULL; andre@0: } andre@0: andre@0: SECItem * andre@0: __PBE_GenerateBits(PBEBitGenContext *context) andre@0: { andre@0: PORT_Assert("__PBE_GenerateBits is Deprecated" == NULL); andre@0: return NULL; andre@0: } andre@0: andre@0: void andre@0: __PBE_DestroyContext(PBEBitGenContext *context) andre@0: { andre@0: PORT_Assert("__PBE_DestroyContext is Deprecated" == NULL); andre@0: } andre@0: andre@0: SECStatus andre@0: RSA_FormatBlock(SECItem *result, unsigned modulusLen, andre@0: int blockType, SECItem *data) andre@0: { andre@0: PORT_Assert("RSA_FormatBlock is Deprecated" == NULL); andre@0: return SECFailure; andre@0: } andre@0: andre@0: /**************************************************************************** andre@0: * andre@0: * Now Do The PBE Functions Here... andre@0: * andre@0: ****************************************************************************/ andre@0: andre@0: static void andre@0: pk11_destroy_ck_pbe_params(CK_PBE_PARAMS *pbe_params) andre@0: { andre@0: if (pbe_params) { andre@0: if (pbe_params->pPassword) andre@0: PORT_ZFree(pbe_params->pPassword, pbe_params->ulPasswordLen); andre@0: if (pbe_params->pSalt) andre@0: PORT_ZFree(pbe_params->pSalt, pbe_params->ulSaltLen); andre@0: PORT_ZFree(pbe_params, sizeof(CK_PBE_PARAMS)); andre@0: } andre@0: } andre@0: andre@0: /* andre@0: * public, deprecated. use PK11_CreatePBEAlgorithmID or andre@0: * PK11_CreatePBEV2AlgorithmID instead. If you needthe pkcs #11 parameters, andre@0: * use PK11_ParamFromAlgid from the algorithm id you created using andre@0: * PK11_CreatePBEAlgorithmID or PK11_CreatePBEV2AlgorithmID. andre@0: */ andre@0: SECItem * andre@0: PK11_CreatePBEParams(SECItem *salt, SECItem *pwd, unsigned int iterations) andre@0: { andre@0: CK_PBE_PARAMS *pbe_params = NULL; andre@0: SECItem *paramRV = NULL; andre@0: andre@0: paramRV = SECITEM_AllocItem(NULL, NULL, sizeof(CK_PBE_PARAMS)); andre@0: if (!paramRV ) { andre@0: goto loser; andre@0: } andre@0: /* init paramRV->data with zeros. SECITEM_AllocItem does not do it */ andre@0: PORT_Memset(paramRV->data, 0, sizeof(CK_PBE_PARAMS)); andre@0: andre@0: pbe_params = (CK_PBE_PARAMS *)paramRV->data; andre@0: pbe_params->pPassword = (CK_CHAR_PTR)PORT_ZAlloc(pwd->len); andre@0: if (!pbe_params->pPassword) { andre@0: goto loser; andre@0: } andre@0: PORT_Memcpy(pbe_params->pPassword, pwd->data, pwd->len); andre@0: pbe_params->ulPasswordLen = pwd->len; andre@0: andre@0: pbe_params->pSalt = (CK_CHAR_PTR)PORT_ZAlloc(salt->len); andre@0: if (!pbe_params->pSalt) { andre@0: goto loser; andre@0: } andre@0: PORT_Memcpy(pbe_params->pSalt, salt->data, salt->len); andre@0: pbe_params->ulSaltLen = salt->len; andre@0: andre@0: pbe_params->ulIteration = (CK_ULONG)iterations; andre@0: return paramRV; andre@0: andre@0: loser: andre@0: if (pbe_params) andre@0: pk11_destroy_ck_pbe_params(pbe_params); andre@0: if (paramRV) andre@0: PORT_ZFree(paramRV, sizeof(SECItem)); andre@0: return NULL; andre@0: } andre@0: andre@0: /* andre@0: * public, deprecated. andre@0: */ andre@0: void andre@0: PK11_DestroyPBEParams(SECItem *pItem) andre@0: { andre@0: if (pItem) { andre@0: CK_PBE_PARAMS * params = (CK_PBE_PARAMS *)(pItem->data); andre@0: if (params) andre@0: pk11_destroy_ck_pbe_params(params); andre@0: PORT_ZFree(pItem, sizeof(SECItem)); andre@0: } andre@0: } andre@0: andre@0: /* andre@0: * public, Partially supports PKCS5 V2 (some parameters are not controllable andre@0: * through this interface). Use PK11_CreatePBEV2AlgorithmID() if you need andre@0: * finer control these. andre@0: */ andre@0: SECAlgorithmID * andre@0: PK11_CreatePBEAlgorithmID(SECOidTag algorithm, int iteration, SECItem *salt) andre@0: { andre@0: SECAlgorithmID *algid = NULL; andre@0: algid = sec_pkcs5CreateAlgorithmID(algorithm, andre@0: SEC_OID_UNKNOWN, SEC_OID_UNKNOWN, NULL, 0, salt, iteration); andre@0: return algid; andre@0: } andre@0: andre@0: /* andre@0: * public, fully support pkcs5v2. andre@0: */ andre@0: SECAlgorithmID * andre@0: PK11_CreatePBEV2AlgorithmID(SECOidTag pbeAlgTag, SECOidTag cipherAlgTag, andre@0: SECOidTag prfAlgTag, int keyLength, int iteration, andre@0: SECItem *salt) andre@0: { andre@0: SECAlgorithmID *algid = NULL; andre@0: algid = sec_pkcs5CreateAlgorithmID(pbeAlgTag, cipherAlgTag, prfAlgTag, andre@0: NULL, keyLength, salt, iteration); andre@0: return algid; andre@0: } andre@0: andre@0: /* andre@0: * private. andre@0: */ andre@0: PK11SymKey * andre@0: pk11_RawPBEKeyGenWithKeyType(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, andre@0: SECItem *params, CK_KEY_TYPE keyType, int keyLen, andre@0: SECItem *pwitem, void *wincx) andre@0: { andre@0: CK_ULONG pwLen; andre@0: /* do some sanity checks */ andre@0: if ((params == NULL) || (params->data == NULL)) { andre@0: PORT_SetError(SEC_ERROR_INVALID_ARGS); andre@0: return NULL; andre@0: } andre@0: andre@0: if (type == CKM_INVALID_MECHANISM) { andre@0: PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); andre@0: return NULL; andre@0: } andre@0: andre@0: /* set the password pointer in the parameters... */ andre@0: if (type == CKM_PKCS5_PBKD2) { andre@0: CK_PKCS5_PBKD2_PARAMS *pbev2_params; andre@0: if (params->len < sizeof(CK_PKCS5_PBKD2_PARAMS)) { andre@0: PORT_SetError(SEC_ERROR_INVALID_ARGS); andre@0: return NULL; andre@0: } andre@0: pbev2_params = (CK_PKCS5_PBKD2_PARAMS *)params->data; andre@0: pbev2_params->pPassword = pwitem->data; andre@0: pwLen = pwitem->len; andre@0: pbev2_params->ulPasswordLen = &pwLen; andre@0: } else { andre@0: CK_PBE_PARAMS *pbe_params; andre@0: if (params->len < sizeof(CK_PBE_PARAMS)) { andre@0: PORT_SetError(SEC_ERROR_INVALID_ARGS); andre@0: return NULL; andre@0: } andre@0: pbe_params = (CK_PBE_PARAMS *)params->data; andre@0: pbe_params->pPassword = pwitem->data; andre@0: pbe_params->ulPasswordLen = pwitem->len; andre@0: } andre@0: andre@0: /* generate the key (and sometimes the IV as a side effect...) */ andre@0: return pk11_TokenKeyGenWithFlagsAndKeyType(slot, type, params, keyType, andre@0: keyLen, NULL, CKF_SIGN|CKF_ENCRYPT|CKF_DECRYPT|CKF_UNWRAP|CKF_WRAP, andre@0: 0, wincx); andre@0: } andre@0: andre@0: /* andre@0: * public, deprecated. use PK11_PBEKeyGen instead. andre@0: */ andre@0: PK11SymKey * andre@0: PK11_RawPBEKeyGen(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, SECItem *mech, andre@0: SECItem *pwitem, PRBool faulty3DES, void *wincx) andre@0: { andre@0: if(faulty3DES && (type == CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC)) { andre@0: type = CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC; andre@0: } andre@0: return pk11_RawPBEKeyGenWithKeyType(slot, type, mech, -1, 0, pwitem, wincx); andre@0: } andre@0: andre@0: /* andre@0: * pubic, supports pkcs5 v2. andre@0: * andre@0: * Create symkey from a PBE key. The algid can be created with andre@0: * PK11_CreatePBEV2AlgorithmID and PK11_CreatePBEAlgorithmID, or by andre@0: * extraction of der data. andre@0: */ andre@0: PK11SymKey * andre@0: PK11_PBEKeyGen(PK11SlotInfo *slot, SECAlgorithmID *algid, SECItem *pwitem, andre@0: PRBool faulty3DES, void *wincx) andre@0: { andre@0: CK_MECHANISM_TYPE type; andre@0: SECItem *param = NULL; andre@0: PK11SymKey *symKey = NULL; andre@0: SECOidTag pbeAlg; andre@0: CK_KEY_TYPE keyType = -1; andre@0: int keyLen = 0; andre@0: andre@0: pbeAlg = SECOID_GetAlgorithmTag(algid); andre@0: /* if we're using PKCS5v2, extract the additional information we need andre@0: * (key length, key type, and pbeAlg). */ andre@0: if (sec_pkcs5_is_algorithm_v2_pkcs5_algorithm(pbeAlg)) { andre@0: CK_MECHANISM_TYPE cipherMech; andre@0: sec_pkcs5V2Parameter *pbeV2_param; andre@0: andre@0: pbeV2_param = sec_pkcs5_v2_get_v2_param(NULL, algid); andre@0: if (pbeV2_param == NULL) { andre@0: return NULL; andre@0: } andre@0: cipherMech = PK11_AlgtagToMechanism( andre@0: SECOID_GetAlgorithmTag(&pbeV2_param->cipherAlgId)); andre@0: pbeAlg = SECOID_GetAlgorithmTag(&pbeV2_param->pbeAlgId); andre@0: param = PK11_ParamFromAlgid(&pbeV2_param->pbeAlgId); andre@0: sec_pkcs5_v2_destroy_v2_param(pbeV2_param); andre@0: keyLen = SEC_PKCS5GetKeyLength(algid); andre@0: if (keyLen == -1) { andre@0: keyLen = 0; andre@0: } andre@0: keyType = PK11_GetKeyType(cipherMech, keyLen); andre@0: } else { andre@0: param = PK11_ParamFromAlgid(algid); andre@0: } andre@0: andre@0: if(param == NULL) { andre@0: goto loser; andre@0: } andre@0: andre@0: type = PK11_AlgtagToMechanism(pbeAlg); andre@0: if (type == CKM_INVALID_MECHANISM) { andre@0: PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); andre@0: goto loser; andre@0: } andre@0: if(faulty3DES && (type == CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC)) { andre@0: type = CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC; andre@0: } andre@0: symKey = pk11_RawPBEKeyGenWithKeyType(slot, type, param, keyType, keyLen, andre@0: pwitem, wincx); andre@0: andre@0: loser: andre@0: if (param) { andre@0: SECITEM_ZfreeItem(param, PR_TRUE); andre@0: } andre@0: return symKey; andre@0: } andre@0: andre@0: /* andre@0: * public, supports pkcs5v2 andre@0: */ andre@0: SECItem * andre@0: PK11_GetPBEIV(SECAlgorithmID *algid, SECItem *pwitem) andre@0: { andre@0: return SEC_PKCS5GetIV(algid, pwitem, PR_FALSE); andre@0: } andre@0: andre@0: CK_MECHANISM_TYPE andre@0: pk11_GetPBECryptoMechanism(SECAlgorithmID *algid, SECItem **param, andre@0: SECItem *pbe_pwd, PRBool faulty3DES) andre@0: { andre@0: int keyLen = 0; andre@0: SECOidTag algTag = SEC_PKCS5GetCryptoAlgorithm(algid); andre@0: CK_MECHANISM_TYPE mech = PK11_AlgtagToMechanism(algTag); andre@0: CK_MECHANISM_TYPE returnedMechanism = CKM_INVALID_MECHANISM; andre@0: SECItem *iv = NULL; andre@0: andre@0: if (mech == CKM_INVALID_MECHANISM) { andre@0: PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); andre@0: goto loser; andre@0: } andre@0: if (PK11_GetIVLength(mech)) { andre@0: iv = SEC_PKCS5GetIV(algid, pbe_pwd, faulty3DES); andre@0: if (iv == NULL) { andre@0: goto loser; andre@0: } andre@0: } andre@0: andre@0: keyLen = SEC_PKCS5GetKeyLength(algid); andre@0: andre@0: *param = pk11_ParamFromIVWithLen(mech, iv, keyLen); andre@0: if (*param == NULL) { andre@0: goto loser; andre@0: } andre@0: returnedMechanism = mech; andre@0: andre@0: loser: andre@0: if (iv) { andre@0: SECITEM_FreeItem(iv,PR_TRUE); andre@0: } andre@0: return returnedMechanism; andre@0: } andre@0: andre@0: /* andre@0: * Public, supports pkcs5 v2 andre@0: * andre@0: * Get the crypto mechanism directly from the pbe algorithmid. andre@0: * andre@0: * It's important to go directly from the algorithm id so that we can andre@0: * handle both the PKCS #5 v1, PKCS #12, and PKCS #5 v2 cases. andre@0: * andre@0: * This function returns both the mechanism and the parameter for the mechanism. andre@0: * The caller is responsible for freeing the parameter. andre@0: */ andre@0: CK_MECHANISM_TYPE andre@0: PK11_GetPBECryptoMechanism(SECAlgorithmID *algid, SECItem **param, andre@0: SECItem *pbe_pwd) andre@0: { andre@0: return pk11_GetPBECryptoMechanism(algid, param, pbe_pwd, PR_FALSE); andre@0: }