| blob | f0fbbcb2e7646e0204ada48c3cdfdc57425a35c4 |
1 /* ***** BEGIN LICENSE BLOCK *****
2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
3 *
4 * The contents of this file are subject to the Mozilla Public License Version
5 * 1.1 (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
7 * http://www.mozilla.org/MPL/
8 *
9 * Software distributed under the License is distributed on an "AS IS" basis,
10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
11 * for the specific language governing rights and limitations under the
12 * License.
13 *
14 * The Original Code is the Netscape security libraries.
15 *
16 * The Initial Developer of the Original Code is
17 * Netscape Communications Corporation.
18 * Portions created by the Initial Developer are Copyright (C) 1994-2000
19 * the Initial Developer. All Rights Reserved.
20 *
21 * Contributor(s):
22 *
23 * Alternatively, the contents of this file may be used under the terms of
24 * either the GNU General Public License Version 2 or later (the "GPL"), or
25 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
26 * in which case the provisions of the GPL or the LGPL are applicable instead
27 * of those above. If you wish to allow use of your version of this file only
28 * under the terms of either the GPL or the LGPL, and not to allow others to
29 * use your version of this file under the terms of the MPL, indicate your
30 * decision by deleting the provisions above and replace them with the notice
31 * and other provisions required by the GPL or the LGPL. If you do not delete
32 * the provisions above, a recipient may use your version of this file under
33 * the terms of any one of the MPL, the GPL or the LGPL.
34 *
35 * ***** END LICENSE BLOCK ***** */
54 /*
55 ** This PKCS12 file encoder uses numerous nested ASN.1 and PKCS7 encoder
56 ** contexts. It can be difficult to keep straight. Here's a picture:
57 **
58 ** "outer" ASN.1 encoder. The output goes to the library caller's CB.
59 ** "middle" PKCS7 encoder. Feeds the "outer" ASN.1 encoder.
60 ** "middle" ASN1 encoder. Encodes the encrypted aSafes.
61 ** Feeds the "middle" P7 encoder above.
62 ** "inner" PKCS7 encoder. Encrypts the "authenticated Safes" (aSafes)
63 ** Feeds the "middle" ASN.1 encoder above.
64 ** "inner" ASN.1 encoder. Encodes the unencrypted aSafes.
65 ** Feeds the "inner" P7 enocder above.
66 **
67 ** Buffering has been added at each point where the output of an ASN.1
68 ** encoder feeds the input of a PKCS7 encoder.
69 */
71 /*********************************
72 * Output buffer object, used to buffer output from ASN.1 encoder
73 * before passing data on down to the next PKCS7 encoder.
74 *********************************/
76 #define PK12_OUTPUT_BUFFER_SIZE 8192
84 };
87 /*********************************
88 * Structures used in exporting the PKCS 12 blob
89 *********************************/
91 /* A SafeInfo is used for each ContentInfo which makes up the
92 * sequence of safes in the AuthenticatedSafe portion of the
93 * PFX structure.
94 */
98 /* information for setting up password encryption */
99 SECItem pwitem;
100 SECOidTag algorithm;
103 /* how many items have been stored in this safe,
104 * we will skip any safe which does not contain any
105 * items
106 */
109 /* the content info for the safe */
113 };
115 /* An opaque structure which contains information needed for exporting
116 * certificates and keys through PKCS 12.
117 */
123 /* integrity information */
124 PRBool integrityEnabled;
125 PRBool pwdIntegrity;
131 /* helper functions */
132 /* retrieve the password call back */
133 SECKEYGetPasswordKey pwfn;
136 /* safe contents bags */
140 /* the sequence of safes */
141 sec_PKCS12AuthenticatedSafe authSafe;
143 /* information needing deletion */
145 };
147 /* structures for passing information to encoder callbacks when processing
148 * data through the ASN1 engine.
149 */
151 SEC_PKCS12EncoderOutputCallback outputfn;
153 };
158 };
160 /* An encoder context which is used for the actual encoding
161 * portion of PKCS 12.
162 */
168 /* encoder information - this is set up based on whether
169 * password based or public key pased privacy is being used
170 */
177 /* structures for encoding of PFX and MAC */
178 sec_PKCS12PFXItem pfx;
179 sec_PKCS12MacData mac;
181 /* authenticated safe encoding tracking information */
187 /* hmac context */
190 /* output buffers */
191 sec_pkcs12OutputBuffer middleBuf;
192 sec_pkcs12OutputBuffer innerBuf;
197 /*********************************
198 * Export setup routines
199 *********************************/
201 /* SEC_PKCS12CreateExportContext
202 * Creates an export context and sets the unicode and password retrieval
203 * callbacks. This is the first call which must be made when exporting
204 * a PKCS 12 blob.
205 *
206 * pwfn, pwfnarg - password retrieval callback and argument. these are
207 * required for password-authentication mode.
208 */
209 SEC_PKCS12ExportContext *
212 {
216 /* allocate the arena and create the context */
221 }
228 }
230 /* password callback for key retrieval */
241 loser:
244 }
247 }
249 /*
250 * Adding integrity mode
251 */
253 /* SEC_PKCS12AddPasswordIntegrity
254 * Add password integrity to the exported data. If an integrity method
255 * has already been set, then return an error.
256 *
257 * p12ctxt - the export context
258 * pwitem - the password for integrity mode
259 * integAlg - the integrity algorithm to use for authentication.
260 */
261 SECStatus
264 {
267 }
269 /* set up integrity information */
276 }
282 }
287 }
289 /* SEC_PKCS12AddPublicKeyIntegrity
290 * Add public key integrity to the exported data. If an integrity method
291 * has already been set, then return an error. The certificate must be
292 * allowed to be used as a signing cert.
293 *
294 * p12ctxt - the export context
295 * cert - signer certificate
296 * certDb - the certificate database
297 * algorithm - signing algorithm
298 * keySize - size of the signing key (?)
299 */
300 SECStatus
304 {
307 }
316 }
319 /*
320 * Adding safes - encrypted (password/public key) or unencrypted
321 * Each of the safe creation routines return an opaque pointer which
322 * are later passed into the routines for exporting certificates and
323 * keys.
324 */
326 /* append the newly created safeInfo to list of safeInfos in the export
327 * context.
328 */
329 static SECStatus
331 {
336 }
340 /* if no safeInfos have been set, create the list, otherwise expand it. */
357 }
361 }
363 /* append the new safeInfo and null terminate the list */
371 }
377 loser:
380 }
382 /* SEC_PKCS12CreatePasswordPrivSafe
383 * Create a password privacy safe to store exported information in.
384 *
385 * p12ctxt - export context
386 * pwitem - password for encryption
387 * privAlg - pbe algorithm through which encryption is done.
388 */
389 SEC_PKCS12SafeInfo *
392 {
401 }
403 /* allocate the safe info */
411 }
415 /* create the encrypted safe */
421 }
424 /* convert the password to unicode */
429 }
433 }
435 /* generate the encryption key */
442 }
443 }
450 }
456 }
460 }
465 }
468 loser:
471 }
474 }
478 }
482 }
484 /* SEC_PKCS12CreateUnencryptedSafe
485 * Creates an unencrypted safe within the export context.
486 *
487 * p12ctxt - the export context
488 */
489 SEC_PKCS12SafeInfo *
491 {
497 }
499 /* create the safe info */
507 }
511 /* create the safe content */
516 }
520 }
525 loser:
528 }
532 }
534 /* SEC_PKCS12CreatePubKeyEncryptedSafe
535 * Creates a safe which is protected by public key encryption.
536 *
537 * p12ctxt - the export context
538 * certDb - the certificate database
539 * signer - the signer's certificate
540 * recipients - the list of recipient certificates.
541 * algorithm - the encryption algorithm to use
542 * keysize - the algorithms key size (?)
543 */
544 SEC_PKCS12SafeInfo *
550 {
556 }
558 /* allocate the safeInfo */
566 }
571 /* create the enveloped content info using certUsageEmailSigner currently.
572 * XXX We need to eventually use something other than certUsageEmailSigner
573 */
580 }
582 /* add recipients */
590 }
591 i++;
592 }
593 }
597 }
602 loser:
606 }
610 }
612 /*********************************
613 * Routines to handle the exporting of the keys and certificates
614 *********************************/
616 /* creates a safe contents which safeBags will be appended to */
617 sec_PKCS12SafeContents *
619 {
624 }
626 /* create the safe contents */
632 }
634 /* set up the internal contents info */
641 loser:
643 }
645 /* appends a safe bag to a safeContents using the specified arena.
646 */
647 SECStatus
651 {
656 }
662 }
664 /* allocate space for the list, or reallocate to increase space */
675 }
681 }
683 /* append the bag at the end and null terminate the list */
690 }
692 /* appends a safeBag to a specific safeInfo.
693 */
694 SECStatus
697 {
703 }
709 }
710 }
716 }
719 }
721 /* Creates a safeBag of the specified type, and if bagData is specified,
722 * the contents are set. The contents could be set later by the calling
723 * routine.
724 */
725 sec_PKCS12SafeBag *
728 {
737 }
743 }
751 }
753 /* set the bags content based upon bag type */
779 }
787 }
790 }
797 loser:
800 }
803 }
805 /* Creates a new certificate bag and returns a pointer to it. If an error
806 * occurs NULL is returned.
807 */
808 sec_PKCS12CertBag *
810 {
813 SECStatus rv;
818 }
827 }
833 }
839 }
844 loser:
847 }
849 /* Creates a new CRL bag and returns a pointer to it. If an error
850 * occurs NULL is returned.
851 */
852 sec_PKCS12CRLBag *
854 {
857 SECStatus rv;
862 }
871 }
877 }
883 }
888 loser:
891 }
893 /* sec_PKCS12AddAttributeToBag
894 * adds an attribute to a safeBag. currently, the only attributes supported
895 * are those which are specified within PKCS 12.
896 *
897 * p12ctxt - the export context
898 * safeBag - the safeBag to which attributes are appended
899 * attrType - the attribute type
900 * attrData - the attribute data
901 */
902 SECStatus
906 {
913 SECStatus rv;
917 }
921 /* allocate the attribute */
927 }
929 /* set up the attribute */
934 }
936 SECSuccess) {
939 }
944 {
947 }
949 {
954 }
957 }
960 }
962 /* append the attribute to the attribute value list */
968 }
970 /* XXX this will need to be changed if attributes requiring more than
971 * one element are ever used.
972 */
978 }
986 }
988 /* append the attribute to the safeBag attributes */
998 }
1001 }
1009 loser:
1012 }
1015 }
1017 /* SEC_PKCS12AddCert
1018 * Adds a certificate to the data being exported.
1019 *
1020 * p12ctxt - the export context
1021 * safe - the safeInfo to which the certificate is placed
1022 * nestedDest - if the cert is to be placed within a nested safeContents then,
1023 * this value is to be specified with the destination
1024 * cert - the cert to export
1025 * certDb - the certificate database handle
1026 * keyId - a unique identifier to associate a certificate/key pair
1027 * includeCertChain - PR_TRUE if the certificate chain is to be included.
1028 */
1029 SECStatus
1033 PRBool includeCertChain)
1034 {
1038 SECStatus rv;
1043 }
1046 /* allocate the cert bag */
1048 SEC_OID_PKCS9_X509_CERT);
1051 }
1057 }
1059 /* if the cert chain is to be included, we should only be exporting
1060 * the cert from our internal database.
1061 */
1064 certUsageSSLClient,
1065 PR_TRUE);
1070 }
1072 /* add cert chain */
1078 /* decode the certificate */
1079 /* XXX
1080 * This was rather silly. The chain is constructed above
1081 * by finding all of the CERTCertificate's in the database.
1082 * Then the chain is put into a CERTCertificateList, which only
1083 * contains the DER. Finally, the DER was decoded, and the
1084 * decoded cert was sent recursively back to this function.
1085 * Beyond being inefficent, this causes data loss (specifically,
1086 * the nickname). Instead, for 3.4, we'll do a lookup by the
1087 * DER, which should return the cached entry.
1088 */
1094 }
1096 /* add the certificate */
1102 }
1104 }
1105 }
1107 }
1109 /* if the certificate has a nickname, we will set the friendly name
1110 * to that.
1111 */
1114 /*
1115 * The cert is coming off of an external token,
1116 * let's strip the token name from the nickname
1117 * and only add what comes after the colon as the
1118 * nickname. -javi
1119 */
1127 delimit++;
1129 delimit);
1131 }
1135 }
1136 }
1139 certBag);
1142 }
1144 /* add the friendly name and keyId attributes, if necessary */
1150 }
1151 }
1157 }
1158 }
1160 /* append the cert safeBag */
1164 safeBag);
1167 }
1171 }
1176 loser:
1179 }
1182 }
1184 /* SEC_PKCS12AddEncryptedKey
1185 * Extracts the key associated with a particular certificate and exports
1186 * it.
1187 *
1188 * p12ctxt - the export context
1189 * safe - the safeInfo to place the key in
1190 * nestedDest - the nested safeContents to place a key
1191 * cert - the certificate which the key belongs to
1192 * shroudKey - encrypt the private key for export. This value should
1193 * always be true. lower level code will not allow the export
1194 * of unencrypted private keys.
1195 * algorithm - the algorithm with which to encrypt the private key
1196 * pwitem - the password to encrypted the private key with
1197 * keyId - the keyID attribute
1198 * nickName - the nickname attribute
1199 */
1200 static SECStatus
1204 {
1207 SECOidTag keyType;
1213 }
1222 }
1226 epki);
1231 }
1233 /* create the safe bag and set any attributes */
1238 }
1245 }
1246 }
1250 SEC_OID_PKCS9_LOCAL_KEY_ID,
1253 }
1254 }
1259 returnBag);
1262 }
1264 loser:
1270 }
1273 }
1275 /* SEC_PKCS12AddKeyForCert
1276 * Extracts the key associated with a particular certificate and exports
1277 * it.
1278 *
1279 * p12ctxt - the export context
1280 * safe - the safeInfo to place the key in
1281 * nestedDest - the nested safeContents to place a key
1282 * cert - the certificate which the key belongs to
1283 * shroudKey - encrypt the private key for export. This value should
1284 * always be true. lower level code will not allow the export
1285 * of unencrypted private keys.
1286 * algorithm - the algorithm with which to encrypt the private key
1287 * pwitem - the password to encrypt the private key with
1288 * keyId - the keyID attribute
1289 * nickName - the nickname attribute
1290 */
1291 SECStatus
1296 {
1299 SECOidTag keyType;
1306 }
1310 /* retrieve the key based upon the type that it is and
1311 * specify the type of safeBag to store the key in
1312 */
1315 /* extract the key unencrypted. this will most likely go away */
1322 }
1327 }
1334 /* extract the key encrypted */
1342 }
1344 /* we want to make sure to take the key out of the key slot */
1349 }
1361 }
1365 }
1368 epki);
1371 }
1375 }
1377 /* if no nickname specified, let's see if the certificate has a
1378 * nickname.
1379 */
1385 }
1386 }
1388 /* create the safe bag and set any attributes */
1393 }
1400 }
1401 }
1407 }
1408 }
1413 returnBag);
1416 }
1418 loser:
1424 }
1427 }
1429 /* SEC_PKCS12AddCertAndEncryptedKey
1430 * Add a certificate and key pair to be exported.
1431 *
1432 * p12ctxt - the export context
1433 * certSafe - the safeInfo where the cert is stored
1434 * certNestedDest - the nested safeContents to store the cert
1435 * keySafe - the safeInfo where the key is stored
1436 * keyNestedDest - the nested safeContents to store the key
1437 * shroudKey - extract the private key encrypted?
1438 * pwitem - the password with which the key is encrypted
1439 * algorithm - the algorithm with which the key is encrypted
1440 */
1441 SECStatus
1447 {
1456 }
1466 }
1469 /* generate the thumbprint of the cert to use as a keyId */
1474 }
1476 /* add the certificate */
1482 }
1490 }
1492 /* add the key */
1497 }
1504 loser:
1510 }
1512 /* SEC_PKCS12AddCertAndKey
1513 * Add a certificate and key pair to be exported.
1514 *
1515 * p12ctxt - the export context
1516 * certSafe - the safeInfo where the cert is stored
1517 * certNestedDest - the nested safeContents to store the cert
1518 * keySafe - the safeInfo where the key is stored
1519 * keyNestedDest - the nested safeContents to store the key
1520 * shroudKey - extract the private key encrypted?
1521 * pwitem - the password with which the key is encrypted
1522 * algorithm - the algorithm with which the key is encrypted
1523 */
1524 SECStatus
1530 {
1537 }
1541 /* generate the thumbprint of the cert to use as a keyId */
1546 }
1548 /* add the certificate */
1554 }
1556 /* add the key */
1563 }
1570 loser:
1575 }
1577 /* SEC_PKCS12CreateNestedSafeContents
1578 * Allows nesting of safe contents to be implemented. No limit imposed on
1579 * depth.
1580 *
1581 * p12ctxt - the export context
1582 * baseSafe - the base safeInfo
1583 * nestedDest - a parent safeContents (?)
1584 */
1588 {
1592 SECStatus rv;
1596 }
1605 }
1607 /* create the safeContents safeBag */
1609 SEC_OID_PKCS12_V1_SAFE_CONTENTS_BAG_ID,
1610 newSafe);
1613 }
1615 /* append the safeContents to the appropriate area */
1619 safeContentsBag);
1622 safeContentsBag);
1623 }
1626 }
1631 loser:
1634 }
1636 /*********************************
1637 * Encoding routines
1638 *********************************/
1640 /* set up the encoder context based on information in the export context
1641 * and return the newly allocated enocoder context. A return of NULL
1642 * indicates an error occurred.
1643 */
1644 sec_PKCS12EncoderContext *
1646 {
1649 SECStatus rv;
1655 }
1657 /* check for any empty safes and skip them */
1661 nonEmptyCnt++;
1662 }
1663 i++;
1664 }
1667 }
1670 /* allocate the encoder context */
1676 }
1681 /* set up the PFX version and information */
1684 SEC_PKCS12_VERSION) ) {
1687 }
1689 /* set up the authenticated safe content info based on the
1690 * type of integrity being used. this should be changed to
1691 * enforce integrity mode, but will not be implemented until
1692 * it is confirmed that integrity must be in place
1693 */
1695 SECStatus rv;
1697 /* create public key integrity mode */
1700 certUsageEmailSigner,
1703 NULL,
1708 }
1711 }
1717 /* init password pased integrity mode */
1723 CK_MECHANISM_TYPE integrityMech;
1724 CK_MECHANISM_TYPE hmacMech;
1726 /* zero out macData and set values */
1732 }
1737 }
1739 /* generate HMAC key */
1744 }
1759 }
1765 }
1767 /* initialize hmac */
1768 /* XXX NBB, why is this mech different than the one above? */
1779 }
1783 }
1784 }
1788 }
1794 loser:
1798 }
1801 }
1802 }
1807 }
1809 /* The outermost ASN.1 encoder calls this function for output.
1810 ** This function calls back to the library caller's output routine,
1811 ** which typically writes to a PKCS12 file.
1812 */
1813 static void
1816 {
1821 }
1823 /* The "middle" and "inner" ASN.1 encoders call this function to output.
1824 ** This function does HMACing, if appropriate, and then buffers the data.
1825 ** The buffered data is eventually passed down to the underlying PKCS7 encoder.
1826 */
1827 static void
1831 SEC_ASN1EncodingPart data_kind)
1832 {
1840 }
1842 /* buffer */
1853 }
1860 }
1861 /* buffer is presently empty */
1863 /* Just pass it through */
1866 /* copy it all into the buffer, and return */
1869 }
1870 }
1872 void
1874 {
1878 }
1879 }
1881 /* Feeds the output of a PKCS7 encoder into the next outward ASN.1 encoder.
1882 ** This function is used by both the inner and middle PCS7 encoders.
1883 */
1884 static void
1886 {
1893 }
1896 /* this function encodes content infos which are part of the
1897 * sequence of content infos labeled AuthenticatedSafes
1898 */
1899 static SECStatus
1901 {
1910 SECOidTag cinfoType;
1914 /* skip empty safes */
1917 }
1922 /* determine the safe type and set the appropriate argument */
1934 }
1936 /* start the PKCS7 encoder */
1938 sec_P12P7OutputCB_CallA1Update,
1942 }
1944 /* encode safe contents */
1951 sec_PKCS12SafeContentsTemplate,
1952 sec_P12A1OutputCB_HmacP7Update,
1956 }
1963 }
1966 /* finish up safe content info */
1969 }
1973 loser:
1977 }
1981 }
1984 }
1986 /* finish the HMAC and encode the macData so that it can be
1987 * encoded.
1988 */
1989 static SECStatus
1991 {
1993 SECStatus rv;
1999 }
2001 /* make sure we are using password integrity mode */
2004 }
2008 }
2010 /* finish the hmac */
2015 }
2022 }
2024 /* create the digest info */
2031 }
2037 }
2039 /* encode the mac data */
2045 }
2047 loser:
2050 }
2053 }
2058 }
2060 /* pfx notify function for ASN1 encoder.
2061 * We want to stop encoding once we reach the authenticated safe.
2062 * At that point, the encoder will be updated via streaming
2063 * as the authenticated safe is encoded.
2064 */
2065 static void
2067 {
2072 }
2074 /* look for authenticated safe */
2078 }
2083 }
2085 /* SEC_PKCS12Encode
2086 * Encodes the PFX item and returns it to the output function, via
2087 * callback. the output function must be capable of multiple updates.
2088 *
2089 * p12exp - the export context
2090 * output - the output function callback, will be called more than once,
2091 * must be able to accept streaming data.
2092 * outputarg - argument for the output callback.
2093 */
2094 SECStatus
2097 {
2100 SECStatus rv;
2104 }
2106 /* get the encoder context */
2110 }
2115 /* set up PFX encoder, the "outer" encoder. Set it for streaming */
2117 sec_PKCS12PFXItemTemplate,
2118 sec_P12A1OutputCB_Outer,
2124 }
2132 }
2134 /* set up asafe cinfo - the output of the encoder feeds the PFX encoder */
2136 sec_P12P7OutputCB_CallA1Update,
2141 }
2143 /* encode asafe */
2149 /* Setup the "inner ASN.1 encoder for Authenticated Safes. */
2153 }
2155 sec_PKCS12AuthenticatedSafeTemplate,
2156 sec_P12A1OutputCB_HmacP7Update,
2161 }
2165 /* encode each of the safes */
2169 }
2177 /* finish the encoding of the authenticated safes */
2182 }
2187 /* update the mac, if necessary */
2191 }
2193 /* finish encoding the pfx */
2198 loser:
2200 }
2202 void
2204 {
2209 }
2216 }
2219 }
2220 i++;
2221 }
2222 }
2227 }
2230 /*********************************
2231 * All-in-one routines for exporting certificates
2232 *********************************/
2234 PRBool error;
2235 SECItem outItem;
2236 };
2238 static void
2240 {
2245 }
2257 }
2258 }
2264 }
2266 /*
2267 * SEC_PKCS12ExportCertifcateAndKeyUsingPassword
2268 * Exports a certificate/key pair using password-based encryption and
2269 * authentication.
2270 *
2271 * pwfn, pwfnarg - password function and argument for the key database
2272 * cert - the certificate to export
2273 * certDb - certificate database
2274 * pwitem - the password to use
2275 * shroudKey - encrypt the key externally,
2276 * keyShroudAlg - encryption algorithm for key
2277 * encryptionAlg - the algorithm with which data is encrypted
2278 * integrityAlg - the algorithm for integrity
2279 */
2280 SECItem *
2288 {
2296 }
2305 }
2307 /* set up cert safe */
2312 }
2315 }
2317 /* set up key safe */
2322 }
2325 }
2327 /* add integrity mode */
2331 }
2333 /* add cert and key pair */
2338 }
2340 /* encode the puppy */
2344 }
2347 }
2356 loser:
2359 }
2363 }
2366 }