| blob | 47fbc093efa6edf35f504ee95686ba68e744635e |
1 /* ***** BEGIN LICENSE BLOCK *****
2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
3 *
4 * The contents of this file are subject to the Mozilla Public License Version
5 * 1.1 (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
7 * http://www.mozilla.org/MPL/
8 *
9 * Software distributed under the License is distributed on an "AS IS" basis,
10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
11 * for the specific language governing rights and limitations under the
12 * License.
13 *
14 * The Original Code is the Netscape security libraries.
15 *
16 * The Initial Developer of the Original Code is
17 * Netscape Communications Corporation.
18 * Portions created by the Initial Developer are Copyright (C) 1994-2000
19 * the Initial Developer. All Rights Reserved.
20 *
21 * Contributor(s):
22 *
23 * Alternatively, the contents of this file may be used under the terms of
24 * either the GNU General Public License Version 2 or later (the "GPL"), or
25 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
26 * in which case the provisions of the GPL or the LGPL are applicable instead
27 * of those above. If you wish to allow use of your version of this file only
28 * under the terms of either the GPL or the LGPL, and not to allow others to
29 * use your version of this file under the terms of the MPL, indicate your
30 * decision by deleting the provisions above and replace them with the notice
31 * and other provisions required by the GPL or the LGPL. If you do not delete
32 * the provisions above, a recipient may use your version of this file under
33 * the terms of any one of the MPL, the GPL or the LGPL.
34 *
35 * ***** END LICENSE BLOCK ***** */
37 /*
38 * CMS recipientInfo methods.
39 *
40 * $Id: cmsrecinfo.c,v 1.19 2006/07/19 00:36:38 nelson%bolyard.com Exp $
41 */
53 PRBool
55 {
61 }
62 }
64 }
66 /*
67 * NOTE: fakeContent marks CMSMessage structure which is only used as a carrier
68 * of pwfn_arg and arena pools. In an ideal world, NSSCMSMessage would not have
69 * been exported, and we would have added an ordinary enum to handle this
70 * check. Unfortunatly wo don't have that luxury so we are overloading the
71 * contentTypeTag field. NO code should every try to interpret this content tag
72 * as a real OID tag, or use any fields other than pwfn_arg or poolp of this
73 * CMSMessage for that matter */
75 NSSCMSRecipientInfo *
77 NSSCMSRecipientIDSelector type,
83 {
86 SECOidTag certalgtag;
98 /* a CMSMessage wasn't supplied, create a fake one to hold the pwfunc
99 * and a private arena pool */
102 /* mark it as a special cms message */
104 }
117 /* decode everything from DER */
118 SECItem newinput;
125 }
129 {
135 }
138 {
142 }
149 /* unkown type */
152 }
165 }
174 }
180 }
188 }
192 }
199 }
200 /* a key agreement op */
206 }
207 /* we do not support the case where multiple recipients
208 * share the same KeyAgreeRecipientInfo and have multiple RecipientEncryptedKeys
209 * in this case, we would need to walk all the recipientInfos, take the
210 * ones that do KeyAgreement algorithms and join them, algorithm by algorithm
211 * Then, we'd generate ONE ukm and OriginatorIdentifierOrKey */
213 /* only epheremal-static Diffie-Hellman is supported for now
214 * this is the only form of key agreement that provides potential anonymity
215 * of the sender, plus we do not have to include certs in the message */
217 /* force single recipientEncryptedKey for now */
221 }
223 /* hardcoded IssuerSN choice for now */
228 }
232 /* see RFC2630 12.3.1.1 */
240 /* other algorithms not supported yet */
241 /* NOTE that we do not support any KEK algorithm */
245 }
250 /* set version */
253 if (ri->ri.keyTransRecipientInfo.recipientIdentifier.identifierType == NSSCMSRecipientID_IssuerSN)
255 else
263 NSS_CMS_KEYAGREE_RECIPIENT_INFO_VERSION);
268 /* NOTE: this cannot happen as long as we do not support any KEK algorithm */
270 NSS_CMS_KEK_RECIPIENT_INFO_VERSION);
275 }
277 done:
283 loser:
286 }
289 }
293 }
295 }
297 /*
298 * NSS_CMSRecipientInfo_Create - create a recipientinfo
299 *
300 * we currently do not create KeyAgreement recipientinfos with multiple
301 * recipientEncryptedKeys the certificate is supposed to have been
302 * verified by the caller
303 */
304 NSSCMSRecipientInfo *
306 {
309 }
311 NSSCMSRecipientInfo *
313 {
316 }
318 NSSCMSRecipientInfo *
320 {
323 }
326 NSSCMSRecipientInfo *
330 {
333 }
335 NSSCMSRecipientInfo *
338 {
345 }
349 }
353 }
355 done:
363 }
365 void
367 {
370 }
371 /* version was allocated on the pool, so no need to destroy it */
372 /* issuerAndSN was allocated on the pool, so no need to destroy it */
381 }
384 }
386 /* we're done. */
387 }
389 int
391 {
397 /* ignore subIndex */
401 /* ignore subIndex */
407 }
413 /* always take apart the SECItem */
416 else
418 }
420 SECItem *
422 {
427 /* ignore subIndex */
431 /* ignore subIndex */
437 }
439 }
442 SECOidTag
444 {
457 }
459 }
461 SECStatus
463 SECOidTag bulkalgtag)
464 {
466 SECOidTag certalgtag;
474 PRBool usesSubjKeyID;
484 /* sanity check */
489 }
495 }
497 /* XXX set ri->recipientInfoType to the proper value here */
498 /* or should we look if it's been set already ? */
503 /* wrap the symkey */
515 }
524 }
529 /* see RFC2630 12.3.1.1 */
534 }
536 /* this will generate a key pair, compute the shared secret, */
537 /* derive a key and ukm for the keyEncAlg out of it, encrypt the bulk key with */
538 /* the keyEncAlg, set encKey, keyEncAlg, publicKey etc. */
547 /* other algorithms not supported yet */
548 /* NOTE that we do not support any KEK algorithm */
552 }
557 }
559 PK11SymKey *
562 {
565 SECOidTag encalgtag;
570 /* mark the recipientInfo so we can find it later */
579 /* RSA encryption algorithm: */
580 /* get the symmetric (bulk) key by unwrapping it using our private key */
584 /* FORTEZZA key exchange algorithm */
585 /* the supplemental data is in the parameters of encalg */
586 bulkkey = NSS_CMSUtil_DecryptSymKey_MISSI(privkey, enckey, encalg, bulkalgtag, ri->cmsg->pwfn_arg);
591 }
599 /* Diffie-Helman key exchange */
600 /* XXX not yet implemented */
601 /* XXX problem: SEC_OID_X942_DIFFIE_HELMAN_KEY points to a PKCS3 mechanism! */
602 /* we support ephemeral-static DH only, so if the recipientinfo */
603 /* has originator stuff in it, we punt (or do we? shouldn't be that hard...) */
604 /* first, we derive the KEK (a symkey!) using a Derive operation, then we get the */
605 /* content encryption key using a Unwrap op */
606 /* the derive operation has to generate the key using the algorithm in RFC2631 */
612 }
618 /* not supported yet */
622 }
623 /* XXXX continue here */
626 loser:
628 }
633 {
644 /* nothing requested, nothing found, success */
646 }
650 }
653 }
659 }
660 }
662 /* we don't have the cert, we have to look for it */
663 /* first build an NSS_CMSRecipient */
669 /* now look for the cert and key */
676 }
679 }
682 }
684 /* we have the cert, we just need the key now */
686 }
692 }
693 }
699 }
700 }
703 }
708 {
714 NSSCMSRecipientInfoTemplate)) {
716 }
718 }