| blob | b84ac58e74d263983b5f46f9792baacd988afd6e |
1 /* ***** BEGIN LICENSE BLOCK *****
2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
3 *
4 * The contents of this file are subject to the Mozilla Public License Version
5 * 1.1 (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
7 * http://www.mozilla.org/MPL/
8 *
9 * Software distributed under the License is distributed on an "AS IS" basis,
10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
11 * for the specific language governing rights and limitations under the
12 * License.
13 *
14 * The Original Code is the Netscape security libraries.
15 *
16 * The Initial Developer of the Original Code is
17 * Netscape Communications Corporation.
18 * Portions created by the Initial Developer are Copyright (C) 1994-2000
19 * the Initial Developer. All Rights Reserved.
20 *
21 * Contributor(s):
22 *
23 * Alternatively, the contents of this file may be used under the terms of
24 * either the GNU General Public License Version 2 or later (the "GPL"), or
25 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
26 * in which case the provisions of the GPL or the LGPL are applicable instead
27 * of those above. If you wish to allow use of your version of this file only
28 * under the terms of either the GPL or the LGPL, and not to allow others to
29 * use your version of this file under the terms of the MPL, indicate your
30 * decision by deleting the provisions above and replace them with the notice
31 * and other provisions required by the GPL or the LGPL. If you do not delete
32 * the provisions above, a recipient may use your version of this file under
33 * the terms of any one of the MPL, the GPL or the LGPL.
34 *
35 * ***** END LICENSE BLOCK ***** */
53 /*
54 ** This PKCS12 file encoder uses numerous nested ASN.1 and PKCS7 encoder
55 ** contexts. It can be difficult to keep straight. Here's a picture:
56 **
57 ** "outer" ASN.1 encoder. The output goes to the library caller's CB.
58 ** "middle" PKCS7 encoder. Feeds the "outer" ASN.1 encoder.
59 ** "middle" ASN1 encoder. Encodes the encrypted aSafes.
60 ** Feeds the "middle" P7 encoder above.
61 ** "inner" PKCS7 encoder. Encrypts the "authenticated Safes" (aSafes)
62 ** Feeds the "middle" ASN.1 encoder above.
63 ** "inner" ASN.1 encoder. Encodes the unencrypted aSafes.
64 ** Feeds the "inner" P7 enocder above.
65 **
66 ** Buffering has been added at each point where the output of an ASN.1
67 ** encoder feeds the input of a PKCS7 encoder.
68 */
70 /*********************************
71 * Output buffer object, used to buffer output from ASN.1 encoder
72 * before passing data on down to the next PKCS7 encoder.
73 *********************************/
75 #define PK12_OUTPUT_BUFFER_SIZE 8192
83 };
86 /*********************************
87 * Structures used in exporting the PKCS 12 blob
88 *********************************/
90 /* A SafeInfo is used for each ContentInfo which makes up the
91 * sequence of safes in the AuthenticatedSafe portion of the
92 * PFX structure.
93 */
97 /* information for setting up password encryption */
98 SECItem pwitem;
99 SECOidTag algorithm;
102 /* how many items have been stored in this safe,
103 * we will skip any safe which does not contain any
104 * items
105 */
108 /* the content info for the safe */
112 };
114 /* An opaque structure which contains information needed for exporting
115 * certificates and keys through PKCS 12.
116 */
122 /* integrity information */
123 PRBool integrityEnabled;
124 PRBool pwdIntegrity;
130 /* helper functions */
131 /* retrieve the password call back */
132 SECKEYGetPasswordKey pwfn;
135 /* safe contents bags */
139 /* the sequence of safes */
140 sec_PKCS12AuthenticatedSafe authSafe;
142 /* information needing deletion */
144 };
146 /* structures for passing information to encoder callbacks when processing
147 * data through the ASN1 engine.
148 */
150 SEC_PKCS12EncoderOutputCallback outputfn;
152 };
157 };
159 /* An encoder context which is used for the actual encoding
160 * portion of PKCS 12.
161 */
167 /* encoder information - this is set up based on whether
168 * password based or public key pased privacy is being used
169 */
176 /* structures for encoding of PFX and MAC */
177 sec_PKCS12PFXItem pfx;
178 sec_PKCS12MacData mac;
180 /* authenticated safe encoding tracking information */
186 /* hmac context */
189 /* output buffers */
190 sec_pkcs12OutputBuffer middleBuf;
191 sec_pkcs12OutputBuffer innerBuf;
196 /*********************************
197 * Export setup routines
198 *********************************/
200 /* SEC_PKCS12CreateExportContext
201 * Creates an export context and sets the unicode and password retrieval
202 * callbacks. This is the first call which must be made when exporting
203 * a PKCS 12 blob.
204 *
205 * pwfn, pwfnarg - password retrieval callback and argument. these are
206 * required for password-authentication mode.
207 */
208 SEC_PKCS12ExportContext *
211 {
215 /* allocate the arena and create the context */
220 }
227 }
229 /* password callback for key retrieval */
240 loser:
243 }
246 }
248 /*
249 * Adding integrity mode
250 */
252 /* SEC_PKCS12AddPasswordIntegrity
253 * Add password integrity to the exported data. If an integrity method
254 * has already been set, then return an error.
255 *
256 * p12ctxt - the export context
257 * pwitem - the password for integrity mode
258 * integAlg - the integrity algorithm to use for authentication.
259 */
260 SECStatus
263 {
266 }
268 /* set up integrity information */
275 }
281 }
286 }
288 /* SEC_PKCS12AddPublicKeyIntegrity
289 * Add public key integrity to the exported data. If an integrity method
290 * has already been set, then return an error. The certificate must be
291 * allowed to be used as a signing cert.
292 *
293 * p12ctxt - the export context
294 * cert - signer certificate
295 * certDb - the certificate database
296 * algorithm - signing algorithm
297 * keySize - size of the signing key (?)
298 */
299 SECStatus
303 {
306 }
315 }
318 /*
319 * Adding safes - encrypted (password/public key) or unencrypted
320 * Each of the safe creation routines return an opaque pointer which
321 * are later passed into the routines for exporting certificates and
322 * keys.
323 */
325 /* append the newly created safeInfo to list of safeInfos in the export
326 * context.
327 */
328 static SECStatus
330 {
335 }
339 /* if no safeInfos have been set, create the list, otherwise expand it. */
356 }
360 }
362 /* append the new safeInfo and null terminate the list */
370 }
376 loser:
379 }
381 /* SEC_PKCS12CreatePasswordPrivSafe
382 * Create a password privacy safe to store exported information in.
383 *
384 * p12ctxt - export context
385 * pwitem - password for encryption
386 * privAlg - pbe algorithm through which encryption is done.
387 */
388 SEC_PKCS12SafeInfo *
391 {
400 }
402 /* allocate the safe info */
410 }
414 /* create the encrypted safe */
420 }
423 /* convert the password to unicode */
428 }
432 }
434 /* generate the encryption key */
441 }
442 }
449 }
455 }
459 }
464 }
467 loser:
470 }
473 }
477 }
481 }
483 /* SEC_PKCS12CreateUnencryptedSafe
484 * Creates an unencrypted safe within the export context.
485 *
486 * p12ctxt - the export context
487 */
488 SEC_PKCS12SafeInfo *
490 {
496 }
498 /* create the safe info */
506 }
510 /* create the safe content */
515 }
519 }
524 loser:
527 }
531 }
533 /* SEC_PKCS12CreatePubKeyEncryptedSafe
534 * Creates a safe which is protected by public key encryption.
535 *
536 * p12ctxt - the export context
537 * certDb - the certificate database
538 * signer - the signer's certificate
539 * recipients - the list of recipient certificates.
540 * algorithm - the encryption algorithm to use
541 * keysize - the algorithms key size (?)
542 */
543 SEC_PKCS12SafeInfo *
549 {
555 }
557 /* allocate the safeInfo */
565 }
570 /* create the enveloped content info using certUsageEmailSigner currently.
571 * XXX We need to eventually use something other than certUsageEmailSigner
572 */
579 }
581 /* add recipients */
589 }
590 i++;
591 }
592 }
596 }
601 loser:
605 }
609 }
611 /*********************************
612 * Routines to handle the exporting of the keys and certificates
613 *********************************/
615 /* creates a safe contents which safeBags will be appended to */
616 sec_PKCS12SafeContents *
618 {
623 }
625 /* create the safe contents */
631 }
633 /* set up the internal contents info */
640 loser:
642 }
644 /* appends a safe bag to a safeContents using the specified arena.
645 */
646 SECStatus
650 {
655 }
661 }
663 /* allocate space for the list, or reallocate to increase space */
674 }
680 }
682 /* append the bag at the end and null terminate the list */
689 }
691 /* appends a safeBag to a specific safeInfo.
692 */
693 SECStatus
696 {
702 }
708 }
709 }
715 }
718 }
720 /* Creates a safeBag of the specified type, and if bagData is specified,
721 * the contents are set. The contents could be set later by the calling
722 * routine.
723 */
724 sec_PKCS12SafeBag *
727 {
736 }
742 }
750 }
752 /* set the bags content based upon bag type */
778 }
786 }
789 }
796 loser:
799 }
802 }
804 /* Creates a new certificate bag and returns a pointer to it. If an error
805 * occurs NULL is returned.
806 */
807 sec_PKCS12CertBag *
809 {
812 SECStatus rv;
817 }
826 }
832 }
838 }
843 loser:
846 }
848 /* Creates a new CRL bag and returns a pointer to it. If an error
849 * occurs NULL is returned.
850 */
851 sec_PKCS12CRLBag *
853 {
856 SECStatus rv;
861 }
870 }
876 }
882 }
887 loser:
890 }
892 /* sec_PKCS12AddAttributeToBag
893 * adds an attribute to a safeBag. currently, the only attributes supported
894 * are those which are specified within PKCS 12.
895 *
896 * p12ctxt - the export context
897 * safeBag - the safeBag to which attributes are appended
898 * attrType - the attribute type
899 * attrData - the attribute data
900 */
901 SECStatus
905 {
912 SECStatus rv;
916 }
920 /* allocate the attribute */
926 }
928 /* set up the attribute */
933 }
935 SECSuccess) {
938 }
943 {
946 }
948 {
953 }
956 }
959 }
961 /* append the attribute to the attribute value list */
967 }
969 /* XXX this will need to be changed if attributes requiring more than
970 * one element are ever used.
971 */
977 }
985 }
987 /* append the attribute to the safeBag attributes */
997 }
1000 }
1008 loser:
1011 }
1014 }
1016 /* SEC_PKCS12AddCert
1017 * Adds a certificate to the data being exported.
1018 *
1019 * p12ctxt - the export context
1020 * safe - the safeInfo to which the certificate is placed
1021 * nestedDest - if the cert is to be placed within a nested safeContents then,
1022 * this value is to be specified with the destination
1023 * cert - the cert to export
1024 * certDb - the certificate database handle
1025 * keyId - a unique identifier to associate a certificate/key pair
1026 * includeCertChain - PR_TRUE if the certificate chain is to be included.
1027 */
1028 SECStatus
1032 PRBool includeCertChain)
1033 {
1037 SECStatus rv;
1042 }
1045 /* allocate the cert bag */
1047 SEC_OID_PKCS9_X509_CERT);
1050 }
1056 }
1058 /* if the cert chain is to be included, we should only be exporting
1059 * the cert from our internal database.
1060 */
1063 certUsageSSLClient,
1064 PR_TRUE);
1069 }
1071 /* add cert chain */
1077 /* decode the certificate */
1078 /* XXX
1079 * This was rather silly. The chain is constructed above
1080 * by finding all of the CERTCertificate's in the database.
1081 * Then the chain is put into a CERTCertificateList, which only
1082 * contains the DER. Finally, the DER was decoded, and the
1083 * decoded cert was sent recursively back to this function.
1084 * Beyond being inefficent, this causes data loss (specifically,
1085 * the nickname). Instead, for 3.4, we'll do a lookup by the
1086 * DER, which should return the cached entry.
1087 */
1093 }
1095 /* add the certificate */
1101 }
1103 }
1104 }
1106 }
1108 /* if the certificate has a nickname, we will set the friendly name
1109 * to that.
1110 */
1113 /*
1114 * The cert is coming off of an external token,
1115 * let's strip the token name from the nickname
1116 * and only add what comes after the colon as the
1117 * nickname. -javi
1118 */
1126 delimit++;
1128 delimit);
1130 }
1134 }
1135 }
1138 certBag);
1141 }
1143 /* add the friendly name and keyId attributes, if necessary */
1149 }
1150 }
1156 }
1157 }
1159 /* append the cert safeBag */
1163 safeBag);
1166 }
1170 }
1175 loser:
1178 }
1181 }
1183 /* SEC_PKCS12AddEncryptedKey
1184 * Extracts the key associated with a particular certificate and exports
1185 * it.
1186 *
1187 * p12ctxt - the export context
1188 * safe - the safeInfo to place the key in
1189 * nestedDest - the nested safeContents to place a key
1190 * cert - the certificate which the key belongs to
1191 * shroudKey - encrypt the private key for export. This value should
1192 * always be true. lower level code will not allow the export
1193 * of unencrypted private keys.
1194 * algorithm - the algorithm with which to encrypt the private key
1195 * pwitem - the password to encrypted the private key with
1196 * keyId - the keyID attribute
1197 * nickName - the nickname attribute
1198 */
1199 static SECStatus
1203 {
1206 SECOidTag keyType;
1212 }
1221 }
1225 epki);
1230 }
1232 /* create the safe bag and set any attributes */
1237 }
1244 }
1245 }
1249 SEC_OID_PKCS9_LOCAL_KEY_ID,
1252 }
1253 }
1258 returnBag);
1261 }
1263 loser:
1269 }
1272 }
1274 /* SEC_PKCS12AddKeyForCert
1275 * Extracts the key associated with a particular certificate and exports
1276 * it.
1277 *
1278 * p12ctxt - the export context
1279 * safe - the safeInfo to place the key in
1280 * nestedDest - the nested safeContents to place a key
1281 * cert - the certificate which the key belongs to
1282 * shroudKey - encrypt the private key for export. This value should
1283 * always be true. lower level code will not allow the export
1284 * of unencrypted private keys.
1285 * algorithm - the algorithm with which to encrypt the private key
1286 * pwitem - the password to encrypt the private key with
1287 * keyId - the keyID attribute
1288 * nickName - the nickname attribute
1289 */
1290 SECStatus
1295 {
1298 SECOidTag keyType;
1305 }
1309 /* retrieve the key based upon the type that it is and
1310 * specify the type of safeBag to store the key in
1311 */
1314 /* extract the key unencrypted. this will most likely go away */
1321 }
1326 }
1333 /* extract the key encrypted */
1341 }
1343 /* we want to make sure to take the key out of the key slot */
1348 }
1360 }
1364 }
1367 epki);
1370 }
1374 }
1376 /* if no nickname specified, let's see if the certificate has a
1377 * nickname.
1378 */
1384 }
1385 }
1387 /* create the safe bag and set any attributes */
1392 }
1399 }
1400 }
1406 }
1407 }
1412 returnBag);
1415 }
1417 loser:
1423 }
1426 }
1428 /* SEC_PKCS12AddCertAndEncryptedKey
1429 * Add a certificate and key pair to be exported.
1430 *
1431 * p12ctxt - the export context
1432 * certSafe - the safeInfo where the cert is stored
1433 * certNestedDest - the nested safeContents to store the cert
1434 * keySafe - the safeInfo where the key is stored
1435 * keyNestedDest - the nested safeContents to store the key
1436 * shroudKey - extract the private key encrypted?
1437 * pwitem - the password with which the key is encrypted
1438 * algorithm - the algorithm with which the key is encrypted
1439 */
1440 SECStatus
1446 {
1455 }
1465 }
1468 /* generate the thumbprint of the cert to use as a keyId */
1473 }
1475 /* add the certificate */
1481 }
1489 }
1491 /* add the key */
1496 }
1503 loser:
1509 }
1511 /* SEC_PKCS12AddCertAndKey
1512 * Add a certificate and key pair to be exported.
1513 *
1514 * p12ctxt - the export context
1515 * certSafe - the safeInfo where the cert is stored
1516 * certNestedDest - the nested safeContents to store the cert
1517 * keySafe - the safeInfo where the key is stored
1518 * keyNestedDest - the nested safeContents to store the key
1519 * shroudKey - extract the private key encrypted?
1520 * pwitem - the password with which the key is encrypted
1521 * algorithm - the algorithm with which the key is encrypted
1522 */
1523 SECStatus
1529 {
1536 }
1540 /* generate the thumbprint of the cert to use as a keyId */
1545 }
1547 /* add the certificate */
1553 }
1555 /* add the key */
1562 }
1569 loser:
1574 }
1576 /* SEC_PKCS12CreateNestedSafeContents
1577 * Allows nesting of safe contents to be implemented. No limit imposed on
1578 * depth.
1579 *
1580 * p12ctxt - the export context
1581 * baseSafe - the base safeInfo
1582 * nestedDest - a parent safeContents (?)
1583 */
1587 {
1591 SECStatus rv;
1595 }
1604 }
1606 /* create the safeContents safeBag */
1608 SEC_OID_PKCS12_V1_SAFE_CONTENTS_BAG_ID,
1609 newSafe);
1612 }
1614 /* append the safeContents to the appropriate area */
1618 safeContentsBag);
1621 safeContentsBag);
1622 }
1625 }
1630 loser:
1633 }
1635 /*********************************
1636 * Encoding routines
1637 *********************************/
1639 /* set up the encoder context based on information in the export context
1640 * and return the newly allocated enocoder context. A return of NULL
1641 * indicates an error occurred.
1642 */
1643 sec_PKCS12EncoderContext *
1645 {
1648 SECStatus rv;
1654 }
1656 /* check for any empty safes and skip them */
1660 nonEmptyCnt++;
1661 }
1662 i++;
1663 }
1666 }
1669 /* allocate the encoder context */
1675 }
1680 /* set up the PFX version and information */
1683 SEC_PKCS12_VERSION) ) {
1686 }
1688 /* set up the authenticated safe content info based on the
1689 * type of integrity being used. this should be changed to
1690 * enforce integrity mode, but will not be implemented until
1691 * it is confirmed that integrity must be in place
1692 */
1694 SECStatus rv;
1696 /* create public key integrity mode */
1699 certUsageEmailSigner,
1702 NULL,
1707 }
1710 }
1716 /* init password pased integrity mode */
1722 CK_MECHANISM_TYPE integrityMechType;
1723 CK_MECHANISM_TYPE hmacMechType;
1725 /* zero out macData and set values */
1731 }
1736 }
1738 /* generate HMAC key */
1743 }
1744 /*
1745 * This code only works with PKCS #12 Mac using PKCS #5 v1
1746 * PBA keygens. PKCS #5 v2 support will require a change to
1747 * the PKCS #12 spec.
1748 */
1753 /* get the PBA Mechanism to generate the key */
1763 }
1765 /* generate the key */
1770 }
1772 /* initialize HMAC */
1773 /* Get the HMAC mechanism from the hash OID */
1784 }
1788 }
1789 }
1793 }
1799 loser:
1803 }
1806 }
1807 }
1812 }
1814 /* The outermost ASN.1 encoder calls this function for output.
1815 ** This function calls back to the library caller's output routine,
1816 ** which typically writes to a PKCS12 file.
1817 */
1818 static void
1821 {
1826 }
1828 /* The "middle" and "inner" ASN.1 encoders call this function to output.
1829 ** This function does HMACing, if appropriate, and then buffers the data.
1830 ** The buffered data is eventually passed down to the underlying PKCS7 encoder.
1831 */
1832 static void
1836 SEC_ASN1EncodingPart data_kind)
1837 {
1845 }
1847 /* buffer */
1858 }
1865 }
1866 /* buffer is presently empty */
1868 /* Just pass it through */
1871 /* copy it all into the buffer, and return */
1874 }
1875 }
1877 void
1879 {
1883 }
1884 }
1886 /* Feeds the output of a PKCS7 encoder into the next outward ASN.1 encoder.
1887 ** This function is used by both the inner and middle PCS7 encoders.
1888 */
1889 static void
1891 {
1898 }
1901 /* this function encodes content infos which are part of the
1902 * sequence of content infos labeled AuthenticatedSafes
1903 */
1904 static SECStatus
1906 {
1915 SECOidTag cinfoType;
1919 /* skip empty safes */
1922 }
1927 /* determine the safe type and set the appropriate argument */
1939 }
1941 /* start the PKCS7 encoder */
1943 sec_P12P7OutputCB_CallA1Update,
1947 }
1949 /* encode safe contents */
1956 sec_PKCS12SafeContentsTemplate,
1957 sec_P12A1OutputCB_HmacP7Update,
1961 }
1968 }
1971 /* finish up safe content info */
1974 }
1978 loser:
1982 }
1986 }
1989 }
1991 /* finish the HMAC and encode the macData so that it can be
1992 * encoded.
1993 */
1994 static SECStatus
1996 {
1998 SECStatus rv;
2004 }
2006 /* make sure we are using password integrity mode */
2009 }
2013 }
2015 /* finish the hmac */
2020 }
2027 }
2029 /* create the digest info */
2036 }
2042 }
2044 /* encode the mac data */
2050 }
2052 loser:
2055 }
2058 }
2063 }
2065 /* pfx notify function for ASN1 encoder.
2066 * We want to stop encoding once we reach the authenticated safe.
2067 * At that point, the encoder will be updated via streaming
2068 * as the authenticated safe is encoded.
2069 */
2070 static void
2072 {
2077 }
2079 /* look for authenticated safe */
2083 }
2088 }
2090 /* SEC_PKCS12Encode
2091 * Encodes the PFX item and returns it to the output function, via
2092 * callback. the output function must be capable of multiple updates.
2093 *
2094 * p12exp - the export context
2095 * output - the output function callback, will be called more than once,
2096 * must be able to accept streaming data.
2097 * outputarg - argument for the output callback.
2098 */
2099 SECStatus
2102 {
2105 SECStatus rv;
2109 }
2111 /* get the encoder context */
2115 }
2120 /* set up PFX encoder, the "outer" encoder. Set it for streaming */
2122 sec_PKCS12PFXItemTemplate,
2123 sec_P12A1OutputCB_Outer,
2129 }
2137 }
2139 /* set up asafe cinfo - the output of the encoder feeds the PFX encoder */
2141 sec_P12P7OutputCB_CallA1Update,
2146 }
2148 /* encode asafe */
2154 /* Setup the "inner ASN.1 encoder for Authenticated Safes. */
2158 }
2160 sec_PKCS12AuthenticatedSafeTemplate,
2161 sec_P12A1OutputCB_HmacP7Update,
2166 }
2170 /* encode each of the safes */
2174 }
2182 /* finish the encoding of the authenticated safes */
2187 }
2192 /* update the mac, if necessary */
2196 }
2198 /* finish encoding the pfx */
2203 loser:
2205 }
2207 void
2209 {
2214 }
2221 }
2224 }
2225 i++;
2226 }
2227 }
2232 }
2235 /*********************************
2236 * All-in-one routines for exporting certificates
2237 *********************************/
2239 PRBool error;
2240 SECItem outItem;
2241 };
2243 static void
2245 {
2250 }
2262 }
2263 }
2269 }
2271 /*
2272 * SEC_PKCS12ExportCertifcateAndKeyUsingPassword
2273 * Exports a certificate/key pair using password-based encryption and
2274 * authentication.
2275 *
2276 * pwfn, pwfnarg - password function and argument for the key database
2277 * cert - the certificate to export
2278 * certDb - certificate database
2279 * pwitem - the password to use
2280 * shroudKey - encrypt the key externally,
2281 * keyShroudAlg - encryption algorithm for key
2282 * encryptionAlg - the algorithm with which data is encrypted
2283 * integrityAlg - the algorithm for integrity
2284 */
2285 SECItem *
2293 {
2301 }
2310 }
2312 /* set up cert safe */
2317 }
2320 }
2322 /* set up key safe */
2327 }
2330 }
2332 /* add integrity mode */
2336 }
2338 /* add cert and key pair */
2343 }
2345 /* encode the puppy */
2349 }
2352 }
2361 loser:
2364 }
2368 }
2371 }