Back to index

lightning-sunbird  0.9+nobinonly
pk11sdr.c
Go to the documentation of this file.
00001 /* ***** BEGIN LICENSE BLOCK *****
00002  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
00003  *
00004  * The contents of this file are subject to the Mozilla Public License Version
00005  * 1.1 (the "License"); you may not use this file except in compliance with
00006  * the License. You may obtain a copy of the License at
00007  * http://www.mozilla.org/MPL/
00008  *
00009  * Software distributed under the License is distributed on an "AS IS" basis,
00010  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
00011  * for the specific language governing rights and limitations under the
00012  * License.
00013  *
00014  * The Original Code is the Netscape security libraries.
00015  *
00016  * The Initial Developer of the Original Code is
00017  * Netscape Communications Corporation.
00018  * Portions created by the Initial Developer are Copyright (C) 1994-2000
00019  * the Initial Developer. All Rights Reserved.
00020  *
00021  * Contributor(s):
00022  *   thayes@netscape.com
00023  *
00024  * Alternatively, the contents of this file may be used under the terms of
00025  * either the GNU General Public License Version 2 or later (the "GPL"), or
00026  * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
00027  * in which case the provisions of the GPL or the LGPL are applicable instead
00028  * of those above. If you wish to allow use of your version of this file only
00029  * under the terms of either the GPL or the LGPL, and not to allow others to
00030  * use your version of this file under the terms of the MPL, indicate your
00031  * decision by deleting the provisions above and replace them with the notice
00032  * and other provisions required by the GPL or the LGPL. If you do not delete
00033  * the provisions above, a recipient may use your version of this file under
00034  * the terms of any one of the MPL, the GPL or the LGPL.
00035  *
00036  * ***** END LICENSE BLOCK ***** */
00037 
00038 #include "seccomon.h"
00039 #include "secoid.h"
00040 #include "secasn1.h"
00041 #include "pkcs11.h"
00042 #include "pk11func.h"
00043 #include "pk11sdr.h"
00044 
00045 /*
00046  * Data structure and template for encoding the result of an SDR operation
00047  *  This is temporary.  It should include the algorithm ID of the encryption mechanism
00048  */
00049 struct SDRResult
00050 {
00051   SECItem keyid;
00052   SECAlgorithmID alg;
00053   SECItem data;
00054 };
00055 typedef struct SDRResult SDRResult;
00056 
00057 static SEC_ASN1Template template[] = {
00058   { SEC_ASN1_SEQUENCE, 0, NULL, sizeof (SDRResult) },
00059   { SEC_ASN1_OCTET_STRING, offsetof(SDRResult, keyid) },
00060   { SEC_ASN1_INLINE, offsetof(SDRResult, alg), SECOID_AlgorithmIDTemplate },
00061   { SEC_ASN1_OCTET_STRING, offsetof(SDRResult, data) },
00062   { 0 }
00063 };
00064 
00065 static unsigned char keyID[] = {
00066   0xF8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
00067   0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
00068 };
00069 
00070 static SECItem keyIDItem = {
00071   0,
00072   keyID,
00073   sizeof keyID
00074 };
00075 
00076 /* local utility function for padding an incoming data block
00077  * to the mechanism block size.
00078  */
00079 static SECStatus
00080 padBlock(SECItem *data, int blockSize, SECItem *result)
00081 {
00082   SECStatus rv = SECSuccess;
00083   int padLength;
00084   unsigned int i;
00085 
00086   result->data = 0;
00087   result->len = 0;
00088 
00089   /* This algorithm always adds to the block (to indicate the number
00090    * of pad bytes).  So allocate a block large enough.
00091    */
00092   padLength = blockSize - (data->len % blockSize);
00093   result->len = data->len + padLength;
00094   result->data = (unsigned char *)PORT_Alloc(result->len);
00095 
00096   /* Copy the data */
00097   PORT_Memcpy(result->data, data->data, data->len);
00098 
00099   /* Add the pad values */
00100   for(i = data->len; i < result->len; i++)
00101     result->data[i] = (unsigned char)padLength;
00102 
00103   return rv;
00104 }
00105 
00106 static SECStatus
00107 unpadBlock(SECItem *data, int blockSize, SECItem *result)
00108 {
00109   SECStatus rv = SECSuccess;
00110   int padLength;
00111 
00112   result->data = 0;
00113   result->len = 0;
00114 
00115   /* Remove the padding from the end if the input data */
00116   if (data->len == 0 || data->len % blockSize  != 0) { rv = SECFailure; goto loser; }
00117 
00118   padLength = data->data[data->len-1];
00119   if (padLength > blockSize) { rv = SECFailure; goto loser; }
00120 
00121   result->len = data->len - padLength;
00122   result->data = (unsigned char *)PORT_Alloc(result->len);
00123   if (!result->data) { rv = SECFailure; goto loser; }
00124 
00125   PORT_Memcpy(result->data, data->data, result->len);
00126 
00127 loser:
00128   return rv;
00129 }
00130 
00131 static PRLock *pk11sdrLock = NULL;
00132 
00133 void
00134 pk11sdr_Init (void)
00135 {
00136    pk11sdrLock = PR_NewLock();
00137 }
00138 
00139 void
00140 pk11sdr_Shutdown(void)
00141 {
00142     if (pk11sdrLock) {
00143        PR_DestroyLock(pk11sdrLock);
00144        pk11sdrLock = NULL;
00145     }
00146 }
00147 
00148 /*
00149  * PK11SDR_Encrypt
00150  *  Encrypt a block of data using the symmetric key identified.  The result
00151  *  is an ASN.1 (DER) encoded block of keyid, params and data.
00152  */
00153 SECStatus
00154 PK11SDR_Encrypt(SECItem *keyid, SECItem *data, SECItem *result, void *cx)
00155 {
00156   SECStatus rv = SECSuccess;
00157   PK11SlotInfo *slot = 0;
00158   PK11SymKey *key = 0;
00159   SECItem *params = 0;
00160   PK11Context *ctx = 0;
00161   CK_MECHANISM_TYPE type;
00162   SDRResult sdrResult;
00163   SECItem paddedData;
00164   SECItem *pKeyID;
00165   PLArenaPool *arena = 0;
00166 
00167   /* Initialize */
00168   paddedData.len = 0;
00169   paddedData.data = 0;
00170 
00171   arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
00172   if (!arena) { rv = SECFailure; goto loser; }
00173 
00174   /* 1. Locate the requested keyid, or the default key (which has a keyid)
00175    * 2. Create an encryption context
00176    * 3. Encrypt
00177    * 4. Encode the results (using ASN.1)
00178    */
00179 
00180   slot = PK11_GetInternalKeySlot();
00181   if (!slot) { rv = SECFailure; goto loser; }
00182 
00183   /* Use triple-DES */
00184   type = CKM_DES3_CBC;
00185 
00186   /*
00187    * Login to the internal token before we look for the key, otherwise we
00188    * won't find it.
00189    */
00190   rv = PK11_Authenticate(slot, PR_TRUE, cx);
00191   if (rv != SECSuccess) goto loser;
00192 
00193   /* Find the key to use */
00194   pKeyID = keyid;
00195   if (pKeyID->len == 0) {
00196          pKeyID = &keyIDItem;  /* Use default value */
00197 
00198          /* put in a course lock to prevent a race between not finding the 
00199           * key and creating  one.
00200           */
00201 
00202          if (pk11sdrLock) PR_Lock(pk11sdrLock);
00203 
00204          /* Try to find the key */
00205          key = PK11_FindFixedKey(slot, type, pKeyID, cx);
00206          
00207          /* If the default key doesn't exist yet, try to create it */
00208          if (!key) key = PK11_GenDES3TokenKey(slot, pKeyID, cx);
00209          if (pk11sdrLock) PR_Unlock(pk11sdrLock);
00210   } else {
00211          key = PK11_FindFixedKey(slot, type, pKeyID, cx);
00212   }
00213 
00214   if (!key) { rv = SECFailure; goto loser; }
00215 
00216   params = PK11_GenerateNewParam(type, key);
00217   if (!params) { rv = SECFailure; goto loser; }
00218 
00219   ctx = PK11_CreateContextBySymKey(type, CKA_ENCRYPT, key, params);
00220   if (!ctx) { rv = SECFailure; goto loser; }
00221 
00222   rv = padBlock(data, PK11_GetBlockSize(type, 0), &paddedData);
00223   if (rv != SECSuccess) goto loser;
00224 
00225   sdrResult.data.len = paddedData.len;
00226   sdrResult.data.data = (unsigned char *)PORT_ArenaAlloc(arena, sdrResult.data.len);
00227 
00228   rv = PK11_CipherOp(ctx, sdrResult.data.data, (int*)&sdrResult.data.len, sdrResult.data.len,
00229                      paddedData.data, paddedData.len);
00230   if (rv != SECSuccess) goto loser;
00231 
00232   PK11_Finalize(ctx);
00233 
00234   sdrResult.keyid = *pKeyID;
00235 
00236   rv = PK11_ParamToAlgid(SEC_OID_DES_EDE3_CBC, params, arena, &sdrResult.alg);
00237   if (rv != SECSuccess) goto loser;
00238 
00239   if (!SEC_ASN1EncodeItem(0, result, &sdrResult, template)) { rv = SECFailure; goto loser; }
00240 
00241 loser:
00242   SECITEM_ZfreeItem(&paddedData, PR_FALSE);
00243   if (arena) PORT_FreeArena(arena, PR_TRUE);
00244   if (ctx) PK11_DestroyContext(ctx, PR_TRUE);
00245   if (params) SECITEM_ZfreeItem(params, PR_TRUE);
00246   if (key) PK11_FreeSymKey(key);
00247   if (slot) PK11_FreeSlot(slot);
00248 
00249   return rv;
00250 }
00251 
00252 /*
00253  * PK11SDR_Decrypt
00254  *  Decrypt a block of data produced by PK11SDR_Encrypt.  The key used is identified
00255  *  by the keyid field within the input.
00256  */
00257 SECStatus
00258 PK11SDR_Decrypt(SECItem *data, SECItem *result, void *cx)
00259 {
00260   SECStatus rv = SECSuccess;
00261   PK11SlotInfo *slot = 0;
00262   PK11SymKey *key = 0;
00263   PK11Context *ctx = 0;
00264   CK_MECHANISM_TYPE type;
00265   SDRResult sdrResult;
00266   SECItem *params = 0;
00267   SECItem paddedResult;
00268   PLArenaPool *arena = 0;
00269 
00270   paddedResult.len = 0;
00271   paddedResult.data = 0;
00272 
00273   arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
00274   if (!arena) { rv = SECFailure; goto loser; }
00275 
00276   /* Decode the incoming data */
00277   memset(&sdrResult, 0, sizeof sdrResult);
00278   rv = SEC_QuickDERDecodeItem(arena, &sdrResult, template, data);
00279   if (rv != SECSuccess) goto loser;  /* Invalid format */
00280 
00281   /* Find the slot and key for the given keyid */
00282   slot = PK11_GetInternalKeySlot();
00283   if (!slot) { rv = SECFailure; goto loser; }
00284 
00285   rv = PK11_Authenticate(slot, PR_TRUE, cx);
00286   if (rv != SECSuccess) goto loser;
00287 
00288   /* Use triple-DES (Should look up the algorithm) */
00289   type = CKM_DES3_CBC;
00290   key = PK11_FindFixedKey(slot, type, &sdrResult.keyid, cx);
00291   if (!key) { rv = SECFailure; goto loser; }
00292 
00293   /* Get the parameter values from the data */
00294   params = PK11_ParamFromAlgid(&sdrResult.alg);
00295   if (!params) { rv = SECFailure; goto loser; }
00296 
00297   ctx = PK11_CreateContextBySymKey(type, CKA_DECRYPT, key, params);
00298   if (!ctx) { rv = SECFailure; goto loser; }
00299 
00300   paddedResult.len = sdrResult.data.len;
00301   paddedResult.data = PORT_ArenaAlloc(arena, paddedResult.len);
00302 
00303   rv = PK11_CipherOp(ctx, paddedResult.data, (int*)&paddedResult.len, paddedResult.len,
00304                      sdrResult.data.data, sdrResult.data.len);
00305   if (rv != SECSuccess) goto loser;
00306 
00307   PK11_Finalize(ctx);
00308 
00309   /* Remove the padding */
00310   rv = unpadBlock(&paddedResult, PK11_GetBlockSize(type, 0), result);
00311   if (rv) goto loser;
00312 
00313 loser:
00314   /* SECITEM_ZfreeItem(&paddedResult, PR_FALSE); */
00315   if (arena) PORT_FreeArena(arena, PR_TRUE);
00316   if (ctx) PK11_DestroyContext(ctx, PR_TRUE);
00317   if (key) PK11_FreeSymKey(key);
00318   if (params) SECITEM_ZfreeItem(params, PR_TRUE);
00319   if (slot) PK11_FreeSlot(slot);
00320 
00321   return rv;
00322 }