lib/crmf/crmfpop.c
author Franziskus Kiefer <franziskuskiefer@gmail.com>
Wed, 07 Jun 2017 09:18:21 +0200
branchNSS_3_31_BRANCH
changeset 13418 92193b878f1264374f34ffd38b928efc87badb71
parent 12767 87927a9d502ed68eb3360ed11fd53b19d23dd2af
permissions -rw-r--r--
Added tag NSS_3_31_BETA2 for changeset b656675c482b

/* -*- Mode: C; tab-width: 8 -*-*/
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#include "crmf.h"
#include "crmfi.h"
#include "secasn1.h"
#include "keyhi.h"
#include "cryptohi.h"

#define CRMF_DEFAULT_ALLOC_SIZE 1024U

SECStatus
crmf_init_encoder_callback_arg(struct crmfEncoderArg *encoderArg,
                               SECItem *derDest)
{
    derDest->data = PORT_ZNewArray(unsigned char, CRMF_DEFAULT_ALLOC_SIZE);
    if (derDest->data == NULL) {
        return SECFailure;
    }
    derDest->len = 0;
    encoderArg->allocatedLen = CRMF_DEFAULT_ALLOC_SIZE;
    encoderArg->buffer = derDest;
    return SECSuccess;
}

/* Caller should release or unmark the pool, instead of doing it here.
** But there are NO callers of this function at present...
*/
SECStatus
CRMF_CertReqMsgSetRAVerifiedPOP(CRMFCertReqMsg *inCertReqMsg)
{
    CRMFProofOfPossession *pop;
    PLArenaPool *poolp;
    void *mark;

    PORT_Assert(inCertReqMsg != NULL && inCertReqMsg->pop == NULL);
    poolp = inCertReqMsg->poolp;
    mark = PORT_ArenaMark(poolp);
    if (CRMF_CertReqMsgGetPOPType(inCertReqMsg) != crmfNoPOPChoice) {
        return SECFailure;
    }
    pop = PORT_ArenaZNew(poolp, CRMFProofOfPossession);
    if (pop == NULL) {
        goto loser;
    }
    pop->popUsed = crmfRAVerified;
    pop->popChoice.raVerified.data = NULL;
    pop->popChoice.raVerified.len = 0;
    inCertReqMsg->pop = pop;
    (void)SEC_ASN1EncodeItem(poolp, &(inCertReqMsg->derPOP),
                             &(pop->popChoice.raVerified),
                             CRMFRAVerifiedTemplate);
    return SECSuccess;
loser:
    PORT_ArenaRelease(poolp, mark);
    return SECFailure;
}

static SECOidTag
crmf_get_key_sign_tag(SECKEYPublicKey *inPubKey)
{
    /* maintain backward compatibility with older
     * implementations */
    if (inPubKey->keyType == rsaKey) {
        return SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION;
    }
    return SEC_GetSignatureAlgorithmOidTag(inPubKey->keyType, SEC_OID_UNKNOWN);
}

static SECAlgorithmID *
crmf_create_poposignkey_algid(PLArenaPool *poolp,
                              SECKEYPublicKey *inPubKey)
{
    SECAlgorithmID *algID;
    SECOidTag tag;
    SECStatus rv;
    void *mark;

    mark = PORT_ArenaMark(poolp);
    algID = PORT_ArenaZNew(poolp, SECAlgorithmID);
    if (algID == NULL) {
        goto loser;
    }
    tag = crmf_get_key_sign_tag(inPubKey);
    if (tag == SEC_OID_UNKNOWN) {
        goto loser;
    }
    rv = SECOID_SetAlgorithmID(poolp, algID, tag, NULL);
    if (rv != SECSuccess) {
        goto loser;
    }
    PORT_ArenaUnmark(poolp, mark);
    return algID;
loser:
    PORT_ArenaRelease(poolp, mark);
    return NULL;
}

static CRMFPOPOSigningKeyInput *
crmf_create_poposigningkeyinput(PLArenaPool *poolp, CERTCertificate *inCert,
                                CRMFMACPasswordCallback fn, void *arg)
{
    /* PSM isn't going to do this, so we'll fail here for now.*/
    return NULL;
}

void
crmf_generic_encoder_callback(void *arg, const char *buf, unsigned long len,
                              int depth, SEC_ASN1EncodingPart data_kind)
{
    struct crmfEncoderArg *encoderArg = (struct crmfEncoderArg *)arg;
    unsigned char *cursor;

    if (encoderArg->buffer->len + len > encoderArg->allocatedLen) {
        int newSize = encoderArg->buffer->len + CRMF_DEFAULT_ALLOC_SIZE;
        void *dummy = PORT_Realloc(encoderArg->buffer->data, newSize);
        if (dummy == NULL) {
            /* I really want to return an error code here */
            PORT_Assert(0);
            return;
        }
        encoderArg->buffer->data = dummy;
        encoderArg->allocatedLen = newSize;
    }
    cursor = &(encoderArg->buffer->data[encoderArg->buffer->len]);
    if (len) {
        PORT_Memcpy(cursor, buf, len);
    }
    encoderArg->buffer->len += len;
}

static SECStatus
crmf_encode_certreq(CRMFCertRequest *inCertReq, SECItem *derDest)
{
    struct crmfEncoderArg encoderArg;
    SECStatus rv;

    rv = crmf_init_encoder_callback_arg(&encoderArg, derDest);
    if (rv != SECSuccess) {
        return SECFailure;
    }
    return SEC_ASN1Encode(inCertReq, CRMFCertRequestTemplate,
                          crmf_generic_encoder_callback, &encoderArg);
}

static SECStatus
crmf_sign_certreq(PLArenaPool *poolp,
                  CRMFPOPOSigningKey *crmfSignKey,
                  CRMFCertRequest *certReq,
                  SECKEYPrivateKey *inKey,
                  SECAlgorithmID *inAlgId)
{
    SECItem derCertReq = { siBuffer, NULL, 0 };
    SECItem certReqSig = { siBuffer, NULL, 0 };
    SECStatus rv = SECSuccess;

    rv = crmf_encode_certreq(certReq, &derCertReq);
    if (rv != SECSuccess) {
        goto loser;
    }
    rv = SEC_SignData(&certReqSig, derCertReq.data, derCertReq.len,
                      inKey, SECOID_GetAlgorithmTag(inAlgId));
    if (rv != SECSuccess) {
        goto loser;
    }

    /* Now make it a part of the POPOSigningKey */
    rv = SECITEM_CopyItem(poolp, &(crmfSignKey->signature), &certReqSig);
    /* Convert this length to number of bits */
    crmfSignKey->signature.len <<= 3;

loser:
    if (derCertReq.data != NULL) {
        PORT_Free(derCertReq.data);
    }
    if (certReqSig.data != NULL) {
        PORT_Free(certReqSig.data);
    }
    return rv;
}

static SECStatus
crmf_create_poposignkey(PLArenaPool *poolp,
                        CRMFCertReqMsg *inCertReqMsg,
                        CRMFPOPOSigningKeyInput *signKeyInput,
                        SECKEYPrivateKey *inPrivKey,
                        SECAlgorithmID *inAlgID,
                        CRMFPOPOSigningKey *signKey)
{
    CRMFCertRequest *certReq;
    void *mark;
    PRBool useSignKeyInput;
    SECStatus rv;

    PORT_Assert(inCertReqMsg != NULL && inCertReqMsg->certReq != NULL);
    mark = PORT_ArenaMark(poolp);
    if (signKey == NULL) {
        goto loser;
    }
    certReq = inCertReqMsg->certReq;
    useSignKeyInput = !(CRMF_DoesRequestHaveField(certReq, crmfSubject) &&
                        CRMF_DoesRequestHaveField(certReq, crmfPublicKey));

    if (useSignKeyInput) {
        goto loser;
    } else {
        rv = crmf_sign_certreq(poolp, signKey, certReq, inPrivKey, inAlgID);
        if (rv != SECSuccess) {
            goto loser;
        }
    }
    PORT_ArenaUnmark(poolp, mark);
    return SECSuccess;
loser:
    PORT_ArenaRelease(poolp, mark);
    return SECFailure;
}

SECStatus
CRMF_CertReqMsgSetSignaturePOP(CRMFCertReqMsg *inCertReqMsg,
                               SECKEYPrivateKey *inPrivKey,
                               SECKEYPublicKey *inPubKey,
                               CERTCertificate *inCertForInput,
                               CRMFMACPasswordCallback fn,
                               void *arg)
{
    SECAlgorithmID *algID;
    PLArenaPool *poolp;
    SECItem derTemp = { siBuffer, NULL, 0 };
    void *mark;
    SECStatus rv;
    CRMFPOPOSigningKeyInput *signKeyInput = NULL;
    CRMFCertRequest *certReq;
    CRMFProofOfPossession *pop;
    struct crmfEncoderArg encoderArg;

    PORT_Assert(inCertReqMsg != NULL && inCertReqMsg->certReq != NULL &&
                inCertReqMsg->pop == NULL);
    certReq = inCertReqMsg->certReq;
    if (CRMF_CertReqMsgGetPOPType(inCertReqMsg) != crmfNoPOPChoice ||
        !CRMF_DoesRequestHaveField(certReq, crmfPublicKey)) {
        return SECFailure;
    }
    poolp = inCertReqMsg->poolp;
    mark = PORT_ArenaMark(poolp);
    algID = crmf_create_poposignkey_algid(poolp, inPubKey);

    if (!CRMF_DoesRequestHaveField(certReq, crmfSubject)) {
        signKeyInput = crmf_create_poposigningkeyinput(poolp, inCertForInput,
                                                       fn, arg);
        if (signKeyInput == NULL) {
            goto loser;
        }
    }

    pop = PORT_ArenaZNew(poolp, CRMFProofOfPossession);
    if (pop == NULL) {
        goto loser;
    }

    rv = crmf_create_poposignkey(poolp, inCertReqMsg,
                                 signKeyInput, inPrivKey, algID,
                                 &(pop->popChoice.signature));
    if (rv != SECSuccess) {
        goto loser;
    }

    pop->popUsed = crmfSignature;
    pop->popChoice.signature.algorithmIdentifier = algID;
    inCertReqMsg->pop = pop;

    rv = crmf_init_encoder_callback_arg(&encoderArg, &derTemp);
    if (rv != SECSuccess) {
        goto loser;
    }
    rv = SEC_ASN1Encode(&pop->popChoice.signature,
                        CRMFPOPOSigningKeyTemplate,
                        crmf_generic_encoder_callback, &encoderArg);
    if (rv != SECSuccess) {
        goto loser;
    }
    rv = SECITEM_CopyItem(poolp, &(inCertReqMsg->derPOP), &derTemp);
    if (rv != SECSuccess) {
        goto loser;
    }
    PORT_Free(derTemp.data);
    PORT_ArenaUnmark(poolp, mark);
    return SECSuccess;

loser:
    PORT_ArenaRelease(poolp, mark);
    if (derTemp.data != NULL) {
        PORT_Free(derTemp.data);
    }
    return SECFailure;
}

static const SEC_ASN1Template *
crmf_get_popoprivkey_subtemplate(CRMFPOPOPrivKey *inPrivKey)
{
    const SEC_ASN1Template *retTemplate = NULL;

    switch (inPrivKey->messageChoice) {
        case crmfThisMessage:
            retTemplate = CRMFThisMessageTemplate;
            break;
        case crmfSubsequentMessage:
            retTemplate = CRMFSubsequentMessageTemplate;
            break;
        case crmfDHMAC:
            retTemplate = CRMFDHMACTemplate;
            break;
        default:
            retTemplate = NULL;
    }
    return retTemplate;
}

static SECStatus
crmf_encode_popoprivkey(PLArenaPool *poolp,
                        CRMFCertReqMsg *inCertReqMsg,
                        CRMFPOPOPrivKey *popoPrivKey,
                        const SEC_ASN1Template *privKeyTemplate)
{
    struct crmfEncoderArg encoderArg;
    SECItem derTemp = { siBuffer, NULL, 0 };
    SECStatus rv;
    void *mark;
    const SEC_ASN1Template *subDerTemplate;

    mark = PORT_ArenaMark(poolp);
    rv = crmf_init_encoder_callback_arg(&encoderArg, &derTemp);
    if (rv != SECSuccess) {
        goto loser;
    }
    subDerTemplate = crmf_get_popoprivkey_subtemplate(popoPrivKey);
    /* We've got a union, so a pointer to one item is a pointer to
     * all the items in the union.
     */
    rv = SEC_ASN1Encode(&popoPrivKey->message.thisMessage,
                        subDerTemplate,
                        crmf_generic_encoder_callback, &encoderArg);
    if (rv != SECSuccess) {
        goto loser;
    }
    if (encoderArg.allocatedLen > derTemp.len + 2) {
        void *dummy = PORT_Realloc(derTemp.data, derTemp.len + 2);
        if (dummy == NULL) {
            goto loser;
        }
        derTemp.data = dummy;
    }
    PORT_Memmove(&derTemp.data[2], &derTemp.data[0], derTemp.len);
    /* I couldn't figure out how to get the ASN1 encoder to implicitly
     * tag an implicitly tagged der blob.  So I'm putting in the outter-
     * most tag myself. -javi
     */
    derTemp.data[0] = (unsigned char)privKeyTemplate->kind;
    derTemp.data[1] = (unsigned char)derTemp.len;
    derTemp.len += 2;
    rv = SECITEM_CopyItem(poolp, &inCertReqMsg->derPOP, &derTemp);
    if (rv != SECSuccess) {
        goto loser;
    }
    PORT_Free(derTemp.data);
    PORT_ArenaUnmark(poolp, mark);
    return SECSuccess;
loser:
    PORT_ArenaRelease(poolp, mark);
    if (derTemp.data) {
        PORT_Free(derTemp.data);
    }
    return SECFailure;
}

static const SEC_ASN1Template *
crmf_get_template_for_privkey(CRMFPOPChoice inChoice)
{
    switch (inChoice) {
        case crmfKeyAgreement:
            return CRMFPOPOKeyAgreementTemplate;
        case crmfKeyEncipherment:
            return CRMFPOPOKeyEnciphermentTemplate;
        default:
            break;
    }
    return NULL;
}

static SECStatus
crmf_add_privkey_thismessage(CRMFCertReqMsg *inCertReqMsg, SECItem *encPrivKey,
                             CRMFPOPChoice inChoice)
{
    PLArenaPool *poolp;
    void *mark;
    CRMFPOPOPrivKey *popoPrivKey;
    CRMFProofOfPossession *pop;
    SECStatus rv;

    PORT_Assert(inCertReqMsg != NULL && encPrivKey != NULL);
    poolp = inCertReqMsg->poolp;
    mark = PORT_ArenaMark(poolp);
    pop = PORT_ArenaZNew(poolp, CRMFProofOfPossession);
    if (pop == NULL) {
        goto loser;
    }
    pop->popUsed = inChoice;
    /* popChoice is a union, so getting a pointer to one
     * field gives me a pointer to the other fields as
     * well.  This in essence points to both
     * pop->popChoice.keyEncipherment and
     * pop->popChoice.keyAgreement
     */
    popoPrivKey = &pop->popChoice.keyEncipherment;

    rv = SECITEM_CopyItem(poolp, &(popoPrivKey->message.thisMessage),
                          encPrivKey);
    if (rv != SECSuccess) {
        goto loser;
    }
    popoPrivKey->message.thisMessage.len <<= 3;
    popoPrivKey->messageChoice = crmfThisMessage;
    inCertReqMsg->pop = pop;
    rv = crmf_encode_popoprivkey(poolp, inCertReqMsg, popoPrivKey,
                                 crmf_get_template_for_privkey(inChoice));
    if (rv != SECSuccess) {
        goto loser;
    }
    PORT_ArenaUnmark(poolp, mark);
    return SECSuccess;

loser:
    PORT_ArenaRelease(poolp, mark);
    return SECFailure;
}

static SECStatus
crmf_add_privkey_dhmac(CRMFCertReqMsg *inCertReqMsg, SECItem *dhmac,
                       CRMFPOPChoice inChoice)
{
    PLArenaPool *poolp;
    void *mark;
    CRMFPOPOPrivKey *popoPrivKey;
    CRMFProofOfPossession *pop;
    SECStatus rv;

    PORT_Assert(inCertReqMsg != NULL && dhmac != NULL);
    poolp = inCertReqMsg->poolp;
    mark = PORT_ArenaMark(poolp);
    pop = PORT_ArenaZNew(poolp, CRMFProofOfPossession);
    if (pop == NULL) {
        goto loser;
    }
    pop->popUsed = inChoice;
    popoPrivKey = &pop->popChoice.keyAgreement;

    rv = SECITEM_CopyItem(poolp, &(popoPrivKey->message.dhMAC),
                          dhmac);
    if (rv != SECSuccess) {
        goto loser;
    }
    popoPrivKey->message.dhMAC.len <<= 3;
    popoPrivKey->messageChoice = crmfDHMAC;
    inCertReqMsg->pop = pop;
    rv = crmf_encode_popoprivkey(poolp, inCertReqMsg, popoPrivKey,
                                 crmf_get_template_for_privkey(inChoice));
    if (rv != SECSuccess) {
        goto loser;
    }
    PORT_ArenaUnmark(poolp, mark);
    return SECSuccess;

loser:
    PORT_ArenaRelease(poolp, mark);
    return SECFailure;
}

static SECStatus
crmf_add_privkey_subseqmessage(CRMFCertReqMsg *inCertReqMsg,
                               CRMFSubseqMessOptions subsequentMessage,
                               CRMFPOPChoice inChoice)
{
    void *mark;
    PLArenaPool *poolp;
    CRMFProofOfPossession *pop;
    CRMFPOPOPrivKey *popoPrivKey;
    SECStatus rv;
    const SEC_ASN1Template *privKeyTemplate;

    if (subsequentMessage == crmfNoSubseqMess) {
        return SECFailure;
    }
    poolp = inCertReqMsg->poolp;
    mark = PORT_ArenaMark(poolp);
    pop = PORT_ArenaZNew(poolp, CRMFProofOfPossession);
    if (pop == NULL) {
        goto loser;
    }

    pop->popUsed = inChoice;
    /*
     * We have a union, so a pointer to one member of the union
     * is also a member to another member of that same union.
     */
    popoPrivKey = &pop->popChoice.keyEncipherment;

    switch (subsequentMessage) {
        case crmfEncrCert:
            rv = crmf_encode_integer(poolp,
                                     &(popoPrivKey->message.subsequentMessage),
                                     0);
            break;
        case crmfChallengeResp:
            rv = crmf_encode_integer(poolp,
                                     &(popoPrivKey->message.subsequentMessage),
                                     1);
            break;
        default:
            goto loser;
    }
    if (rv != SECSuccess) {
        goto loser;
    }
    popoPrivKey->messageChoice = crmfSubsequentMessage;
    privKeyTemplate = crmf_get_template_for_privkey(inChoice);
    inCertReqMsg->pop = pop;
    rv = crmf_encode_popoprivkey(poolp, inCertReqMsg, popoPrivKey,
                                 privKeyTemplate);

    if (rv != SECSuccess) {
        goto loser;
    }
    PORT_ArenaUnmark(poolp, mark);
    return SECSuccess;
loser:
    PORT_ArenaRelease(poolp, mark);
    return SECFailure;
}

SECStatus
CRMF_CertReqMsgSetKeyEnciphermentPOP(CRMFCertReqMsg *inCertReqMsg,
                                     CRMFPOPOPrivKeyChoice inKeyChoice,
                                     CRMFSubseqMessOptions subseqMess,
                                     SECItem *encPrivKey)
{
    SECStatus rv;

    PORT_Assert(inCertReqMsg != NULL && inCertReqMsg->pop == NULL);
    if (CRMF_CertReqMsgGetPOPType(inCertReqMsg) != crmfNoPOPChoice) {
        return SECFailure;
    }
    switch (inKeyChoice) {
        case crmfThisMessage:
            rv = crmf_add_privkey_thismessage(inCertReqMsg, encPrivKey,
                                              crmfKeyEncipherment);
            break;
        case crmfSubsequentMessage:
            rv = crmf_add_privkey_subseqmessage(inCertReqMsg, subseqMess,
                                                crmfKeyEncipherment);
            break;
        case crmfDHMAC:
        default:
            rv = SECFailure;
    }
    return rv;
}

SECStatus
CRMF_CertReqMsgSetKeyAgreementPOP(CRMFCertReqMsg *inCertReqMsg,
                                  CRMFPOPOPrivKeyChoice inKeyChoice,
                                  CRMFSubseqMessOptions subseqMess,
                                  SECItem *encPrivKey)
{
    SECStatus rv;

    PORT_Assert(inCertReqMsg != NULL && inCertReqMsg->pop == NULL);
    switch (inKeyChoice) {
        case crmfThisMessage:
            rv = crmf_add_privkey_thismessage(inCertReqMsg, encPrivKey,
                                              crmfKeyAgreement);
            break;
        case crmfSubsequentMessage:
            rv = crmf_add_privkey_subseqmessage(inCertReqMsg, subseqMess,
                                                crmfKeyAgreement);
            break;
        case crmfDHMAC:
            /* In this case encPrivKey should be the calculated dhMac
             * as specified in RFC 2511 */
            rv = crmf_add_privkey_dhmac(inCertReqMsg, encPrivKey,
                                        crmfKeyAgreement);
            break;
        default:
            rv = SECFailure;
    }
    return rv;
}