From 613a840d29d7d3ab76b072dab648cfee487aada2 Mon Sep 17 00:00:00 2001 From: "wtc%google.com" Date: Sun, 21 Aug 2011 01:14:19 +0000 Subject: [PATCH] Bug 668397: Remove all Fortezza support from lib/pkcs7, lib/smime, and tests/ssl. The patch is written by Brian Smith . r=wtc. Modified Files: lib/pkcs7/p7decode.c lib/pkcs7/p7encode.c lib/pkcs7/p7local.c lib/pkcs7/p7local.h lib/pkcs7/pkcs7t.h lib/pkcs7/secmime.c lib/smime/cmsasn1.c lib/smime/cmsencode.c lib/smime/cmslocal.h lib/smime/cmspubkey.c lib/smime/cmsrecinfo.c lib/smime/cmssiginfo.c lib/smime/cmst.h lib/smime/smime.h lib/smime/smimeutil.c tests/ssl/sslcov.txt git-svn-id: svn://10.0.0.236/trunk@262723 18797224-902f-48f8-a5cc-f745e15eee43 --- mozilla/security/nss/lib/pkcs7/p7decode.c | 116 +-------- mozilla/security/nss/lib/pkcs7/p7encode.c | 156 +----------- mozilla/security/nss/lib/pkcs7/p7local.c | 59 +---- mozilla/security/nss/lib/pkcs7/p7local.h | 8 +- mozilla/security/nss/lib/pkcs7/pkcs7t.h | 32 +-- mozilla/security/nss/lib/pkcs7/secmime.c | 86 ++----- mozilla/security/nss/lib/smime/cmsasn1.c | 62 +---- mozilla/security/nss/lib/smime/cmsencode.c | 3 +- mozilla/security/nss/lib/smime/cmslocal.h | 10 +- mozilla/security/nss/lib/smime/cmspubkey.c | 248 +------------------- mozilla/security/nss/lib/smime/cmsrecinfo.c | 9 +- mozilla/security/nss/lib/smime/cmssiginfo.c | 10 +- mozilla/security/nss/lib/smime/cmst.h | 36 +-- mozilla/security/nss/lib/smime/smime.h | 4 +- mozilla/security/nss/lib/smime/smimeutil.c | 31 +-- mozilla/security/nss/tests/ssl/sslcov.txt | 3 - 16 files changed, 43 insertions(+), 830 deletions(-) diff --git a/mozilla/security/nss/lib/pkcs7/p7decode.c b/mozilla/security/nss/lib/pkcs7/p7decode.c index e586d505a2e..d4f3fb47975 100644 --- a/mozilla/security/nss/lib/pkcs7/p7decode.c +++ b/mozilla/security/nss/lib/pkcs7/p7decode.c @@ -38,7 +38,7 @@ /* * PKCS7 decoding, verification. * - * $Id: p7decode.c,v 1.25 2008-03-10 00:01:26 wtc%google.com Exp $ + * $Id: p7decode.c,v 1.26 2011-08-21 01:14:17 wtc%google.com Exp $ */ #include "p7local.h" @@ -428,7 +428,6 @@ sec_pkcs7_decoder_finish_digests (SEC_PKCS7DecoderContext *p7dcx, * XXX Need comment explaining following helper function (which is used * by sec_pkcs7_decoder_start_decrypt). */ -extern const SEC_ASN1Template SEC_SMIMEKEAParamTemplateAllParams[]; static PK11SymKey * sec_pkcs7_decoder_get_recipient_key (SEC_PKCS7DecoderContext *p7dcx, @@ -460,7 +459,7 @@ sec_pkcs7_decoder_get_recipient_key (SEC_PKCS7DecoderContext *p7dcx, keyalgtag = SECOID_GetAlgorithmTag(&(cert->subjectPublicKeyInfo.algorithm)); encalgtag = SECOID_GetAlgorithmTag (&(ri->keyEncAlg)); - if ((encalgtag != SEC_OID_NETSCAPE_SMIME_KEA) && (keyalgtag != encalgtag)) { + if (keyalgtag != encalgtag) { p7dcx->error = SEC_ERROR_PKCS7_KEYALG_MISMATCH; goto no_key_found; } @@ -477,117 +476,6 @@ sec_pkcs7_decoder_get_recipient_key (SEC_PKCS7DecoderContext *p7dcx, goto no_key_found; } break; - /* ### mwelch -- KEA */ - case SEC_OID_NETSCAPE_SMIME_KEA: - { - SECStatus err; - CK_MECHANISM_TYPE bulkType; - PK11SymKey *tek; - SECKEYPublicKey *senderPubKey; - SEC_PKCS7SMIMEKEAParameters keaParams; - - (void) memset(&keaParams, 0, sizeof(keaParams)); - - /* Decode the KEA algorithm parameters. */ - err = SEC_ASN1DecodeItem(NULL, - &keaParams, - SEC_SMIMEKEAParamTemplateAllParams, - &(ri->keyEncAlg.parameters)); - if (err != SECSuccess) - { - p7dcx->error = err; - PORT_SetError(0); - goto no_key_found; - } - - - /* We just got key data, no key structure. So, we - create one. */ - senderPubKey = - PK11_MakeKEAPubKey(keaParams.originatorKEAKey.data, - keaParams.originatorKEAKey.len); - if (senderPubKey == NULL) - { - p7dcx->error = PORT_GetError(); - PORT_SetError(0); - goto no_key_found; - } - - /* Generate the TEK (token exchange key) which we use - to unwrap the bulk encryption key. */ - tek = PK11_PubDerive(privkey, senderPubKey, - PR_FALSE, - &keaParams.originatorRA, - NULL, - CKM_KEA_KEY_DERIVE, CKM_SKIPJACK_WRAP, - CKA_WRAP, 0, p7dcx->pwfn_arg); - SECKEY_DestroyPublicKey(senderPubKey); - - if (tek == NULL) - { - p7dcx->error = PORT_GetError(); - PORT_SetError(0); - goto no_key_found; - } - - /* Now that we have the TEK, unwrap the bulk key - with which to decrypt the message. We have to - do one of two different things depending on - whether Skipjack was used for bulk encryption - of the message. */ - bulkType = PK11_AlgtagToMechanism (bulkalgtag); - switch(bulkType) - { - case CKM_SKIPJACK_CBC64: - case CKM_SKIPJACK_ECB64: - case CKM_SKIPJACK_OFB64: - case CKM_SKIPJACK_CFB64: - case CKM_SKIPJACK_CFB32: - case CKM_SKIPJACK_CFB16: - case CKM_SKIPJACK_CFB8: - /* Skipjack is being used as the bulk encryption algorithm.*/ - /* Unwrap the bulk key. */ - bulkkey = PK11_UnwrapSymKey(tek, CKM_SKIPJACK_WRAP, - NULL, &ri->encKey, - CKM_SKIPJACK_CBC64, - CKA_DECRYPT, 0); - break; - default: - /* Skipjack was not used for bulk encryption of this - message. Use Skipjack CBC64, with the nonSkipjackIV - part of the KEA key parameters, to decrypt - the bulk key. If we got a parameter indicating that the - bulk key size is different than the encrypted key size, - pass in the real key size. */ - - /* Check for specified bulk key length (unspecified implies - that the bulk key length is the same as encrypted length) */ - if (keaParams.bulkKeySize.len > 0) - { - p7dcx->error = SEC_ASN1DecodeItem(NULL, &bulkLength, - SEC_ASN1_GET(SEC_IntegerTemplate), - &keaParams.bulkKeySize); - } - - if (p7dcx->error != SECSuccess) - goto no_key_found; - - bulkkey = PK11_UnwrapSymKey(tek, CKM_SKIPJACK_CBC64, - &keaParams.nonSkipjackIV, - &ri->encKey, - bulkType, - CKA_DECRYPT, bulkLength); - } - - - if (bulkkey == NULL) - { - p7dcx->error = PORT_GetError(); - PORT_SetError(0); - goto no_key_found; - } - break; - } default: p7dcx->error = SEC_ERROR_UNSUPPORTED_KEYALG; break; diff --git a/mozilla/security/nss/lib/pkcs7/p7encode.c b/mozilla/security/nss/lib/pkcs7/p7encode.c index d59eb73ca0b..f5a0c8fbb7b 100644 --- a/mozilla/security/nss/lib/pkcs7/p7encode.c +++ b/mozilla/security/nss/lib/pkcs7/p7encode.c @@ -38,7 +38,7 @@ /* * PKCS7 encoding. * - * $Id: p7encode.c,v 1.13 2008-03-10 00:01:26 wtc%google.com Exp $ + * $Id: p7encode.c,v 1.14 2011-08-21 01:14:17 wtc%google.com Exp $ */ #include "p7local.h" @@ -91,7 +91,6 @@ sec_pkcs7_encoder_start_encrypt (SEC_PKCS7ContentInfo *cinfo, sec_PKCS7CipherObject *encryptobj; SEC_PKCS7RecipientInfo **recipientinfos, *ri; SEC_PKCS7EncryptedContentInfo *enccinfo; - SEC_PKCS7SMIMEKEAParameters keaParams; SECKEYPublicKey *publickey = NULL; SECKEYPrivateKey *ourPrivKey = NULL; PK11SymKey *bulkkey; @@ -102,9 +101,6 @@ sec_pkcs7_encoder_start_encrypt (SEC_PKCS7ContentInfo *cinfo, /* Get the context in case we need it below. */ wincx = cinfo->pwfn_arg; - /* Clear keaParams, since cleanup code checks the lengths */ - (void) memset(&keaParams, 0, sizeof(keaParams)); - kind = SEC_PKCS7ContentType (cinfo); switch (kind) { default: @@ -197,8 +193,7 @@ sec_pkcs7_encoder_start_encrypt (SEC_PKCS7ContentInfo *cinfo, * down into the subjectPublicKeyInfo myself) and another which * takes a public key and algorithm tag and data and encrypts * the data. Or something like that. The point is that all - * of the following hardwired RSA and KEA stuff should be done - * elsewhere. + * of the following hardwired RSA stuff should be done elsewhere. */ certalgtag=SECOID_GetAlgorithmTag(&(cert->subjectPublicKeyInfo.algorithm)); @@ -223,149 +218,6 @@ sec_pkcs7_encoder_start_encrypt (SEC_PKCS7ContentInfo *cinfo, if (rv != SECSuccess) goto loser; params = NULL; /* paranoia */ break; - /* ### mwelch -- KEA */ - case SEC_OID_MISSI_KEA_DSS_OLD: - case SEC_OID_MISSI_KEA_DSS: - case SEC_OID_MISSI_KEA: - { -#define SMIME_FORTEZZA_RA_LENGTH 128 -#define SMIME_FORTEZZA_IV_LENGTH 24 -#define SMIME_FORTEZZA_MAX_KEY_SIZE 256 - SECStatus err; - PK11SymKey *tek; - CERTCertificate *ourCert; - SECKEYPublicKey *ourPubKey; - SECKEATemplateSelector whichKEA = SECKEAInvalid; - - /* We really want to show our KEA tag as the - key exchange algorithm tag. */ - encalgtag = SEC_OID_NETSCAPE_SMIME_KEA; - - /* Get the public key of the recipient. */ - publickey = CERT_ExtractPublicKey(cert); - if (publickey == NULL) goto loser; - - /* Find our own cert, and extract its keys. */ - ourCert = PK11_FindBestKEAMatch(cert,wincx); - if (ourCert == NULL) goto loser; - - arena = PORT_NewArena(1024); - if (arena == NULL) goto loser; - - ourPubKey = CERT_ExtractPublicKey(ourCert); - if (ourPubKey == NULL) - { - CERT_DestroyCertificate(ourCert); - goto loser; - } - - /* While we're here, copy the public key into the outgoing - * KEA parameters. */ - SECITEM_CopyItem(arena, &(keaParams.originatorKEAKey), - &(ourPubKey->u.fortezza.KEAKey)); - SECKEY_DestroyPublicKey(ourPubKey); - ourPubKey = NULL; - - /* Extract our private key in order to derive the - * KEA key. */ - ourPrivKey = PK11_FindKeyByAnyCert(ourCert,wincx); - CERT_DestroyCertificate(ourCert); /* we're done with this */ - if (!ourPrivKey) goto loser; - - /* Prepare raItem with 128 bytes (filled with zeros). */ - keaParams.originatorRA.data = - (unsigned char*)PORT_ArenaAlloc(arena,SMIME_FORTEZZA_RA_LENGTH); - keaParams.originatorRA.len = SMIME_FORTEZZA_RA_LENGTH; - - - /* Generate the TEK (token exchange key) which we use - * to wrap the bulk encryption key. (raItem) will be - * filled with a random seed which we need to send to - * the recipient. */ - tek = PK11_PubDerive(ourPrivKey, publickey, PR_TRUE, - &keaParams.originatorRA, NULL, - CKM_KEA_KEY_DERIVE, CKM_SKIPJACK_WRAP, - CKA_WRAP, 0, wincx); - - SECKEY_DestroyPublicKey(publickey); - SECKEY_DestroyPrivateKey(ourPrivKey); - publickey = NULL; - ourPrivKey = NULL; - - if (!tek) - goto loser; - - ri->encKey.data = (unsigned char*)PORT_ArenaAlloc(cinfo->poolp, - SMIME_FORTEZZA_MAX_KEY_SIZE); - ri->encKey.len = SMIME_FORTEZZA_MAX_KEY_SIZE; - - if (ri->encKey.data == NULL) - { - PK11_FreeSymKey(tek); - goto loser; - } - - /* Wrap the bulk key. What we do with the resulting data - depends on whether we're using Skipjack to wrap the key. */ - switch(PK11_AlgtagToMechanism(enccinfo->encalg)) - { - case CKM_SKIPJACK_CBC64: - case CKM_SKIPJACK_ECB64: - case CKM_SKIPJACK_OFB64: - case CKM_SKIPJACK_CFB64: - case CKM_SKIPJACK_CFB32: - case CKM_SKIPJACK_CFB16: - case CKM_SKIPJACK_CFB8: - /* do SKIPJACK, we use the wrap mechanism */ - err = PK11_WrapSymKey(CKM_SKIPJACK_WRAP, NULL, - tek, bulkkey, &ri->encKey); - whichKEA = SECKEAUsesSkipjack; - break; - default: - /* Not SKIPJACK, we encrypt the raw key data */ - keaParams.nonSkipjackIV .data = - (unsigned char*)PORT_ArenaAlloc(arena, - SMIME_FORTEZZA_IV_LENGTH); - keaParams.nonSkipjackIV.len = SMIME_FORTEZZA_IV_LENGTH; - err = PK11_WrapSymKey(CKM_SKIPJACK_CBC64, - &keaParams.nonSkipjackIV, - tek, bulkkey, &ri->encKey); - if (err != SECSuccess) - goto loser; - - if (ri->encKey.len != PK11_GetKeyLength(bulkkey)) - { - /* The size of the encrypted key is not the same as - that of the original bulk key, presumably due to - padding. Encode and store the real size of the - bulk key. */ - if (SEC_ASN1EncodeInteger(arena, - &keaParams.bulkKeySize, - PK11_GetKeyLength(bulkkey)) - == NULL) - err = (SECStatus)PORT_GetError(); - else - /* use full template for encoding */ - whichKEA = SECKEAUsesNonSkipjackWithPaddedEncKey; - } - else - /* enc key length == bulk key length */ - whichKEA = SECKEAUsesNonSkipjack; - break; - } - - PK11_FreeSymKey(tek); - if (err != SECSuccess) - goto loser; - - PORT_Assert( whichKEA != SECKEAInvalid); - - /* Encode the KEA parameters into the recipient info. */ - params = SEC_ASN1EncodeItem(arena,NULL, &keaParams, - sec_pkcs7_get_kea_template(whichKEA)); - if (params == NULL) goto loser; - break; - } default: PORT_SetError (SEC_ERROR_INVALID_ALGORITHM); goto loser; @@ -940,10 +792,6 @@ sec_pkcs7_encoder_sig_and_certs (SEC_PKCS7ContentInfo *cinfo, */ signalgtag = SECOID_GetAlgorithmTag (&(cert->subjectPublicKeyInfo.algorithm)); - /* Fortezza MISSI have weird signature formats. Map them - * to standard DSA formats */ - signalgtag = PK11_FortezzaMapSig(signalgtag); - if (signerinfo->authAttr != NULL) { SEC_PKCS7Attribute *attr; SECItem encoded_attrs; diff --git a/mozilla/security/nss/lib/pkcs7/p7local.c b/mozilla/security/nss/lib/pkcs7/p7local.c index 721f1219eea..77aae305c34 100644 --- a/mozilla/security/nss/lib/pkcs7/p7local.c +++ b/mozilla/security/nss/lib/pkcs7/p7local.c @@ -40,7 +40,7 @@ * encoding/creation side *and* the decoding/decryption side. Anything * else should be static routines in the appropriate file. * - * $Id: p7local.c,v 1.14 2010-03-15 07:25:14 nelson%bolyard.com Exp $ + * $Id: p7local.c,v 1.15 2011-08-21 01:14:17 wtc%google.com Exp $ */ #include "p7local.h" @@ -1308,63 +1308,6 @@ static const SEC_ASN1Template SEC_PointerToPKCS7EncryptedDataTemplate[] = { { SEC_ASN1_POINTER, 0, SEC_PKCS7EncryptedDataTemplate } }; -const SEC_ASN1Template SEC_SMIMEKEAParamTemplateSkipjack[] = { - { SEC_ASN1_SEQUENCE, - 0, NULL, sizeof(SEC_PKCS7SMIMEKEAParameters) }, - { SEC_ASN1_OCTET_STRING /* | SEC_ASN1_OPTIONAL */, - offsetof(SEC_PKCS7SMIMEKEAParameters,originatorKEAKey) }, - { SEC_ASN1_OCTET_STRING, - offsetof(SEC_PKCS7SMIMEKEAParameters,originatorRA) }, - { 0 } -}; - -const SEC_ASN1Template SEC_SMIMEKEAParamTemplateNoSkipjack[] = { - { SEC_ASN1_SEQUENCE, - 0, NULL, sizeof(SEC_PKCS7SMIMEKEAParameters) }, - { SEC_ASN1_OCTET_STRING /* | SEC_ASN1_OPTIONAL */, - offsetof(SEC_PKCS7SMIMEKEAParameters,originatorKEAKey) }, - { SEC_ASN1_OCTET_STRING, - offsetof(SEC_PKCS7SMIMEKEAParameters,originatorRA) }, - { SEC_ASN1_OCTET_STRING | SEC_ASN1_OPTIONAL , - offsetof(SEC_PKCS7SMIMEKEAParameters,nonSkipjackIV) }, - { 0 } -}; - -const SEC_ASN1Template SEC_SMIMEKEAParamTemplateAllParams[] = { - { SEC_ASN1_SEQUENCE, - 0, NULL, sizeof(SEC_PKCS7SMIMEKEAParameters) }, - { SEC_ASN1_OCTET_STRING /* | SEC_ASN1_OPTIONAL */, - offsetof(SEC_PKCS7SMIMEKEAParameters,originatorKEAKey) }, - { SEC_ASN1_OCTET_STRING, - offsetof(SEC_PKCS7SMIMEKEAParameters,originatorRA) }, - { SEC_ASN1_OCTET_STRING | SEC_ASN1_OPTIONAL , - offsetof(SEC_PKCS7SMIMEKEAParameters,nonSkipjackIV) }, - { SEC_ASN1_OCTET_STRING | SEC_ASN1_OPTIONAL , - offsetof(SEC_PKCS7SMIMEKEAParameters,bulkKeySize) }, - { 0 } -}; - -const SEC_ASN1Template* -sec_pkcs7_get_kea_template(SECKEATemplateSelector whichTemplate) -{ - const SEC_ASN1Template *returnVal = NULL; - - switch(whichTemplate) - { - case SECKEAUsesNonSkipjack: - returnVal = SEC_SMIMEKEAParamTemplateNoSkipjack; - break; - case SECKEAUsesSkipjack: - returnVal = SEC_SMIMEKEAParamTemplateSkipjack; - break; - case SECKEAUsesNonSkipjackWithPaddedEncKey: - default: - returnVal = SEC_SMIMEKEAParamTemplateAllParams; - break; - } - return returnVal; -} - static const SEC_ASN1Template * sec_pkcs7_choose_content_template(void *src_or_dest, PRBool encoding) { diff --git a/mozilla/security/nss/lib/pkcs7/p7local.h b/mozilla/security/nss/lib/pkcs7/p7local.h index 870f5cfa15d..bcf72ef75c6 100644 --- a/mozilla/security/nss/lib/pkcs7/p7local.h +++ b/mozilla/security/nss/lib/pkcs7/p7local.h @@ -45,7 +45,7 @@ * you. If that has a problem, then just move out what you need, changing * its name as appropriate! * - * $Id: p7local.h,v 1.2 2004-04-25 15:03:13 gerv%gerv.net Exp $ + * $Id: p7local.h,v 1.3 2011-08-21 01:14:17 wtc%google.com Exp $ */ #ifndef _P7LOCAL_H_ @@ -167,12 +167,6 @@ extern SECStatus sec_PKCS7Encrypt (sec_PKCS7CipherObject *obj, unsigned int input_len, PRBool final); -/* return the correct kea template based on the template selector. skipjack - * does not have the extra IV. - */ -const SEC_ASN1Template * -sec_pkcs7_get_kea_template(SECKEATemplateSelector whichTemplate); - /************************************************************************/ SEC_END_PROTOS diff --git a/mozilla/security/nss/lib/pkcs7/pkcs7t.h b/mozilla/security/nss/lib/pkcs7/pkcs7t.h index 6c8531c002d..105cca7987a 100644 --- a/mozilla/security/nss/lib/pkcs7/pkcs7t.h +++ b/mozilla/security/nss/lib/pkcs7/pkcs7t.h @@ -37,7 +37,7 @@ /* * Header for pkcs7 types. * - * $Id: pkcs7t.h,v 1.6 2008-06-14 14:20:24 wtc%google.com Exp $ + * $Id: pkcs7t.h,v 1.7 2011-08-21 01:14:17 wtc%google.com Exp $ */ #ifndef _PKCS7T_H_ @@ -98,7 +98,6 @@ typedef struct SEC_PKCS7SignerInfoStr SEC_PKCS7SignerInfo; typedef struct SEC_PKCS7RecipientInfoStr SEC_PKCS7RecipientInfo; typedef struct SEC_PKCS7DigestedDataStr SEC_PKCS7DigestedData; typedef struct SEC_PKCS7EncryptedDataStr SEC_PKCS7EncryptedData; -typedef struct SEC_PKCS7SMIMEKEAParametersStr SEC_PKCS7SMIMEKEAParameters; /* * The following is not actually a PKCS7 type, but for now it is only * used by PKCS7, so we have adopted it. If someone else *ever* needs @@ -223,35 +222,6 @@ struct SEC_PKCS7AttributeStr { PRBool encoded; /* when true, values are encoded */ }; -/* An enumerated type used to select templates based on the encryption - scenario and data specifics. */ -typedef enum -{ - SECKEAInvalid = -1, - SECKEAUsesSkipjack = 0, - SECKEAUsesNonSkipjack = 1, - SECKEAUsesNonSkipjackWithPaddedEncKey = 2 -} SECKEATemplateSelector; - -/* ### mwelch - S/MIME KEA parameters. These don't really fit here, - but I cannot think of a more appropriate place at this time. */ -struct SEC_PKCS7SMIMEKEAParametersStr { - SECItem originatorKEAKey; /* sender KEA key (encrypted?) */ - SECItem originatorRA; /* random number generated by sender */ - SECItem nonSkipjackIV; /* init'n vector for SkipjackCBC64 - decryption of KEA key if Skipjack - is not the bulk algorithm used on - the message */ - SECItem bulkKeySize; /* if Skipjack is not the bulk - algorithm used on the message, - and the size of the bulk encryption - key is not the same as that of - originatorKEAKey (due to padding - perhaps), this field will contain - the real size of the bulk encryption - key. */ -}; - /* * Type of function passed to SEC_PKCS7Decode or SEC_PKCS7DecoderStart. * If specified, this is where the content bytes (only) will be "sent" diff --git a/mozilla/security/nss/lib/pkcs7/secmime.c b/mozilla/security/nss/lib/pkcs7/secmime.c index 83c2a2bf906..b4a5d784336 100644 --- a/mozilla/security/nss/lib/pkcs7/secmime.c +++ b/mozilla/security/nss/lib/pkcs7/secmime.c @@ -38,7 +38,7 @@ * Stuff specific to S/MIME policy and interoperability. * Depends on PKCS7, but there should be no dependency the other way around. * - * $Id: secmime.c,v 1.4 2004-06-18 00:38:45 jpierre%netscape.com Exp $ + * $Id: secmime.c,v 1.5 2011-08-21 01:14:17 wtc%google.com Exp $ */ #include "secmime.h" @@ -87,8 +87,7 @@ static smime_cipher_map smime_cipher_maps[] = { { SMIME_RC5PAD_64_16_128, SEC_OID_RC5_CBC_PAD, &smime_rc5p128 }, #endif { SMIME_DES_CBC_56, SEC_OID_DES_CBC, NULL }, - { SMIME_DES_EDE3_168, SEC_OID_DES_EDE3_CBC, NULL }, - { SMIME_FORTEZZA, SEC_OID_FORTEZZA_SKIPJACK, NULL} + { SMIME_DES_EDE3_168, SEC_OID_DES_EDE3_CBC, NULL } }; /* @@ -252,8 +251,6 @@ smime_policy_algorithm (SECAlgorithmID *algid, PK11SymKey *key) return SMIME_DES_CBC_56; case SEC_OID_DES_EDE3_CBC: return SMIME_DES_EDE3_168; - case SEC_OID_FORTEZZA_SKIPJACK: - return SMIME_FORTEZZA; #ifdef SMIME_DOES_RC5 case SEC_OID_RC5_CBC_PAD: PORT_Assert (0); /* XXX need to pull out parameters and match */ @@ -403,8 +400,7 @@ smime_choose_cipher (CERTCertificate *scert, CERTCertificate **rcerts) int *cipher_abilities; int *cipher_votes; int strong_mapi; - int rcount, mapi, max, i; - PRBool isFortezza = PK11_FortezzaHasKEA(scert); + int rcount, mapi, max; if (smime_policy_bits == 0) { PORT_SetError (SEC_ERROR_BAD_EXPORT_ALGORITHM); @@ -429,23 +425,11 @@ smime_choose_cipher (CERTCertificate *scert, CERTCertificate **rcerts) /* * XXX Should have a #define somewhere which specifies default - * strong cipher. (Or better, a way to configure, which would - * take Fortezza into account as well.) + * strong cipher. (Or better, a way to configure.) */ - /* If the user has the Fortezza preference turned on, make - * that the strong cipher. Otherwise, use triple-DES. */ - strong_mapi = -1; - if (isFortezza) { - for(i=0;i < smime_current_pref_index && strong_mapi < 0;i++) - { - if (smime_prefs[i] == SMIME_FORTEZZA) - strong_mapi = smime_mapi_by_cipher(SMIME_FORTEZZA); - } - } - - if (strong_mapi == -1) - strong_mapi = smime_mapi_by_cipher (SMIME_DES_EDE3_168); + /* Make triple-DES the strong cipher. */ + strong_mapi = smime_mapi_by_cipher (SMIME_DES_EDE3_168); PORT_Assert (strong_mapi >= 0); @@ -505,8 +489,6 @@ smime_choose_cipher (CERTCertificate *scert, CERTCertificate **rcerts) continue; if (! smime_cipher_allowed (smime_cipher_maps[mapi].cipher)) continue; - if (!isFortezza && (smime_cipher_maps[mapi].cipher == SMIME_FORTEZZA)) - continue; if (cipher_votes[mapi] > max) { chosen_cipher = smime_cipher_maps[mapi].cipher; max = cipher_votes[mapi]; @@ -553,7 +535,6 @@ smime_keysize_by_cipher (unsigned long which) #endif case SMIME_DES_CBC_56: case SMIME_DES_EDE3_168: - case SMIME_FORTEZZA: /* * These are special; since the key size is fixed, we actually * want to *avoid* specifying a key size. @@ -642,21 +623,18 @@ SECMIME_CreateEncrypted(CERTCertificate *scert, static smime_capability **smime_capabilities; static SECItem *smime_encoded_caps; -static PRBool lastUsedFortezza; static SECStatus -smime_init_caps (PRBool isFortezza) +smime_init_caps (void) { smime_capability *cap; smime_cipher_map *map; SECOidData *oiddata; SECStatus rv; - int i, capIndex; + int i; - if (smime_encoded_caps != NULL - && (! smime_prefs_changed) - && lastUsedFortezza == isFortezza) + if (smime_encoded_caps != NULL && (! smime_prefs_changed)) return SECSuccess; if (smime_encoded_caps != NULL) { @@ -690,17 +668,8 @@ smime_init_caps (PRBool isFortezza) (In the process of performing (a), Lisa put in some optimizations which allow us to avoid needlessly re-populating elements in smime_capabilities as we walk through smime_prefs.) - - We want to use separate loop variables for smime_prefs and - smime_capabilities because in the case where the Skipjack cipher - is turned on in the prefs, but where we don't want to include - Skipjack in the encoded capabilities (presumably due to using a - non-fortezza cert when sending a message), we want to avoid creating - an empty element in smime_capabilities. This would otherwise cause - the encoding step to produce an empty set, since Skipjack happens - to be the first cipher in smime_prefs, if it is turned on. */ - for (i = 0, capIndex = 0; i < smime_current_pref_index; i++, capIndex++) { + for (i = 0; i < smime_current_pref_index; i++) { int mapi; /* Get the next cipher preference in smime_prefs. */ @@ -712,26 +681,17 @@ smime_init_caps (PRBool isFortezza) PORT_Assert (mapi < smime_symmetric_count); map = &(smime_cipher_maps[mapi]); - /* If we're using a non-Fortezza cert, only advertise non-Fortezza - capabilities. (We advertise all capabilities if we have a - Fortezza cert.) */ - if ((!isFortezza) && (map->cipher == SMIME_FORTEZZA)) - { - capIndex--; /* we want to visit the same caps index entry next time */ - continue; - } - /* * Convert the next preference found in smime_prefs into an * smime_capability. */ - cap = smime_capabilities[capIndex]; + cap = smime_capabilities[i]; if (cap == NULL) { cap = (smime_capability*)PORT_ZAlloc (sizeof(smime_capability)); if (cap == NULL) break; - smime_capabilities[capIndex] = cap; + smime_capabilities[i] = cap; } else if (cap->cipher == smime_prefs[i]) { continue; /* no change to this one */ } @@ -765,24 +725,22 @@ smime_init_caps (PRBool isFortezza) if (i != smime_current_pref_index) return rv; - while (capIndex < smime_symmetric_count) { - cap = smime_capabilities[capIndex]; + while (i < smime_symmetric_count) { + cap = smime_capabilities[i]; if (cap != NULL) { SECITEM_FreeItem (&(cap->capabilityID), PR_FALSE); PORT_Free (cap); } - smime_capabilities[capIndex] = NULL; - capIndex++; + smime_capabilities[i] = NULL; + i++; } - smime_capabilities[capIndex] = NULL; + smime_capabilities[i] = NULL; smime_encoded_caps = SEC_ASN1EncodeItem (NULL, NULL, &smime_capabilities, smime_capabilities_template); if (smime_encoded_caps == NULL) return SECFailure; - lastUsedFortezza = isFortezza; - return SECSuccess; } @@ -790,22 +748,16 @@ smime_init_caps (PRBool isFortezza) static SECStatus smime_add_profile (CERTCertificate *cert, SEC_PKCS7ContentInfo *cinfo) { - PRBool isFortezza = PR_FALSE; - PORT_Assert (smime_prefs_complete); if (! smime_prefs_complete) return SECFailure; - /* See if the sender's cert specifies Fortezza key exchange. */ - if (cert != NULL) - isFortezza = PK11_FortezzaHasKEA(cert); - /* For that matter, if capabilities haven't been initialized yet, do so now. */ - if (isFortezza != lastUsedFortezza || smime_encoded_caps == NULL || smime_prefs_changed) { + if (smime_encoded_caps == NULL || smime_prefs_changed) { SECStatus rv; - rv = smime_init_caps(isFortezza); + rv = smime_init_caps(); if (rv != SECSuccess) return rv; diff --git a/mozilla/security/nss/lib/smime/cmsasn1.c b/mozilla/security/nss/lib/smime/cmsasn1.c index 78cc546338d..d9570f85a98 100644 --- a/mozilla/security/nss/lib/smime/cmsasn1.c +++ b/mozilla/security/nss/lib/smime/cmsasn1.c @@ -37,7 +37,7 @@ /* * CMS ASN.1 templates * - * $Id: cmsasn1.c,v 1.9 2011-01-31 23:56:30 rrelyea%redhat.com Exp $ + * $Id: cmsasn1.c,v 1.10 2011-08-21 01:14:18 wtc%google.com Exp $ */ #include "cmslocal.h" @@ -493,66 +493,6 @@ const SEC_ASN1Template NSS_PointerToCMSGenericWrapperDataTemplate[] = { SEC_ASN1_CHOOSER_IMPLEMENT(NSS_PointerToCMSGenericWrapperDataTemplate); -/* ----------------------------------------------------------------------------- - * FORTEZZA KEA - */ -const SEC_ASN1Template NSS_SMIMEKEAParamTemplateSkipjack[] = { - { SEC_ASN1_SEQUENCE, - 0, NULL, sizeof(NSSCMSSMIMEKEAParameters) }, - { SEC_ASN1_OCTET_STRING /* | SEC_ASN1_OPTIONAL */, - offsetof(NSSCMSSMIMEKEAParameters,originatorKEAKey) }, - { SEC_ASN1_OCTET_STRING, - offsetof(NSSCMSSMIMEKEAParameters,originatorRA) }, - { 0 } -}; - -const SEC_ASN1Template NSS_SMIMEKEAParamTemplateNoSkipjack[] = { - { SEC_ASN1_SEQUENCE, - 0, NULL, sizeof(NSSCMSSMIMEKEAParameters) }, - { SEC_ASN1_OCTET_STRING /* | SEC_ASN1_OPTIONAL */, - offsetof(NSSCMSSMIMEKEAParameters,originatorKEAKey) }, - { SEC_ASN1_OCTET_STRING, - offsetof(NSSCMSSMIMEKEAParameters,originatorRA) }, - { SEC_ASN1_OCTET_STRING | SEC_ASN1_OPTIONAL , - offsetof(NSSCMSSMIMEKEAParameters,nonSkipjackIV) }, - { 0 } -}; - -const SEC_ASN1Template NSS_SMIMEKEAParamTemplateAllParams[] = { - { SEC_ASN1_SEQUENCE, - 0, NULL, sizeof(NSSCMSSMIMEKEAParameters) }, - { SEC_ASN1_OCTET_STRING /* | SEC_ASN1_OPTIONAL */, - offsetof(NSSCMSSMIMEKEAParameters,originatorKEAKey) }, - { SEC_ASN1_OCTET_STRING, - offsetof(NSSCMSSMIMEKEAParameters,originatorRA) }, - { SEC_ASN1_OCTET_STRING | SEC_ASN1_OPTIONAL , - offsetof(NSSCMSSMIMEKEAParameters,nonSkipjackIV) }, - { SEC_ASN1_OCTET_STRING | SEC_ASN1_OPTIONAL , - offsetof(NSSCMSSMIMEKEAParameters,bulkKeySize) }, - { 0 } -}; - -const SEC_ASN1Template * -nss_cms_get_kea_template(NSSCMSKEATemplateSelector whichTemplate) -{ - const SEC_ASN1Template *returnVal = NULL; - - switch(whichTemplate) - { - case NSSCMSKEAUsesNonSkipjack: - returnVal = NSS_SMIMEKEAParamTemplateNoSkipjack; - break; - case NSSCMSKEAUsesSkipjack: - returnVal = NSS_SMIMEKEAParamTemplateSkipjack; - break; - case NSSCMSKEAUsesNonSkipjackWithPaddedEncKey: - default: - returnVal = NSS_SMIMEKEAParamTemplateAllParams; - break; - } - return returnVal; -} - /* ----------------------------------------------------------------------------- * */ diff --git a/mozilla/security/nss/lib/smime/cmsencode.c b/mozilla/security/nss/lib/smime/cmsencode.c index d2cd3bcf64e..819994e4bdf 100644 --- a/mozilla/security/nss/lib/smime/cmsencode.c +++ b/mozilla/security/nss/lib/smime/cmsencode.c @@ -37,7 +37,7 @@ /* * CMS encoding. * - * $Id: cmsencode.c,v 1.11 2011-02-11 01:53:17 emaldona%redhat.com Exp $ + * $Id: cmsencode.c,v 1.12 2011-08-21 01:14:18 wtc%google.com Exp $ */ #include "cmslocal.h" @@ -726,7 +726,6 @@ NSS_CMSEncoder_Finish(NSSCMSEncoderContext *p7ecx) { SECStatus rv = SECFailure; NSSCMSContentInfo *cinfo; - SECOidTag childtype; /* * Finish any inner decoders before us so that all the encoded data is flushed diff --git a/mozilla/security/nss/lib/smime/cmslocal.h b/mozilla/security/nss/lib/smime/cmslocal.h index e7f2f30889a..0d044c9f49c 100644 --- a/mozilla/security/nss/lib/smime/cmslocal.h +++ b/mozilla/security/nss/lib/smime/cmslocal.h @@ -42,7 +42,7 @@ * you. If that has a problem, then just move out what you need, changing * its name as appropriate! * - * $Id: cmslocal.h,v 1.6 2011-01-28 23:03:59 rrelyea%redhat.com Exp $ + * $Id: cmslocal.h,v 1.7 2011-08-21 01:14:18 wtc%google.com Exp $ */ #ifndef _CMSLOCAL_H_ @@ -199,14 +199,6 @@ NSS_CMSUtil_EncryptSymKey_RSAPubKey(PLArenaPool *poolp, extern PK11SymKey * NSS_CMSUtil_DecryptSymKey_RSA(SECKEYPrivateKey *privkey, SECItem *encKey, SECOidTag bulkalgtag); -extern SECStatus -NSS_CMSUtil_EncryptSymKey_MISSI(PLArenaPool *poolp, CERTCertificate *cert, PK11SymKey *key, - SECOidTag symalgtag, SECItem *encKey, SECItem **pparams, void *pwfn_arg); - -extern PK11SymKey * -NSS_CMSUtil_DecryptSymKey_MISSI(SECKEYPrivateKey *privkey, SECItem *encKey, - SECAlgorithmID *keyEncAlg, SECOidTag bulkalgtag, void *pwfn_arg); - extern SECStatus NSS_CMSUtil_EncryptSymKey_ESDH(PLArenaPool *poolp, CERTCertificate *cert, PK11SymKey *key, SECItem *encKey, SECItem **ukm, SECAlgorithmID *keyEncAlg, diff --git a/mozilla/security/nss/lib/smime/cmspubkey.c b/mozilla/security/nss/lib/smime/cmspubkey.c index 4544859b234..0f8f8607108 100644 --- a/mozilla/security/nss/lib/smime/cmspubkey.c +++ b/mozilla/security/nss/lib/smime/cmspubkey.c @@ -37,7 +37,7 @@ /* * CMS public key crypto * - * $Id: cmspubkey.c,v 1.7 2004-04-25 15:03:16 gerv%gerv.net Exp $ + * $Id: cmspubkey.c,v 1.8 2011-08-21 01:14:18 wtc%google.com Exp $ */ #include "cmslocal.h" @@ -141,252 +141,6 @@ NSS_CMSUtil_DecryptSymKey_RSA(SECKEYPrivateKey *privkey, SECItem *encKey, SECOid return PK11_PubUnwrapSymKey(privkey, encKey, target, CKA_DECRYPT, 0); } -/* ====== MISSI (Fortezza) ========================================================== */ - -extern const SEC_ASN1Template NSS_SMIMEKEAParamTemplateAllParams[]; - -SECStatus -NSS_CMSUtil_EncryptSymKey_MISSI(PLArenaPool *poolp, CERTCertificate *cert, PK11SymKey *bulkkey, - SECOidTag symalgtag, SECItem *encKey, SECItem **pparams, void *pwfn_arg) -{ - SECOidTag certalgtag; /* the certificate's encryption algorithm */ - SECOidTag encalgtag; /* the algorithm used for key exchange/agreement */ - SECStatus rv = SECFailure; - SECItem *params = NULL; - SECStatus err; - PK11SymKey *tek; - CERTCertificate *ourCert; - SECKEYPublicKey *ourPubKey, *publickey = NULL; - SECKEYPrivateKey *ourPrivKey = NULL; - NSSCMSKEATemplateSelector whichKEA = NSSCMSKEAInvalid; - NSSCMSSMIMEKEAParameters keaParams; - PLArenaPool *arena = NULL; - extern const SEC_ASN1Template *nss_cms_get_kea_template(NSSCMSKEATemplateSelector whichTemplate); - - /* Clear keaParams, since cleanup code checks the lengths */ - (void) memset(&keaParams, 0, sizeof(keaParams)); - - certalgtag = SECOID_GetAlgorithmTag(&(cert->subjectPublicKeyInfo.algorithm)); - PORT_Assert(certalgtag == SEC_OID_MISSI_KEA_DSS_OLD || - certalgtag == SEC_OID_MISSI_KEA_DSS || - certalgtag == SEC_OID_MISSI_KEA); - -#define SMIME_FORTEZZA_RA_LENGTH 128 -#define SMIME_FORTEZZA_IV_LENGTH 24 -#define SMIME_FORTEZZA_MAX_KEY_SIZE 256 - - /* We really want to show our KEA tag as the key exchange algorithm tag. */ - encalgtag = SEC_OID_NETSCAPE_SMIME_KEA; - - /* Get the public key of the recipient. */ - publickey = CERT_ExtractPublicKey(cert); - if (publickey == NULL) goto loser; - - /* Find our own cert, and extract its keys. */ - ourCert = PK11_FindBestKEAMatch(cert, pwfn_arg); - if (ourCert == NULL) goto loser; - - arena = PORT_NewArena(1024); - if (arena == NULL) - goto loser; - - ourPubKey = CERT_ExtractPublicKey(ourCert); - if (ourPubKey == NULL) { - CERT_DestroyCertificate(ourCert); - goto loser; - } - - /* While we're here, copy the public key into the outgoing - * KEA parameters. */ - SECITEM_CopyItem(arena, &(keaParams.originatorKEAKey), &(ourPubKey->u.fortezza.KEAKey)); - SECKEY_DestroyPublicKey(ourPubKey); - ourPubKey = NULL; - - /* Extract our private key in order to derive the KEA key. */ - ourPrivKey = PK11_FindKeyByAnyCert(ourCert, pwfn_arg); - CERT_DestroyCertificate(ourCert); /* we're done with this */ - if (!ourPrivKey) - goto loser; - - /* Prepare raItem with 128 bytes (filled with zeros). */ - keaParams.originatorRA.data = (unsigned char *)PORT_ArenaAlloc(arena,SMIME_FORTEZZA_RA_LENGTH); - keaParams.originatorRA.len = SMIME_FORTEZZA_RA_LENGTH; - - /* Generate the TEK (token exchange key) which we use - * to wrap the bulk encryption key. (keaparams.originatorRA) will be - * filled with a random seed which we need to send to - * the recipient. (user keying material in RFC2630/DSA speak) */ - tek = PK11_PubDerive(ourPrivKey, publickey, PR_TRUE, - &keaParams.originatorRA, NULL, - CKM_KEA_KEY_DERIVE, CKM_SKIPJACK_WRAP, - CKA_WRAP, 0, pwfn_arg); - - SECKEY_DestroyPublicKey(publickey); - SECKEY_DestroyPrivateKey(ourPrivKey); - publickey = NULL; - ourPrivKey = NULL; - - if (!tek) - goto loser; - - /* allocate space for the wrapped key data */ - encKey->data = (unsigned char *)PORT_ArenaAlloc(poolp, SMIME_FORTEZZA_MAX_KEY_SIZE); - encKey->len = SMIME_FORTEZZA_MAX_KEY_SIZE; - - if (encKey->data == NULL) { - PK11_FreeSymKey(tek); - goto loser; - } - - /* Wrap the bulk key. What we do with the resulting data - depends on whether we're using Skipjack to wrap the key. */ - switch (PK11_AlgtagToMechanism(symalgtag)) { - case CKM_SKIPJACK_CBC64: - case CKM_SKIPJACK_ECB64: - case CKM_SKIPJACK_OFB64: - case CKM_SKIPJACK_CFB64: - case CKM_SKIPJACK_CFB32: - case CKM_SKIPJACK_CFB16: - case CKM_SKIPJACK_CFB8: - /* SKIPJACK, we use the wrap mechanism because we can do it on the hardware */ - err = PK11_WrapSymKey(CKM_SKIPJACK_WRAP, NULL, tek, bulkkey, encKey); - whichKEA = NSSCMSKEAUsesSkipjack; - break; - default: - /* Not SKIPJACK, we encrypt the raw key data */ - keaParams.nonSkipjackIV.data = - (unsigned char *)PORT_ArenaAlloc(arena, SMIME_FORTEZZA_IV_LENGTH); - keaParams.nonSkipjackIV.len = SMIME_FORTEZZA_IV_LENGTH; - err = PK11_WrapSymKey(CKM_SKIPJACK_CBC64, &keaParams.nonSkipjackIV, tek, bulkkey, encKey); - if (err != SECSuccess) - goto loser; - - if (encKey->len != PK11_GetKeyLength(bulkkey)) { - /* The size of the encrypted key is not the same as - that of the original bulk key, presumably due to - padding. Encode and store the real size of the - bulk key. */ - if (SEC_ASN1EncodeInteger(arena, &keaParams.bulkKeySize, PK11_GetKeyLength(bulkkey)) == NULL) - err = (SECStatus)PORT_GetError(); - else - /* use full template for encoding */ - whichKEA = NSSCMSKEAUsesNonSkipjackWithPaddedEncKey; - } - else - /* enc key length == bulk key length */ - whichKEA = NSSCMSKEAUsesNonSkipjack; - break; - } - - PK11_FreeSymKey(tek); - - if (err != SECSuccess) - goto loser; - - PORT_Assert(whichKEA != NSSCMSKEAInvalid); - - /* Encode the KEA parameters into the recipient info. */ - params = SEC_ASN1EncodeItem(poolp, NULL, &keaParams, nss_cms_get_kea_template(whichKEA)); - if (params == NULL) - goto loser; - - /* pass back the algorithm params */ - *pparams = params; - - rv = SECSuccess; - -loser: - if (arena) - PORT_FreeArena(arena, PR_FALSE); - if (publickey) - SECKEY_DestroyPublicKey(publickey); - if (ourPrivKey) - SECKEY_DestroyPrivateKey(ourPrivKey); - return rv; -} - -PK11SymKey * -NSS_CMSUtil_DecryptSymKey_MISSI(SECKEYPrivateKey *privkey, SECItem *encKey, SECAlgorithmID *keyEncAlg, SECOidTag bulkalgtag, void *pwfn_arg) -{ - /* fortezza: do a key exchange */ - SECStatus err; - CK_MECHANISM_TYPE bulkType; - PK11SymKey *tek; - SECKEYPublicKey *originatorPubKey; - NSSCMSSMIMEKEAParameters keaParams; - PK11SymKey *bulkkey; - int bulkLength; - - (void) memset(&keaParams, 0, sizeof(keaParams)); - - /* NOTE: this uses the SMIME v2 recipientinfo for compatibility. - All additional KEA parameters are DER-encoded in the encryption algorithm parameters */ - - /* Decode the KEA algorithm parameters. */ - err = SEC_ASN1DecodeItem(NULL, &keaParams, NSS_SMIMEKEAParamTemplateAllParams, - &(keyEncAlg->parameters)); - if (err != SECSuccess) - goto loser; - - /* get originator's public key */ - originatorPubKey = PK11_MakeKEAPubKey(keaParams.originatorKEAKey.data, - keaParams.originatorKEAKey.len); - if (originatorPubKey == NULL) - goto loser; - - /* Generate the TEK (token exchange key) which we use to unwrap the bulk encryption key. - The Derive function generates a shared secret and combines it with the originatorRA - data to come up with an unique session key */ - tek = PK11_PubDerive(privkey, originatorPubKey, PR_FALSE, - &keaParams.originatorRA, NULL, - CKM_KEA_KEY_DERIVE, CKM_SKIPJACK_WRAP, - CKA_WRAP, 0, pwfn_arg); - SECKEY_DestroyPublicKey(originatorPubKey); /* not needed anymore */ - if (tek == NULL) - goto loser; - - /* Now that we have the TEK, unwrap the bulk key - with which to decrypt the message. We have to - do one of two different things depending on - whether Skipjack was used for *bulk* encryption - of the message. */ - bulkType = PK11_AlgtagToMechanism(bulkalgtag); - switch (bulkType) { - case CKM_SKIPJACK_CBC64: - case CKM_SKIPJACK_ECB64: - case CKM_SKIPJACK_OFB64: - case CKM_SKIPJACK_CFB64: - case CKM_SKIPJACK_CFB32: - case CKM_SKIPJACK_CFB16: - case CKM_SKIPJACK_CFB8: - /* Skipjack is being used as the bulk encryption algorithm.*/ - /* Unwrap the bulk key. */ - bulkkey = PK11_UnwrapSymKey(tek, CKM_SKIPJACK_WRAP, NULL, - encKey, CKM_SKIPJACK_CBC64, CKA_DECRYPT, 0); - break; - default: - /* Skipjack was not used for bulk encryption of this - message. Use Skipjack CBC64, with the nonSkipjackIV - part of the KEA key parameters, to decrypt - the bulk key. If the optional parameter bulkKeySize is present, - bulk key size is different than the encrypted key size */ - if (keaParams.bulkKeySize.len > 0) { - err = SEC_ASN1DecodeItem(NULL, &bulkLength, - SEC_ASN1_GET(SEC_IntegerTemplate), - &keaParams.bulkKeySize); - if (err != SECSuccess) - goto loser; - } - - bulkkey = PK11_UnwrapSymKey(tek, CKM_SKIPJACK_CBC64, &keaParams.nonSkipjackIV, - encKey, bulkType, CKA_DECRYPT, bulkLength); - break; - } - return bulkkey; -loser: - return NULL; -} - /* ====== ESDH (Ephemeral-Static Diffie-Hellman) ==================================== */ SECStatus diff --git a/mozilla/security/nss/lib/smime/cmsrecinfo.c b/mozilla/security/nss/lib/smime/cmsrecinfo.c index b974ad4d152..0767454eff1 100644 --- a/mozilla/security/nss/lib/smime/cmsrecinfo.c +++ b/mozilla/security/nss/lib/smime/cmsrecinfo.c @@ -37,7 +37,7 @@ /* * CMS recipientInfo methods. * - * $Id: cmsrecinfo.c,v 1.20 2008-06-06 01:16:18 wtc%google.com Exp $ + * $Id: cmsrecinfo.c,v 1.21 2011-08-21 01:14:18 wtc%google.com Exp $ */ #include "cmslocal.h" @@ -579,11 +579,6 @@ NSS_CMSRecipientInfo_UnwrapBulkKey(NSSCMSRecipientInfo *ri, int subIndex, /* get the symmetric (bulk) key by unwrapping it using our private key */ bulkkey = NSS_CMSUtil_DecryptSymKey_RSA(privkey, enckey, bulkalgtag); break; - case SEC_OID_NETSCAPE_SMIME_KEA: - /* FORTEZZA key exchange algorithm */ - /* the supplemental data is in the parameters of encalg */ - bulkkey = NSS_CMSUtil_DecryptSymKey_MISSI(privkey, enckey, encalg, bulkalgtag, ri->cmsg->pwfn_arg); - break; default: error = SEC_ERROR_UNSUPPORTED_KEYALG; goto loser; @@ -604,6 +599,7 @@ NSS_CMSRecipientInfo_UnwrapBulkKey(NSSCMSRecipientInfo *ri, int subIndex, /* content encryption key using a Unwrap op */ /* the derive operation has to generate the key using the algorithm in RFC2631 */ error = SEC_ERROR_UNSUPPORTED_KEYALG; + goto loser; break; default: error = SEC_ERROR_UNSUPPORTED_KEYALG; @@ -623,6 +619,7 @@ NSS_CMSRecipientInfo_UnwrapBulkKey(NSSCMSRecipientInfo *ri, int subIndex, return bulkkey; loser: + PORT_SetError(error); return NULL; } diff --git a/mozilla/security/nss/lib/smime/cmssiginfo.c b/mozilla/security/nss/lib/smime/cmssiginfo.c index 4466be80bae..fe514398984 100644 --- a/mozilla/security/nss/lib/smime/cmssiginfo.c +++ b/mozilla/security/nss/lib/smime/cmssiginfo.c @@ -38,7 +38,7 @@ /* * CMS signerInfo methods. * - * $Id: cmssiginfo.c,v 1.34 2011-02-07 18:32:19 nelson%bolyard.com Exp $ + * $Id: cmssiginfo.c,v 1.35 2011-08-21 01:14:18 wtc%google.com Exp $ */ #include "cmslocal.h" @@ -215,11 +215,6 @@ NSS_CMSSignerInfo_Sign(NSSCMSSignerInfo *signerinfo, SECItem *digest, SECOID_DestroyAlgorithmID(&freeAlgID, PR_FALSE); } - /* Fortezza MISSI have weird signature formats. - * Map them to standard DSA formats - */ - pubkAlgTag = PK11_FortezzaMapSig(pubkAlgTag); - if (signerinfo->authAttr != NULL) { SECOidTag signAlgTag; SECItem encoded_attrs; @@ -784,8 +779,7 @@ NSS_CMSSignerInfo_AddSMIMECaps(NSSCMSSignerInfo *signerinfo) goto loser; /* create new signing time attribute */ - if (NSS_SMIMEUtil_CreateSMIMECapabilities(poolp, smimecaps, - PK11_FortezzaHasKEA(signerinfo->cert)) != SECSuccess) + if (NSS_SMIMEUtil_CreateSMIMECapabilities(poolp, smimecaps) != SECSuccess) goto loser; if ((attr = NSS_CMSAttribute_Create(poolp, SEC_OID_PKCS9_SMIME_CAPABILITIES, smimecaps, PR_TRUE)) == NULL) diff --git a/mozilla/security/nss/lib/smime/cmst.h b/mozilla/security/nss/lib/smime/cmst.h index 12276268502..1b701a61c50 100644 --- a/mozilla/security/nss/lib/smime/cmst.h +++ b/mozilla/security/nss/lib/smime/cmst.h @@ -37,7 +37,7 @@ /* * Header for CMS types. * - * $Id: cmst.h,v 1.13 2011-02-11 01:53:17 emaldona%redhat.com Exp $ + * $Id: cmst.h,v 1.14 2011-08-21 01:14:18 wtc%google.com Exp $ */ #ifndef _CMST_H_ @@ -100,8 +100,6 @@ typedef struct NSSCMSEncryptedDataStr NSSCMSEncryptedData; typedef struct NSSCMSGenericWrapperDataStr NSSCMSGenericWrapperData; -typedef struct NSSCMSSMIMEKEAParametersStr NSSCMSSMIMEKEAParameters; - typedef struct NSSCMSAttributeStr NSSCMSAttribute; typedef struct NSSCMSDecoderContextStr NSSCMSDecoderContext; @@ -511,38 +509,6 @@ struct NSSCMSEncryptedDataStr { #define NSS_CMS_ENCRYPTED_DATA_VERSION 0 /* what we *create* */ #define NSS_CMS_ENCRYPTED_DATA_VERSION_UPATTR 2 /* what we *create* */ -/* ============================================================================= - * FORTEZZA KEA - */ - -/* An enumerated type used to select templates based on the encryption - scenario and data specifics. */ -typedef enum { - NSSCMSKEAInvalid = -1, - NSSCMSKEAUsesSkipjack = 0, - NSSCMSKEAUsesNonSkipjack = 1, - NSSCMSKEAUsesNonSkipjackWithPaddedEncKey = 2 -} NSSCMSKEATemplateSelector; - -/* ### mwelch - S/MIME KEA parameters. These don't really fit here, - but I cannot think of a more appropriate place at this time. */ -struct NSSCMSSMIMEKEAParametersStr { - SECItem originatorKEAKey; /* sender KEA key (encrypted?) */ - SECItem originatorRA; /* random number generated by sender */ - SECItem nonSkipjackIV; /* init'n vector for SkipjackCBC64 - decryption of KEA key if Skipjack - is not the bulk algorithm used on - the message */ - SECItem bulkKeySize; /* if Skipjack is not the bulk - algorithm used on the message, - and the size of the bulk encryption - key is not the same as that of - originatorKEAKey (due to padding - perhaps), this field will contain - the real size of the bulk encryption - key. */ -}; - /* * ***************************************************************************** * ***************************************************************************** diff --git a/mozilla/security/nss/lib/smime/smime.h b/mozilla/security/nss/lib/smime/smime.h index 2ae566dc408..1d60077a773 100644 --- a/mozilla/security/nss/lib/smime/smime.h +++ b/mozilla/security/nss/lib/smime/smime.h @@ -38,7 +38,7 @@ * Header file for routines specific to S/MIME. Keep things that are pure * pkcs7 out of here; this is for S/MIME policy, S/MIME interoperability, etc. * - * $Id: smime.h,v 1.10 2011-08-01 07:08:09 kaie%kuix.de Exp $ + * $Id: smime.h,v 1.11 2011-08-21 01:14:18 wtc%google.com Exp $ */ #ifndef _SECMIME_H_ @@ -126,7 +126,7 @@ extern PRBool NSS_SMIMEUtil_EncryptionPossible(void); * scans the list of allowed and enabled ciphers and construct a PKCS9-compliant * S/MIME capabilities attribute value. */ -extern SECStatus NSS_SMIMEUtil_CreateSMIMECapabilities(PLArenaPool *poolp, SECItem *dest, PRBool includeFortezzaCiphers); +extern SECStatus NSS_SMIMEUtil_CreateSMIMECapabilities(PLArenaPool *poolp, SECItem *dest); /* * NSS_SMIMEUtil_CreateSMIMEEncKeyPrefs - create S/MIME encryption key preferences attr value diff --git a/mozilla/security/nss/lib/smime/smimeutil.c b/mozilla/security/nss/lib/smime/smimeutil.c index 40c7da19c5e..39736f95730 100644 --- a/mozilla/security/nss/lib/smime/smimeutil.c +++ b/mozilla/security/nss/lib/smime/smimeutil.c @@ -37,7 +37,7 @@ /* * Stuff specific to S/MIME policy and interoperability. * - * $Id: smimeutil.c,v 1.21 2011-08-01 07:08:09 kaie%kuix.de Exp $ + * $Id: smimeutil.c,v 1.22 2011-08-21 01:14:18 wtc%google.com Exp $ */ #include "secmime.h" @@ -152,8 +152,7 @@ static smime_cipher_map_entry smime_cipher_map[] = { { SMIME_RC2_CBC_64, SEC_OID_RC2_CBC, ¶m_int64, PR_TRUE, PR_TRUE }, { SMIME_RC2_CBC_128, SEC_OID_RC2_CBC, ¶m_int128, PR_TRUE, PR_TRUE }, { SMIME_DES_EDE3_168, SEC_OID_DES_EDE3_CBC, NULL, PR_TRUE, PR_TRUE }, - { SMIME_AES_CBC_128, SEC_OID_AES_128_CBC, NULL, PR_TRUE, PR_TRUE }, - { SMIME_FORTEZZA, SEC_OID_FORTEZZA_SKIPJACK, NULL, PR_TRUE, PR_TRUE } + { SMIME_AES_CBC_128, SEC_OID_AES_128_CBC, NULL, PR_TRUE, PR_TRUE } }; static const int smime_cipher_map_count = sizeof(smime_cipher_map) / sizeof(smime_cipher_map_entry); @@ -273,10 +272,8 @@ nss_smime_get_cipher_for_alg_and_key(SECAlgorithmID *algid, PK11SymKey *key, uns case SEC_OID_AES_128_CBC: c = SMIME_AES_CBC_128; break; - case SEC_OID_FORTEZZA_SKIPJACK: - c = SMIME_FORTEZZA; - break; default: + PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); return SECFailure; } *cipher = c; @@ -393,7 +390,6 @@ smime_choose_cipher(CERTCertificate *scert, CERTCertificate **rcerts) int weak_mapi; int strong_mapi; int rcount, mapi, max, i; - PRBool scert_is_fortezza = (scert == NULL) ? PR_FALSE : PK11_FortezzaHasKEA(scert); chosen_cipher = SMIME_RC2_CBC_40; /* the default, LCD */ weak_mapi = smime_mapi_by_cipher(chosen_cipher); @@ -407,14 +403,8 @@ smime_choose_cipher(CERTCertificate *scert, CERTCertificate **rcerts) if (cipher_votes == NULL || cipher_abilities == NULL) goto done; - /* If the user has the Fortezza preference turned on, make - * that the strong cipher. Otherwise, use triple-DES. */ + /* Make triple-DES the strong cipher. */ strong_mapi = smime_mapi_by_cipher (SMIME_DES_EDE3_168); - if (scert_is_fortezza) { - mapi = smime_mapi_by_cipher(SMIME_FORTEZZA); - if (mapi >= 0 && smime_cipher_map[mapi].enabled) - strong_mapi = mapi; - } /* walk all the recipient's certs */ for (rcount = 0; rcerts[rcount] != NULL; rcount++) { @@ -498,9 +488,6 @@ smime_choose_cipher(CERTCertificate *scert, CERTCertificate **rcerts) /* if cipher is not enabled or not allowed by policy, forget it */ if (!smime_cipher_map[mapi].enabled || !smime_cipher_map[mapi].allowed) continue; - /* if we're not doing fortezza, but the cipher is fortezza, forget it */ - if (!scert_is_fortezza && (smime_cipher_map[mapi].cipher == SMIME_FORTEZZA)) - continue; /* now see if this one has more votes than the last best one */ if (cipher_votes[mapi] >= max) { /* if equal number of votes, prefer the ones further down in the list */ @@ -541,7 +528,6 @@ smime_keysize_by_cipher (unsigned long which) break; case SMIME_DES_CBC_56: case SMIME_DES_EDE3_168: - case SMIME_FORTEZZA: /* * These are special; since the key size is fixed, we actually * want to *avoid* specifying a key size. @@ -588,10 +574,9 @@ NSS_SMIMEUtil_FindBulkAlgForRecipients(CERTCertificate **rcerts, SECOidTag *bulk * * "poolp" - arena pool to create the S/MIME capabilities data on * "dest" - SECItem to put the data in - * "includeFortezzaCiphers" - PR_TRUE if fortezza ciphers should be included */ SECStatus -NSS_SMIMEUtil_CreateSMIMECapabilities(PLArenaPool *poolp, SECItem *dest, PRBool includeFortezzaCiphers) +NSS_SMIMEUtil_CreateSMIMECapabilities(PLArenaPool *poolp, SECItem *dest) { NSSSMIMECapability *cap; NSSSMIMECapability **smime_capabilities; @@ -619,12 +604,6 @@ NSS_SMIMEUtil_CreateSMIMECapabilities(PLArenaPool *poolp, SECItem *dest, PRBool if (!map->enabled) continue; - /* If we're using a non-Fortezza cert, only advertise non-Fortezza - capabilities. (We advertise all capabilities if we have a - Fortezza cert.) */ - if ((!includeFortezzaCiphers) && (map->cipher == SMIME_FORTEZZA)) - continue; - /* get next SMIME capability */ cap = (NSSSMIMECapability *)PORT_ZAlloc(sizeof(NSSSMIMECapability)); if (cap == NULL) diff --git a/mozilla/security/nss/tests/ssl/sslcov.txt b/mozilla/security/nss/tests/ssl/sslcov.txt index fcfeb938d47..5abde3d6b95 100644 --- a/mozilla/security/nss/tests/ssl/sslcov.txt +++ b/mozilla/security/nss/tests/ssl/sslcov.txt @@ -48,14 +48,11 @@ noECC TLS E SSL2_DES_64_CBC_WITH_MD5 noECC noTLS F SSL2_DES_192_EDE3_CBC_WITH_MD5 # -# noECC noTLS a SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA -# noECC noTLS b SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA noECC noTLS c SSL3_RSA_WITH_RC4_128_MD5 noECC noTLS d SSL3_RSA_WITH_3DES_EDE_CBC_SHA noECC noTLS e SSL3_RSA_WITH_DES_CBC_SHA noECC noTLS f SSL3_RSA_EXPORT_WITH_RC4_40_MD5 noECC noTLS g SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5 -# noECC noTLS h SSL3_FORTEZZA_DMS_WITH_NULL_SHA noECC noTLS i SSL3_RSA_WITH_NULL_MD5 noECC noTLS j SSL3_RSA_FIPS_WITH_3DES_EDE_CBC_SHA noECC noTLS k SSL3_RSA_FIPS_WITH_DES_CBC_SHA