OLD | NEW |
| (Empty) |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "chrome/browser/importer/nss_decryptor_system_nss.h" | |
6 | |
7 #include <pk11pub.h> | |
8 #include <pk11sdr.h> | |
9 | |
10 #include "base/basictypes.h" | |
11 #include "base/files/file_path.h" | |
12 #include "base/strings/stringprintf.h" | |
13 #include "base/strings/sys_string_conversions.h" | |
14 #include "crypto/nss_util.h" | |
15 | |
16 NSSDecryptor::NSSDecryptor() : is_nss_initialized_(false), db_slot_(NULL) {} | |
17 NSSDecryptor::~NSSDecryptor() { | |
18 if (db_slot_) { | |
19 // Deliberately leave the user db open, just in case we need to open more | |
20 // than one, because there's an NSS bug with reopening user dbs. | |
21 // https://bugzilla.mozilla.org/show_bug.cgi?id=506140 | |
22 // SECMOD_CloseUserDB(db_slot_); | |
23 PK11_FreeSlot(db_slot_); | |
24 } | |
25 } | |
26 | |
27 bool NSSDecryptor::Init(const base::FilePath& dll_path, | |
28 const base::FilePath& db_path) { | |
29 crypto::EnsureNSSInit(); | |
30 is_nss_initialized_ = true; | |
31 const std::string modspec = | |
32 base::StringPrintf( | |
33 "configDir='%s' tokenDescription='Firefox NSS database' " | |
34 "flags=readOnly", | |
35 db_path.value().c_str()); | |
36 db_slot_ = SECMOD_OpenUserDB(modspec.c_str()); | |
37 return db_slot_ != NULL; | |
38 } | |
39 | |
40 // This method is based on some NSS code in | |
41 // security/nss/lib/pk11wrap/pk11sdr.c, CVS revision 1.22 | |
42 // This code is copied because the implementation assumes the use of the | |
43 // internal key slot for decryption, but we need to use another slot. | |
44 // The license block is: | |
45 /* ***** BEGIN LICENSE BLOCK ***** | |
46 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | |
47 * | |
48 * The contents of this file are subject to the Mozilla Public License Version | |
49 * 1.1 (the "License"); you may not use this file except in compliance with | |
50 * the License. You may obtain a copy of the License at | |
51 * http://www.mozilla.org/MPL/ | |
52 * | |
53 * Software distributed under the License is distributed on an "AS IS" basis, | |
54 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License | |
55 * for the specific language governing rights and limitations under the | |
56 * License. | |
57 * | |
58 * The Original Code is the Netscape security libraries. | |
59 * | |
60 * The Initial Developer of the Original Code is | |
61 * Netscape Communications Corporation. | |
62 * Portions created by the Initial Developer are Copyright (C) 1994-2000 | |
63 * the Initial Developer. All Rights Reserved. | |
64 * | |
65 * Contributor(s): | |
66 * thayes@netscape.com | |
67 * | |
68 * Alternatively, the contents of this file may be used under the terms of | |
69 * either the GNU General Public License Version 2 or later (the "GPL"), or | |
70 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), | |
71 * in which case the provisions of the GPL or the LGPL are applicable instead | |
72 * of those above. If you wish to allow use of your version of this file only | |
73 * under the terms of either the GPL or the LGPL, and not to allow others to | |
74 * use your version of this file under the terms of the MPL, indicate your | |
75 * decision by deleting the provisions above and replace them with the notice | |
76 * and other provisions required by the GPL or the LGPL. If you do not delete | |
77 * the provisions above, a recipient may use your version of this file under | |
78 * the terms of any one of the MPL, the GPL or the LGPL. | |
79 * | |
80 * ***** END LICENSE BLOCK ***** */ | |
81 | |
82 /* | |
83 * Data structure and template for encoding the result of an SDR operation | |
84 * This is temporary. It should include the algorithm ID of the encryption | |
85 * mechanism | |
86 */ | |
87 struct SDRResult | |
88 { | |
89 SECItem keyid; | |
90 SECAlgorithmID alg; | |
91 SECItem data; | |
92 }; | |
93 typedef struct SDRResult SDRResult; | |
94 | |
95 static SEC_ASN1Template g_template[] = { | |
96 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof (SDRResult) }, | |
97 { SEC_ASN1_OCTET_STRING, offsetof(SDRResult, keyid) }, | |
98 { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(SDRResult, alg), | |
99 SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, | |
100 { SEC_ASN1_OCTET_STRING, offsetof(SDRResult, data) }, | |
101 { 0 } | |
102 }; | |
103 | |
104 static SECStatus | |
105 unpadBlock(SECItem *data, int blockSize, SECItem *result) | |
106 { | |
107 SECStatus rv = SECSuccess; | |
108 int padLength; | |
109 int i; | |
110 | |
111 result->data = 0; | |
112 result->len = 0; | |
113 | |
114 /* Remove the padding from the end if the input data */ | |
115 if (data->len == 0 || data->len % blockSize != 0) { | |
116 rv = SECFailure; | |
117 goto loser; | |
118 } | |
119 | |
120 padLength = data->data[data->len-1]; | |
121 if (padLength > blockSize) { rv = SECFailure; goto loser; } | |
122 | |
123 /* verify padding */ | |
124 for (i=data->len - padLength; static_cast<uint32>(i) < data->len; i++) { | |
125 if (data->data[i] != padLength) { | |
126 rv = SECFailure; | |
127 goto loser; | |
128 } | |
129 } | |
130 | |
131 result->len = data->len - padLength; | |
132 result->data = (unsigned char *)PORT_Alloc(result->len); | |
133 if (!result->data) { rv = SECFailure; goto loser; } | |
134 | |
135 PORT_Memcpy(result->data, data->data, result->len); | |
136 | |
137 if (padLength < 2) { | |
138 return SECWouldBlock; | |
139 } | |
140 | |
141 loser: | |
142 return rv; | |
143 } | |
144 | |
145 /* decrypt a block */ | |
146 static SECStatus | |
147 pk11Decrypt(PK11SlotInfo *slot, PLArenaPool *arena, | |
148 CK_MECHANISM_TYPE type, PK11SymKey *key, | |
149 SECItem *params, SECItem *in, SECItem *result) | |
150 { | |
151 PK11Context *ctx = 0; | |
152 SECItem paddedResult; | |
153 SECStatus rv; | |
154 | |
155 paddedResult.len = 0; | |
156 paddedResult.data = 0; | |
157 | |
158 ctx = PK11_CreateContextBySymKey(type, CKA_DECRYPT, key, params); | |
159 if (!ctx) { rv = SECFailure; goto loser; } | |
160 | |
161 paddedResult.len = in->len; | |
162 paddedResult.data = static_cast<unsigned char*>( | |
163 PORT_ArenaAlloc(arena, paddedResult.len)); | |
164 | |
165 rv = PK11_CipherOp(ctx, paddedResult.data, | |
166 (int*)&paddedResult.len, paddedResult.len, | |
167 in->data, in->len); | |
168 if (rv != SECSuccess) goto loser; | |
169 | |
170 PK11_Finalize(ctx); | |
171 | |
172 /* Remove the padding */ | |
173 rv = unpadBlock(&paddedResult, PK11_GetBlockSize(type, 0), result); | |
174 if (rv) goto loser; | |
175 | |
176 loser: | |
177 if (ctx) PK11_DestroyContext(ctx, PR_TRUE); | |
178 return rv; | |
179 } | |
180 | |
181 SECStatus NSSDecryptor::PK11SDR_DecryptWithSlot( | |
182 PK11SlotInfo* slot, SECItem* data, SECItem* result, void* cx) const { | |
183 SECStatus rv = SECSuccess; | |
184 PK11SymKey *key = 0; | |
185 CK_MECHANISM_TYPE type; | |
186 SDRResult sdrResult; | |
187 SECItem *params = 0; | |
188 SECItem possibleResult = { siBuffer, NULL, 0 }; | |
189 PLArenaPool *arena = 0; | |
190 | |
191 arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE); | |
192 if (!arena) { rv = SECFailure; goto loser; } | |
193 | |
194 /* Decode the incoming data */ | |
195 memset(&sdrResult, 0, sizeof sdrResult); | |
196 rv = SEC_QuickDERDecodeItem(arena, &sdrResult, g_template, data); | |
197 if (rv != SECSuccess) goto loser; /* Invalid format */ | |
198 | |
199 /* Get the parameter values from the data */ | |
200 params = PK11_ParamFromAlgid(&sdrResult.alg); | |
201 if (!params) { rv = SECFailure; goto loser; } | |
202 | |
203 /* Use triple-DES (Should look up the algorithm) */ | |
204 type = CKM_DES3_CBC; | |
205 key = PK11_FindFixedKey(slot, type, &sdrResult.keyid, cx); | |
206 if (!key) { | |
207 rv = SECFailure; | |
208 } else { | |
209 rv = pk11Decrypt(slot, arena, type, key, params, | |
210 &sdrResult.data, result); | |
211 } | |
212 | |
213 /* | |
214 * if the pad value was too small (1 or 2), then it's statistically | |
215 * 'likely' that (1 in 256) that we may not have the correct key. | |
216 * Check the other keys for a better match. If we find none, use | |
217 * this result. | |
218 */ | |
219 if (rv == SECWouldBlock) | |
220 possibleResult = *result; | |
221 | |
222 /* | |
223 * handle the case where your key indicies may have been broken | |
224 */ | |
225 if (rv != SECSuccess) { | |
226 PK11SymKey *keyList = PK11_ListFixedKeysInSlot(slot, NULL, cx); | |
227 PK11SymKey *testKey = NULL; | |
228 PK11SymKey *nextKey = NULL; | |
229 | |
230 for (testKey = keyList; testKey; | |
231 testKey = PK11_GetNextSymKey(testKey)) { | |
232 rv = pk11Decrypt(slot, arena, type, testKey, params, | |
233 &sdrResult.data, result); | |
234 if (rv == SECSuccess) | |
235 break; | |
236 | |
237 /* found a close match. If it's our first remember it */ | |
238 if (rv == SECWouldBlock) { | |
239 if (possibleResult.data) { | |
240 /* this is unlikely but possible. If we hit this condition, | |
241 * we have no way of knowing which possibility to prefer. | |
242 * in this case we just match the key the application | |
243 * thought was the right one */ | |
244 SECITEM_ZfreeItem(result, PR_FALSE); | |
245 } else { | |
246 possibleResult = *result; | |
247 } | |
248 } | |
249 } | |
250 | |
251 /* free the list */ | |
252 for (testKey = keyList; testKey; testKey = nextKey) { | |
253 nextKey = PK11_GetNextSymKey(testKey); | |
254 PK11_FreeSymKey(testKey); | |
255 } | |
256 } | |
257 | |
258 /* we didn't find a better key, use the one with a small pad value */ | |
259 if ((rv != SECSuccess) && (possibleResult.data)) { | |
260 *result = possibleResult; | |
261 possibleResult.data = NULL; | |
262 rv = SECSuccess; | |
263 } | |
264 | |
265 loser: | |
266 if (arena) PORT_FreeArena(arena, PR_TRUE); | |
267 if (key) PK11_FreeSymKey(key); | |
268 if (params) SECITEM_ZfreeItem(params, PR_TRUE); | |
269 if (possibleResult.data) SECITEM_ZfreeItem(&possibleResult, PR_FALSE); | |
270 | |
271 return rv; | |
272 } | |
OLD | NEW |