25 #define MAC_KEYSIZE_BUG
33 { NULL, 0 }, { NULL, 0 }
53 static
int getPermittedActions(
IN_FLAGS( PKCS15_USAGE )
const int usageFlags,
84 ( usageFlags & ( PKCS15_USAGE_SIGN | PKCS15_USAGE_VERIFY ) ) ) )
128 assert(
isReadPtr( keyID, keyIDlength ) );
131 assert(
isWritePtr( pubkeyActionFlags,
sizeof(
int ) ) );
132 assert(
isWritePtr( privkeyActionFlags,
sizeof(
int ) ) );
137 keyIDtype == CRYPT_IKEYID_KEYID || \
138 keyIDtype == CRYPT_IKEYID_PGPKEYID || \
139 keyIDtype == CRYPT_IKEYID_ISSUERID );
158 #ifdef USE_CERTIFICATES
159 if( pkcs15infoPtr->certData != NULL )
164 status = iCryptImportCertIndirect( &iCryptContext,
165 iCryptKeysetCallback, keyIDtype, keyID,
166 keyIDlength, publicComponentsOnly ? \
173 "Couldn't recreate certificate from stored "
174 "certificate data" ) );
176 if( !publicComponentsOnly )
184 status = dynCreate( &pubKeyDB, iDataCert,
185 CRYPT_IATTRIBUTE_SPKI );
188 sMemConnect( &stream,
dynData( pubKeyDB ),
190 status = iCryptReadSubjectPublicKey( &stream, &iCryptContext,
191 iDeviceObject,
TRUE );
192 sMemDisconnect( &stream );
193 dynDestroy( &pubKeyDB );
199 "Couldn't recreate public key from "
207 const int pubKeyStartOffset = pkcs15infoPtr->
pubKeyOffset;
213 pubKeyTotalSize - pubKeyStartOffset,
215 sMemConnect( &stream,
216 (
BYTE * ) pkcs15infoPtr->pubKeyData + pubKeyStartOffset,
217 pubKeyTotalSize - pubKeyStartOffset );
218 status = iCryptReadSubjectPublicKey( &stream, &iCryptContext,
220 !publicComponentsOnly );
221 sMemDisconnect( &stream );
226 "Couldn't recreate public key from stored public key "
239 if(
cryptStatusOK( status ) && pkcs15infoPtr->pubKeyData != NULL )
241 status = getPermittedActions( pkcs15infoPtr->
pubKeyUsage, pkcAlgo,
246 status = getPermittedActions( pkcs15infoPtr->
privKeyUsage, pkcAlgo,
247 privkeyActionFlags );
256 "Public/private key usage flags don't allow any type of "
262 *iDataCertPtr = iDataCert;
280 const void *encryptedKeyData,
291 assert(
isReadPtr( encryptedKeyData, encryptedKeyDataSize ) );
292 assert(
isReadPtr( password, passwordLength ) );
296 REQUIRES( encryptedKeyDataSize >= 16 && \
356 status = iCryptImportKey( encryptedKeyData, encryptedKeyDataSize,
380 #ifdef MAC_KEYSIZE_BUG
396 *iCryptContext = *iMacContext = *iMacAltContext =
CRYPT_ERROR;
401 sMemConnect( &stream,
404 status = readContextAlgoID( &stream, &iAuthEncCryptContext, NULL,
406 sMemDisconnect( &stream );
409 sMemConnect( &stream,
412 status = readContextAlgoID( &stream, &iAuthEncMacContext, NULL,
414 sMemDisconnect( &stream );
431 "authentication", 14 );
456 #ifdef MAC_KEYSIZE_BUG
484 "authentication", 14 );
501 *iMacAltContext = iAuthEncMacAltContext;
504 *iCryptContext = iAuthEncCryptContext;
505 *iMacContext = iAuthEncMacContext;
513 int readPrivateKeyComponents(
const PKCS15_INFO *pkcs15infoPtr,
516 const void *password,
522 #ifdef MAC_KEYSIZE_BUG
538 assert( ( isStorageObject && \
539 password == NULL && passwordLength == 0 ) || \
540 ( !isStorageObject && \
541 isReadPtr( password, passwordLength ) ) );
545 password == NULL && passwordLength == 0 ) || \
546 ( !isStorageObject && \
555 privKeyTotalSize - privKeyStartOffset,
556 privKeyTotalSize ) );
557 sMemConnect( &stream,
558 (
BYTE * ) pkcs15infoPtr->privKeyData + privKeyStartOffset,
559 privKeyTotalSize - privKeyStartOffset );
560 status = tag = peekTag( &stream );
563 if( isStorageObject )
574 sMemDisconnect( &stream );
577 "Expected device storage ID, not item type %02X",
580 readSequence( &stream, NULL );
583 sMemDisconnect( &stream );
588 &msgData, CRYPT_IATTRIBUTE_DEVICESTORAGEID ) );
598 "Unrecognised private-key protection type %02X",
602 readConstructed( &stream, NULL,
606 status = readSet( &stream, NULL );
608 status = queryAsn1Object( &stream, &queryInfo );
614 sMemDisconnect( &stream );
618 "Invalid encrypted private key data header" ) );
620 status = sMemGetDataBlock( &stream, &encryptedKey, queryInfo.
size );
622 status = readUniversal( &stream );
625 sMemDisconnect( &stream );
633 status = readCMSencrHeader( &stream, dataOIDinfo,
635 &contentQueryInfo, isAuthEnc ? \
640 encryptedContentLength = contentQueryInfo.size;
641 status = sMemGetDataBlock( &stream, &encryptedContent,
642 encryptedContentLength );
644 status = sSkip( &stream, encryptedContentLength );
660 sMemDisconnect( &stream );
667 "Invalid encrypted private key data" ) );
671 status = importSessionKey( iCryptContext, encryptedKey, queryInfo.
size,
672 password, passwordLength, &queryInfo );
680 "Couldn't import the session key used to protect the "
691 status = initKeys( iGenericContext, &iCryptContext, &iMacContext,
692 &iMacAltContext, &contentQueryInfo );
699 "Couldn't recreate encryption and MAC keys needed to "
700 "unwrap the private key" ) );
710 encryptedContent, encryptedContentLength );
725 #ifdef MAC_KEYSIZE_BUG
732 encryptedContentLength );
760 "Private-key integrity check failed" ) );
766 encryptedContentLength, NULL, 0, iPrivKeyContext,
782 "Couldn't unwrap private key, probably due to "
783 "incorrect decryption key being used" ) );
788 "Private key data corrupted or invalid" ) );
793 "Private key components failed validity check" ) );
798 "Couldn't unwrap/import private key" ) );