25 #define MAX_CONTENT_ITEMS FAILSAFE_ITERATIONS_LARGE - 1
42 assert( contentListPtr == NULL || \
45 for( contentListCount = 0;
47 contentListPtr = contentListPtr->next, contentListCount++ );
48 ENSURES_B( contentListCount < FAILSAFE_ITERATIONS_LARGE );
66 assert(
isWritePtr( newContentListItemPtrPtr, \
69 assert( objectSize == 0 ||
isReadPtr(
object, objectSize ) );
74 REQUIRES( (
object == NULL && objectSize == 0 ) || \
78 if( ( newItem = getMemPool( memPoolState, \
84 newItem->object = object;
92 *newContentListItemPtrPtr = newItem;
103 CONTENT_LIST *contentListPtr = envelopeInfoPtr->contentList;
106 assert( contentListPtr == NULL || \
110 if( contentListPtr != NULL )
112 int iterationCount = 0;
114 for( contentListPtr = envelopeInfoPtr->contentList, \
116 contentListPtr->
next != NULL && \
118 contentListPtr = contentListPtr->
next, iterationCount++ );
122 contentListItem, contentListItem );
139 for( contentListCursor = *contentListHeadPtrPtr, iterationCount = 0;
140 contentListCursor != NULL && \
146 contentListCursor = contentListCursor->
next;
163 if( contentListItem->object != NULL )
165 void *contentPtr = (
void * ) contentListItem->object;
171 clFree(
"deleteContentList", contentPtr );
174 freeMemPool( memPoolState, contentListItem );
176 ENSURES( iterationCount < FAILSAFE_ITERATIONS_LARGE );
178 *contentListHeadPtrPtr = NULL;
193 IN_BUFFER( timestampLength )
const void *timestamp,
195 const int timestampLength )
204 assert(
isReadPtr( timestamp, timestampLength ) );
245 contentListPtr->clSigInfo.iTimestamp = iTimestampEnvelope;
257 const void *unauthAttr,
259 const int unauthAttrLength )
262 int iterationCount,
status;
265 assert(
isReadPtr( unauthAttr, unauthAttrLength ) );
274 unauthAttrLength ) ) )
278 sMemConnect( &stream, unauthAttr, unauthAttrLength );
279 status = readConstructed( &stream, NULL, 1 );
280 for( iterationCount = 0;
291 readSequence( &stream, NULL );
292 status = readEncodedOID( &stream, oid,
MAX_OID_SIZE, &oidLength,
295 status = readSet( &stream, &length );
303 status = readUniversal( &stream );
324 status = sMemGetDataBlock( &stream, &dataPtr, length );
326 status = sSkip( &stream, length );
328 status = processTimestamp( contentListPtr, dataPtr, length );
331 ENSURES( iterationCount < FAILSAFE_ITERATIONS_LARGE );
332 sMemDisconnect( &stream );
364 status = iCryptCheckSignature( contentListPtr->object,
365 contentListPtr->objectSize,
374 ( status, errorInfo,
"Signature verification failed" ) );
382 int signatureContentType;
385 &signatureContentType,
388 signatureContentType != contentType )
392 "Content-type in authenticated attributes doesn't "
393 "match actual content type" ) );
401 if( sigInfo->extraData2 != NULL )
403 const int localStatus = \
404 processUnauthAttributes( contentListPtr, sigInfo->extraData2,
410 "Invalid unauthenticated attribute data") );
438 actionResult = checkAction( envelopeInfoPtr->actionList, action,
443 return( addAction( &envelopeInfoPtr->actionList,
444 envelopeInfoPtr->memPoolState, action,
483 for( contentListPtr = envelopeInfoPtr->contentList, iterationCount = 0;
484 contentListPtr != NULL && \
486 iterationCount < FAILSAFE_ITERATIONS_LARGE;
487 contentListPtr = contentListPtr->
next, iterationCount++ );
488 ENSURES( iterationCount < FAILSAFE_ITERATIONS_LARGE );
489 if( contentListPtr == NULL )
501 encrInfo = &contentListPtr->clEncrInfo;
502 return( initEnvelopeEncryption( envelopeInfoPtr, iSessionKeyContext,
511 authEncInfo = &contentListPtr->clAuthEncInfo;
516 sMemConnect( &stream, authEncInfo->encParamData,
518 status = readContextAlgoID( &stream, &iAuthEncCryptContext, NULL,
520 sMemDisconnect( &stream );
523 sMemConnect( &stream, authEncInfo->macParamData,
525 status = readContextAlgoID( &stream, &iAuthEncMacContext, NULL,
527 sMemDisconnect( &stream );
563 encrInfo = &localEncrInfo;
575 "authentication", 14 );
588 status = initEnvelopeEncryption( envelopeInfoPtr,
589 iAuthEncCryptContext, encrInfo->
cryptAlgo,
613 *iCryptContext = iAuthEncCryptContext;
614 *iMacContext = iAuthEncMacContext;
631 const BOOLEAN isRecoveredSessionKey )
645 if( isRecoveredSessionKey )
647 status = initKeys( envelopeInfoPtr, iSessionKeyContext,
648 &iCryptContext, &iMacContext );
663 status = addActionToList( envelopeInfoPtr, iCryptContext,
ACTION_CRYPT );
665 status = addActionToList( envelopeInfoPtr, iMacContext,
ACTION_MAC );
683 REQUIRES( iSessionKeyContext != iCryptContext );
702 static
int importSessionKey(
const CONTENT_LIST *contentListPtr,
709 int iterationCount,
status;
727 return( iCryptImportKey( contentListPtr->object,
736 for( sessionKeyInfoPtr = contentListPtr, iterationCount = 0;
737 sessionKeyInfoPtr != NULL && \
740 sessionKeyInfoPtr = sessionKeyInfoPtr->
next, iterationCount++ );
741 ENSURES( iterationCount < FAILSAFE_ITERATIONS_LARGE );
742 if( sessionKeyInfoPtr == NULL )
775 &sessionKeyInfoPtr->clAuthEncInfo;
789 status = iCryptImportKey( contentListPtr->object,
798 *iSessionKeyContext = iSessionKey;
818 int actionCryptAlgo,
status;
856 actionListPtr = findActionIndirect( envelopeInfoPtr->actionList,
857 findHashActionFunction,
865 "Signature hash algorithm doesn't match hash algorithm "
866 "applied to enveloped data" ) );
888 status = checkCmsSignatureInfo( contentListPtr,
891 envelopeInfoPtr->contentType,
896 status = iCryptCheckSignature( contentListPtr->object,
897 contentListPtr->objectSize,
898 contentListPtr->formatType, sigCheckContext,
906 "Signature verification failed", 29 );
933 "Incorrect key used to verify signature", 38 );
936 clFree(
"addSignatureInfo", (
void * ) contentListPtr->object );
937 contentListPtr->object = NULL;
938 contentListPtr->objectSize = 0;
941 CRYPT_ERROR_SIGNATURE :
status;
959 assert(
isReadPtr( password, passwordLength ) );
964 if( envelopeInfoPtr->iDecryptionKeyset ==
CRYPT_ERROR )
979 CRYPT_IATTRIBUTE_TYPE );
990 if( contentListPtr->issuerAndSerialNumber == NULL )
994 CRYPT_IKEYID_PGPKEYID : CRYPT_IKEYID_KEYID,
995 contentListPtr->keyID, contentListPtr->
keyIDsize,
1002 CRYPT_IKEYID_ISSUERANDSERIALNUMBER,
1003 contentListPtr->issuerAndSerialNumber,
1015 envelopeInfoPtr->iDecryptionKeyset,
1016 "Couldn't retrieve private key from decryption "
1017 "keyset/device" ) );
1024 status = envelopeInfoPtr->addInfo( envelopeInfoPtr,
1034 static
int addPasswordInfo(
const CONTENT_LIST *contentListPtr,
1035 IN_BUFFER( passwordLength )
const void *password,
1037 const int passwordLength,
1050 assert(
isReadPtr( password, passwordLength ) );
1057 ( iMacContext ==
CRYPT_UNUSED && iNewContext != NULL ) );
1064 if( iNewContext != NULL )
1082 status = pgpPasswordToKey( iCryptContext,
CRYPT_UNUSED,
1131 ( status, errorInfo,
1132 "Couldn't derive key-import key from password" ) );
1146 if( iNewContext == NULL )
1150 status = iCryptImportKey( contentListPtr->object,
1153 iCryptContext, iMacContext, NULL );
1159 status = importSessionKey( contentListPtr, iCryptContext,
1166 ( status, errorInfo,
1167 "Couldn't recover wrapped session key" ) );
1188 const BOOLEAN privateKeyFetch = \
1196 REQUIRES( envInfo == CRYPT_IATTRIBUTE_ATTRONLY || \
1201 *contentListPtrPtr = NULL;
1204 if( envInfo == CRYPT_IATTRIBUTE_ATTRONLY || \
1216 if( contentListPtr != NULL )
1218 if( contentListPtr->
envInfo != envInfo && \
1223 *contentListPtrPtr = contentListPtr;
1229 for( contentListPtr = envelopeInfoPtr->
contentList, iterationCount = 0;
1230 contentListPtr != NULL && contentListPtr->
envInfo != envInfo && \
1231 iterationCount < FAILSAFE_ITERATIONS_LARGE;
1232 contentListPtr = contentListPtr->
next, iterationCount++ );
1233 ENSURES( iterationCount < FAILSAFE_ITERATIONS_LARGE );
1234 if( contentListPtr == NULL && privateKeyFetch )
1240 for( contentListPtr = envelopeInfoPtr->
contentList, iterationCount = 0;
1241 contentListPtr != NULL && \
1243 iterationCount < FAILSAFE_ITERATIONS_LARGE;
1244 contentListPtr = contentListPtr->
next, iterationCount++ );
1245 ENSURES( iterationCount < FAILSAFE_ITERATIONS_LARGE );
1247 if( contentListPtr == NULL )
1250 *contentListPtrPtr = contentListPtr;
1263 deleteContentList( envelopeInfoPtr->memPoolState,
1264 &envelopeInfoPtr->contentList );
1265 envelopeInfoPtr->contentList = envelopeInfoPtr->contentListCurrent = NULL;
1271 envelopeInfoPtr->errorState =
CRYPT_OK;
1288 CRYPT_IATTRIBUTE_INITIALISED ) );
1310 REQUIRES( envInfo == CRYPT_IATTRIBUTE_ATTRONLY || \
1324 isExternalKey =
FALSE;
1331 status = matchInfoObject( &contentListPtr, envelopeInfoPtr,
1337 "Added item doesn't match %s envelope information "
1339 ( envelopeInfoPtr->contentListCurrent != NULL ) ? \
1340 "currently selected" :
"any" ) );
1344 switch( localEnvInfo )
1346 case CRYPT_IATTRIBUTE_ATTRONLY:
1357 return( addKeysetInfo( envelopeInfoPtr, localEnvInfo,
1371 if( envelopeInfoPtr->actionList != NULL )
1385 status = addActionEx( &actionListItem,
1386 &envelopeInfoPtr->actionList,
1387 envelopeInfoPtr->memPoolState,
1396 return( addSignatureInfo( envelopeInfoPtr, contentListPtr,
1397 cryptHandle, isExternalKey ) );
1405 switch( localEnvInfo )
1410 status = importSessionKey( contentListPtr, cryptHandle,
1421 status = initEnvelopeEncryption( envelopeInfoPtr, cryptHandle,
1428 iNewContext = envelopeInfoPtr->iCryptContext;
1444 status = initSessionKeyDecryption( envelopeInfoPtr, iNewContext,
1463 return( completeEnvelopeInfoUpdate( envelopeInfoPtr ) );
1480 assert(
isReadPtr( value, valueLength ) );
1489 status = matchInfoObject( &contentListPtr, envelopeInfoPtr, envInfo );
1494 "Added item doesn't match any envelope information "
1506 return( addPrivkeyPasswordInfo( envelopeInfoPtr, contentListPtr,
1507 value, valueLength ) );
1511 if( envelopeInfoPtr->usage !=
ACTION_MAC && \
1520 if( envelopeInfoPtr->actionList == NULL )
1522 status = addPasswordInfo( contentListPtr, value, valueLength,
1523 envelopeInfoPtr->actionList->iCryptHandle,
1524 NULL, envelopeInfoPtr->
type,
1529 status = addPasswordInfo( contentListPtr, value, valueLength,
1539 status = initSessionKeyDecryption( envelopeInfoPtr, iNewContext,
1556 return( completeEnvelopeInfoUpdate( envelopeInfoPtr ) );
1573 envelopeInfoPtr->addInfo = addDeenvelopeInfo;
1574 envelopeInfoPtr->addInfoString = addDeenvelopeInfoString;