|
1 /* |
|
2 * Copyright (c) 2004 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: This file contains the header of a CCrPKCS12 Class. |
|
15 * |
|
16 */ |
|
17 |
|
18 |
|
19 |
|
20 #ifndef CRPKCS12 |
|
21 #define CRPKCS12 |
|
22 |
|
23 |
|
24 // INCLUDES |
|
25 #include "CX509CertificateSet.h" // X509CertificateSet |
|
26 #include "crcrypto.h" // Crypto library |
|
27 #include <crber.h> // CCrBer |
|
28 #include <e32base.h> |
|
29 #include <secdlg.h> |
|
30 |
|
31 |
|
32 // EXTERNAL DATA STRUCTURES |
|
33 // FUNCTION PROTOTYPES |
|
34 // FORWARD DECLARATIONS |
|
35 // CLASS DEFINITIONS |
|
36 |
|
37 // DATA TYPES |
|
38 |
|
39 // Object Identifiers |
|
40 // They are used to identify different objects |
|
41 enum TCrPkcs12Algorithm |
|
42 { |
|
43 // Pkcs12 algorithms. |
|
44 ECrpbeWithSHAAnd128BitRC4, |
|
45 ECrpbeWithSHAAnd40BitRC4, |
|
46 ECrpbeWithSHAAnd3_KeyTripleDES_CBC, |
|
47 ECrpbeWithSHAAnd2_KeyTripleDES_CBC, |
|
48 ECrKpbeWithSHAAnd128BitRC2_CBC, |
|
49 ECrKpbeWithSHAAnd40BitRC2_CBC |
|
50 }; |
|
51 |
|
52 // CONSTANTS |
|
53 const TInt K40BitRC2KeySize = 5; |
|
54 const TInt K128BitRC2KeySize = 16; |
|
55 const TInt KDesKeySize = 8; |
|
56 |
|
57 // Digest algorithm identifiers |
|
58 _LIT(KCrSha1,"1.3.14.3.2.26"); // Digest algorithm Sha1. |
|
59 _LIT(KCrMD5, "1.2.840.113549.2.5"); // Digest algorithm Sha1. |
|
60 |
|
61 // Used pkcs12 encryption algorithms |
|
62 _LIT(KpbeWithSHAAnd128BitRC4,"1.2.840.113549.1.12.1.1"); // These are algorith |
|
63 _LIT(KpbeWithSHAAnd40BitRC4,"1.2.840.113549.1.12.1.2"); // identifiers for deriving |
|
64 _LIT(KpbeWithSHAAnd3_KeyTripleDES_CBC,"1.2.840.113549.1.12.1.3"); // keys and IVs. |
|
65 _LIT(KpbeWithSHAAnd2_KeyTripleDES_CBC,"1.2.840.113549.1.12.1.4"); // As implied by their |
|
66 _LIT(KpbeWithSHAAnd128BitRC2_CBC,"1.2.840.113549.1.12.1.5"); // names, all of the object |
|
67 _LIT(KpbeWithSHAAnd40BitRC2_CBC,"1.2.840.113549.1.12.1.6"); // identifiers here use the hash |
|
68 // function SHA-1. |
|
69 |
|
70 // Pkcs12 SafeBags-types |
|
71 _LIT(KkeyBag,"1.2.840.113549.1.12.10.1.1"); // SafeBag types. Each SafeBag holds one piece |
|
72 _LIT(Kpkcs8ShroudedKeyBag,"1.2.840.113549.1.12.10.1.2"); // of information -a key, |
|
73 _LIT(KcertBag,"1.2.840.113549.1.12.10.1.3"); // a certificate, etc.- which is identified |
|
74 _LIT(KcrlBag,"1.2.840.113549.1.12.10.1.4"); // by an object identifier. |
|
75 _LIT(KsecretBag,"1.2.840.113549.1.12.10.1.5"); |
|
76 _LIT(KsafeContentsBag,"1.2.840.113549.1.12.10.1.6"); |
|
77 |
|
78 // Pkcs7 datatypes used in this library |
|
79 _LIT(Kpkcs7Data,"1.2.840.113549.1.7.1"); // Pkcs7 Data-type |
|
80 _LIT(Kpkcs7EncryptedData,"1.2.840.113549.1.7.6"); // Pkcs7 encryptedData-type |
|
81 |
|
82 // Pkcs9 object identifiers |
|
83 _LIT(Kpkcs9LocalKeyId,"1.2.840.113549.1.9.21"); // LocalKeyId. This is used to identify |
|
84 // what certificate belongs to what |
|
85 // PrivateKey |
|
86 |
|
87 _LIT(Kx509certificate,"1.2.840.113549.1.9.22.1"); // X509Certificate |
|
88 |
|
89 // pkcs1 object identifier for rsaEncryption |
|
90 _LIT(Kpkcs1rsaEncryption,"1.2.840.113549.1.1.1"); // For PrivateKey |
|
91 |
|
92 _LIT(KdsaSignatureKey,"1.2.840.10040.4.1"); // DSA signature key |
|
93 |
|
94 |
|
95 const TInt KVersion3 = 0x3; // Version number for PFX |
|
96 const TInt KVersion1 = 0x0; // PrivateKey version |
|
97 const TInt KFirstObject = 0; // First object |
|
98 const TInt KEdVer0 = 0x0; // PKCS #7 Encrypted-data content type |
|
99 // version number |
|
100 |
|
101 const TInt KId1 = 1; // If ID = 1, then pseudo-random bits being produced are |
|
102 // used as key material for performing encryption / decryption |
|
103 |
|
104 const TInt KId2 = 2; // If ID = 2, then pseudo-random bits produced are to be used as |
|
105 // an IV (Initial Value) for encryption / decryption |
|
106 |
|
107 const TInt KId3 = 3; // If ID = 3, then pseudo-random bits being produced are to be |
|
108 // used as an integrity key for MAC-ing. |
|
109 |
|
110 |
|
111 /** |
|
112 * Class CCrPKCS12 |
|
113 * Class CCrPKCS12 opens pkcs12-file with help of CCrBer-library. |
|
114 * |
|
115 * @lib crpkcs12.lib |
|
116 * @since Series 60 3.0 |
|
117 */ |
|
118 NONSHARABLE_CLASS( CCrPKCS12): public CBase |
|
119 { |
|
120 // Constructors and destructors. |
|
121 private: |
|
122 |
|
123 CCrPKCS12(); |
|
124 void ConstructL(); |
|
125 |
|
126 public: |
|
127 static CCrPKCS12* NewLC(); |
|
128 static CCrPKCS12* NewL(); |
|
129 ~CCrPKCS12(); |
|
130 |
|
131 public: // Functions |
|
132 |
|
133 // This is the main function of this library. It validates PKCS #12 file, |
|
134 // checks integrity of file, checks password, opens and decrypts ContentInfo, |
|
135 // decrypts certificates and private keys. If this function returns |
|
136 // ValidFile, other exported functions can be called. |
|
137 TCrStatus OpenL( |
|
138 CCrData& aPkcs12File, |
|
139 const TDesC16& aPassword ); |
|
140 |
|
141 // Returns set of CX509Certificate objects defined in certman. |
|
142 // These are CACertificates. |
|
143 const CX509CertificateSet& CACertificates() const; |
|
144 |
|
145 // Returns set of TDesC8 objects defined in certman. |
|
146 // These are CACertificates. |
|
147 const CArrayPtrFlat<TDesC8>& CACertificateBuffer() const; |
|
148 |
|
149 // Returns set of CX509Certificate objects defined in certman. |
|
150 // These are UserCertificates. |
|
151 const CX509CertificateSet& UserCertificates() const; |
|
152 |
|
153 // Returns set of TDesC8 objects defined in certman. |
|
154 // These are UserCertificates. |
|
155 const CArrayPtrFlat<TDesC8>& UserCertificateBuffer() const; |
|
156 |
|
157 const CArrayPtrFlat<HBufC8>& PrivateKeys() const; |
|
158 |
|
159 // Returns the number of iterations. |
|
160 TUint Iter(); |
|
161 |
|
162 // Returns mac. |
|
163 HBufC8* Mac(); |
|
164 |
|
165 // Returns salt. |
|
166 HBufC8* Salt(); |
|
167 |
|
168 // Returns number of SafeBags in PKCS #12 file. |
|
169 TUint SafeBagsCount(); |
|
170 |
|
171 private: |
|
172 |
|
173 // Private helper class for asynchronous calls. |
|
174 NONSHARABLE_CLASS( CPKCS12SyncWrapper ): public CActive |
|
175 { |
|
176 public: |
|
177 CPKCS12SyncWrapper(); |
|
178 ~CPKCS12SyncWrapper(); |
|
179 TInt EnterPasswordL(const TPINParams& aPINParams, TBool aRetry, TPINValue& aPINValue); |
|
180 protected: // Functions from base classes |
|
181 /** |
|
182 * From CActive |
|
183 */ |
|
184 void DoCancel(); |
|
185 void RunL(); |
|
186 private: |
|
187 TInt SetActiveAndWait(); |
|
188 private: |
|
189 MSecurityDialog* iSecDlg; |
|
190 CActiveSchedulerWait iWait; |
|
191 }; |
|
192 |
|
193 private: |
|
194 // Jumps next object at same level, used in Open-function. |
|
195 TUint JumpNextObjectAtSameLevel(); |
|
196 |
|
197 // Returns what's the algorithm (via OID). |
|
198 // Returns 0, if it isn't algorithm at all. |
|
199 TUint GetAlgorithmL( HBufC* aBuf ); |
|
200 |
|
201 // This function adds given certificate to given set. |
|
202 void PutCertsIntoSetL(CX509CertificateSet* aSet, |
|
203 CArrayPtrFlat<TDesC8>* aBufSet, |
|
204 HBufC8* aX509certificate ); |
|
205 |
|
206 // This function generates double byte pasword from given eight |
|
207 // byte password and calls VerifyMac. |
|
208 TBool VerifyMacFromEightBytePassword(const TDesC8& aPassWord); |
|
209 |
|
210 // Verifies mac (integrity of file and if password is correct). |
|
211 // Used in Open-function. |
|
212 TBool VerifyMacL(const TDesC8& aPassWord); |
|
213 TBool VerifyMacL(const TDesC16& aPassWord); |
|
214 |
|
215 // Opens ContentInfo, used in Open-function. |
|
216 TBool ReadContentInfo( CCrData& aContentInfo ); |
|
217 |
|
218 // Decodes SafeBags. Used in Open function. |
|
219 TInt DecodeSafeBagsL(); |
|
220 |
|
221 // Decrypts ContentInfo, used in OpenContentInfo-function. |
|
222 TBool UnpackContentInfo( CCrData& aContentData ); |
|
223 |
|
224 // Decrypts pkcs7Data, used in DecryptContentInfo-function. |
|
225 TBool UnpackPkcs7DataL( CCrData& aPkcs7Data ); |
|
226 |
|
227 // Unpacks pkcs7EncryptedData, used in DecryptContentInfo- |
|
228 // function. |
|
229 TBool UnpackPkcs7EncryptedDataL( CCrData& aPkcs7EncryptedData ); |
|
230 |
|
231 // Decrypts pkcs7EncryptesData, used in UnpackPkcs7EncryptedData |
|
232 // function. |
|
233 TBool DecryptPkcs7EncryptedDataL(HBufC8* aPkcs7EncryptedData, |
|
234 HBufC8* aSalt, |
|
235 TInt aIter, |
|
236 TInt aAlgorithm ); |
|
237 |
|
238 |
|
239 // Extracts contents of keybag, used in DecodeSafeBags function. |
|
240 void CCrPKCS12::ExtractKeybagL( CCrData& aSafeBag ); |
|
241 |
|
242 // Decrypts pkcs8-shroudedkeybag, used in DecodeSafeBags function. |
|
243 void DecryptShroudedKeybagL( CCrData& aSafeBag ); |
|
244 |
|
245 // Decodes certificate bag, used in DecodeSafeBags function. |
|
246 void DecodeCertBagL( CCrData& aSafeBags ); |
|
247 |
|
248 // Decrypts private key, used in DecryptShroudedKeybag. |
|
249 TBool DecryptPrivateKeyL( HBufC8* aEncryptedPrivateKey, |
|
250 HBufC8* aSalt, |
|
251 TInt aIter, |
|
252 TInt aAlgorithm ); |
|
253 |
|
254 // Gets SafeBags LocalKeyId. This is used to identidy what certificate |
|
255 // belongs to private key. Used in DecryptPrivateKey function. |
|
256 HBufC8* GetLocalKeyId( CCrData& aBagData ); |
|
257 |
|
258 void DecryptDataL( const TDesC8& aEncryptedData, |
|
259 const TDesC8& aSalt, |
|
260 TInt aIter, |
|
261 TInt aAlgorithm, |
|
262 TDes8& aDecryptedData ); |
|
263 |
|
264 |
|
265 private: // Data. |
|
266 |
|
267 // Iterations |
|
268 TUint iIter; |
|
269 |
|
270 // CCrBerSet, set of CCrBer-objects, from crber.lib. |
|
271 CCrBerSet* iberSet; |
|
272 |
|
273 // CCrBer-object, from crber.lib. |
|
274 CCrBer* iberObject; |
|
275 |
|
276 // UserCertificates, contains set of CX509Certificate Objects, |
|
277 // defined in certman. These certificates are user certificates. |
|
278 // Usually there are just one user certificate in PKCS #12 file. |
|
279 CX509CertificateSet* iUserCertificates; |
|
280 |
|
281 |
|
282 // CACertificates, contains set of CX509Certificate Objects, |
|
283 // defined in certman. These certificates are CA certificates. |
|
284 CX509CertificateSet* iCACertificates; |
|
285 |
|
286 CArrayPtrFlat<TDesC8>* iUserCertificateBuffer; |
|
287 CArrayPtrFlat<TDesC8>* iCACertificateBuffer; |
|
288 |
|
289 // Decrypted PKCS#8 encoded private keys. |
|
290 CArrayPtrFlat<HBufC8>* iPKCS8PrivateKeyArray; |
|
291 |
|
292 // This is private keys' LocalKeyIds. With these we can identify |
|
293 // a corresponding certificate. |
|
294 RPointerArray<HBufC8> iPrivateKeyIdArray; |
|
295 |
|
296 // For storing mac. |
|
297 HBufC8* iMac; |
|
298 |
|
299 // For storing salt. |
|
300 HBufC8* iSalt; |
|
301 |
|
302 // index number of berObject. |
|
303 TInt iObjectNum; |
|
304 |
|
305 // Password given to Open function. Must be available to other |
|
306 // functions also, so it is declared here. |
|
307 HBufC8* iPassWord; |
|
308 |
|
309 // Number of SafeBags. |
|
310 TInt iSafeBagsCount; |
|
311 |
|
312 // Used HMAC-algorithm. |
|
313 TInt iHMACalgorithm; |
|
314 |
|
315 // PKCS #7 data. |
|
316 HBufC8* iContentInfo; |
|
317 |
|
318 // SafeBags. |
|
319 HBufC8* iBags; |
|
320 |
|
321 HBufC8* iDecryptionKey; |
|
322 |
|
323 TFileName iFileName; |
|
324 }; |
|
325 |
|
326 #endif |