/* This Source Code Form is subject to the terms of the Mozilla Public

 * License, v. 2.0. If a copy of the MPL was not distributed with this

 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

/*

 * CMS public key crypto

 */

#include "cmslocal.h"

#include "cert.h"

#include "key.h"

#include "secasn1.h"

#include "secitem.h"

#include "secoid.h"

#include "pk11func.h"

#include "secerr.h"

/* ====== RSA ======================================================================= */

/*

 * NSS_CMSUtil_EncryptSymKey_RSA - wrap a symmetric key with RSA

 *

 * this function takes a symmetric key and encrypts it using an RSA public key

 * according to PKCS#1 and RFC2633 (S/MIME)

 */

SECStatus

NSS_CMSUtil_EncryptSymKey_RSA(PLArenaPool *poolp, CERTCertificate *cert, 

                              PK11SymKey *bulkkey,

                              SECItem *encKey)

{

    SECStatus rv;

    SECKEYPublicKey *publickey;

    publickey = CERT_ExtractPublicKey(cert);

    if (publickey == NULL)

	return SECFailure;

    rv = NSS_CMSUtil_EncryptSymKey_RSAPubKey(poolp, publickey, bulkkey, encKey);

    SECKEY_DestroyPublicKey(publickey);

    return rv;

}

SECStatus

NSS_CMSUtil_EncryptSymKey_RSAPubKey(PLArenaPool *poolp, 

                                    SECKEYPublicKey *publickey, 

                                    PK11SymKey *bulkkey, SECItem *encKey)

{

    SECStatus rv;

    int data_len;

    KeyType keyType;

    void *mark = NULL;

    mark = PORT_ArenaMark(poolp);

    if (!mark)

	goto loser;

    /* sanity check */

    keyType = SECKEY_GetPublicKeyType(publickey);

    PORT_Assert(keyType == rsaKey);

    if (keyType != rsaKey) {

	goto loser;

    }

    /* allocate memory for the encrypted key */

    data_len = SECKEY_PublicKeyStrength(publickey);	/* block size (assumed to be > keylen) */

    encKey->data = (unsigned char*)PORT_ArenaAlloc(poolp, data_len);

    encKey->len = data_len;

    if (encKey->data == NULL)

	goto loser;

    /* encrypt the key now */

    rv = PK11_PubWrapSymKey(PK11_AlgtagToMechanism(SEC_OID_PKCS1_RSA_ENCRYPTION),

				publickey, bulkkey, encKey);

    if (rv != SECSuccess)

	goto loser;

    PORT_ArenaUnmark(poolp, mark);

    return SECSuccess;

loser:

    if (mark) {

	PORT_ArenaRelease(poolp, mark);

    }

    return SECFailure;

}

/*

 * NSS_CMSUtil_DecryptSymKey_RSA - unwrap a RSA-wrapped symmetric key

 *

 * this function takes an RSA-wrapped symmetric key and unwraps it, returning a symmetric

 * key handle. Please note that the actual unwrapped key data may not be allowed to leave

 * a hardware token...

 */

PK11SymKey *

NSS_CMSUtil_DecryptSymKey_RSA(SECKEYPrivateKey *privkey, SECItem *encKey, SECOidTag bulkalgtag)

{

    /* that's easy */

    CK_MECHANISM_TYPE target;

    PORT_Assert(bulkalgtag != SEC_OID_UNKNOWN);

    target = PK11_AlgtagToMechanism(bulkalgtag);

    if (bulkalgtag == SEC_OID_UNKNOWN || target == CKM_INVALID_MECHANISM) {

	PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);

	return NULL;

    }

    return PK11_PubUnwrapSymKey(privkey, encKey, target, CKA_DECRYPT, 0);

}

/* ====== ESDH (Ephemeral-Static Diffie-Hellman) ==================================== */

SECStatus

NSS_CMSUtil_EncryptSymKey_ESDH(PLArenaPool *poolp, CERTCertificate *cert, PK11SymKey *key,

			SECItem *encKey, SECItem **ukm, SECAlgorithmID *keyEncAlg,

			SECItem *pubKey)

{

#if 0 /* not yet done */

    SECOidTag certalgtag;	/* the certificate's encryption algorithm */

    SECOidTag encalgtag;	/* the algorithm used for key exchange/agreement */

    SECStatus rv;

    SECItem *params = NULL;

    int data_len;

    SECStatus err;

    PK11SymKey *tek;

    CERTCertificate *ourCert;

    SECKEYPublicKey *ourPubKey;

    NSSCMSKEATemplateSelector whichKEA = NSSCMSKEAInvalid;

    certalgtag = SECOID_GetAlgorithmTag(&(cert->subjectPublicKeyInfo.algorithm));

    PORT_Assert(certalgtag == SEC_OID_X942_DIFFIE_HELMAN_KEY);

    /* We really want to show our KEA tag as the key exchange algorithm tag. */

    encalgtag = SEC_OID_CMS_EPHEMERAL_STATIC_DIFFIE_HELLMAN;

    /* Get the public key of the recipient. */

    publickey = CERT_ExtractPublicKey(cert);

    if (publickey == NULL) goto loser;

    /* XXXX generate a DH key pair on a PKCS11 module (XXX which parameters?) */

    /* XXXX */ourCert = PK11_FindBestKEAMatch(cert, wincx);

    if (ourCert == NULL) goto loser;

    arena = PORT_NewArena(1024);

    if (arena == NULL) goto loser;

    /* While we're here, extract the key pair's public key data and copy it into */

    /* the outgoing parameters. */

    /* XXXX */ourPubKey = CERT_ExtractPublicKey(ourCert);

    if (ourPubKey == NULL)

    {

	goto loser;

    }

    SECITEM_CopyItem(arena, pubKey, /* XXX */&(ourPubKey->u.fortezza.KEAKey));

    SECKEY_DestroyPublicKey(ourPubKey); /* we only need the private key from now on */

    ourPubKey = NULL;

    /* Extract our private key in order to derive the KEA key. */

    ourPrivKey = PK11_FindKeyByAnyCert(ourCert,wincx);

    CERT_DestroyCertificate(ourCert); /* we're done with this */

    if (!ourPrivKey) goto loser;

    /* If ukm desired, prepare it - allocate enough space (filled with zeros). */

    if (ukm) {

	ukm->data = (unsigned char*)PORT_ArenaZAlloc(arena,/* XXXX */);

	ukm->len = /* XXXX */;

    }

    /* Generate the KEK (key exchange key) according to RFC2631 which we use

     * to wrap the bulk encryption key. */

    kek = PK11_PubDerive(ourPrivKey, publickey, PR_TRUE,

			 ukm, NULL,

			 /* XXXX */CKM_KEA_KEY_DERIVE, /* XXXX */CKM_SKIPJACK_WRAP,

			 CKA_WRAP, 0, wincx);

    SECKEY_DestroyPublicKey(publickey);

    SECKEY_DestroyPrivateKey(ourPrivKey);

    publickey = NULL;

    ourPrivKey = NULL;

    if (!kek)

	goto loser;

    /* allocate space for the encrypted CEK (bulk key) */

    encKey->data = (unsigned char*)PORT_ArenaAlloc(poolp, SMIME_FORTEZZA_MAX_KEY_SIZE);

    encKey->len = SMIME_FORTEZZA_MAX_KEY_SIZE;

    if (encKey->data == NULL)

    {

	PK11_FreeSymKey(kek);

	goto loser;

    }

    /* Wrap the bulk key using CMSRC2WRAP or CMS3DESWRAP, depending on the */

    /* bulk encryption algorithm */

    switch (/* XXXX */PK11_AlgtagToMechanism(enccinfo->encalg))

    {

    case /* XXXX */CKM_SKIPJACK_CFB8:

	err = PK11_WrapSymKey(/* XXXX */CKM_CMS3DES_WRAP, NULL, kek, bulkkey, encKey);

	whichKEA = NSSCMSKEAUsesSkipjack;

	break;

    case /* XXXX */CKM_SKIPJACK_CFB8:

	err = PK11_WrapSymKey(/* XXXX */CKM_CMSRC2_WRAP, NULL, kek, bulkkey, encKey);

	whichKEA = NSSCMSKEAUsesSkipjack;

	break;

    default:

	/* XXXX what do we do here? Neither RC2 nor 3DES... */

        err = SECFailure;

        /* set error */

	break;

    }

    PK11_FreeSymKey(kek);	/* we do not need the KEK anymore */

    if (err != SECSuccess)

	goto loser;

    PORT_Assert(whichKEA != NSSCMSKEAInvalid);

    /* see RFC2630 12.3.1.1 "keyEncryptionAlgorithm must be ..." */

    /* params is the DER encoded key wrap algorithm (with parameters!) (XXX) */

    params = SEC_ASN1EncodeItem(arena, NULL, &keaParams, sec_pkcs7_get_kea_template(whichKEA));

    if (params == NULL)

	goto loser;

    /* now set keyEncAlg */

    rv = SECOID_SetAlgorithmID(poolp, keyEncAlg, SEC_OID_CMS_EPHEMERAL_STATIC_DIFFIE_HELLMAN, params);

    if (rv != SECSuccess)

	goto loser;

    /* XXXXXXX this is not right yet */

loser:

    if (arena) {

	PORT_FreeArena(arena, PR_FALSE);

    }

    if (publickey) {

        SECKEY_DestroyPublicKey(publickey);

    }

    if (ourPrivKey) {

        SECKEY_DestroyPrivateKey(ourPrivKey);

    }

#endif

    return SECFailure;

}

PK11SymKey *

NSS_CMSUtil_DecryptSymKey_ESDH(SECKEYPrivateKey *privkey, SECItem *encKey, SECAlgorithmID *keyEncAlg, SECOidTag bulkalgtag, void *pwfn_arg)

{

#if 0 /* not yet done */

    SECStatus err;

    CK_MECHANISM_TYPE bulkType;

    PK11SymKey *tek;

    SECKEYPublicKey *originatorPubKey;

    NSSCMSSMIMEKEAParameters keaParams;

   /* XXXX get originator's public key */

   originatorPubKey = PK11_MakeKEAPubKey(keaParams.originatorKEAKey.data,

			   keaParams.originatorKEAKey.len);

   if (originatorPubKey == NULL)

      goto loser;

   /* Generate the TEK (token exchange key) which we use to unwrap the bulk encryption key.

      The Derive function generates a shared secret and combines it with the originatorRA

      data to come up with an unique session key */

   tek = PK11_PubDerive(privkey, originatorPubKey, PR_FALSE,

			 &keaParams.originatorRA, NULL,

			 CKM_KEA_KEY_DERIVE, CKM_SKIPJACK_WRAP,

			 CKA_WRAP, 0, pwfn_arg);

   SECKEY_DestroyPublicKey(originatorPubKey);	/* not needed anymore */

   if (tek == NULL)

	goto loser;

    /* Now that we have the TEK, unwrap the bulk key

       with which to decrypt the message. */

    /* Skipjack is being used as the bulk encryption algorithm.*/

    /* Unwrap the bulk key. */

    bulkkey = PK11_UnwrapSymKey(tek, CKM_SKIPJACK_WRAP, NULL,

				encKey, CKM_SKIPJACK_CBC64, CKA_DECRYPT, 0);

    return bulkkey;

loser:

#endif

    return NULL;

}