Source code
Revision control
Copy as Markdown
Other Tools
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
#include "nsPKCS12Blob.h"
#include "mozilla/Assertions.h"
#include "mozilla/Casting.h"
#include "mozilla/Logging.h"
#include "mozilla/Preferences.h"
#include "mozilla/StaticPrefs_security.h"
#include "mozilla/Unused.h"
#include "mozpkix/pkixtypes.h"
#include "nsIFile.h"
#include "nsIInputStream.h"
#include "nsIX509CertDB.h"
#include "nsNetUtil.h"
#include "nsNSSCertHelper.h"
#include "nsNSSCertificate.h"
#include "nsNSSHelper.h"
#include "nsReadableUtils.h"
#include "nsTArray.h"
#include "nsThreadUtils.h"
#include "p12plcy.h"
#include "ScopedNSSTypes.h"
#include "secerr.h"
using namespace mozilla;
extern LazyLogModule gPIPNSSLog;
#define PIP_PKCS12_BUFFER_SIZE 2048
#define PIP_PKCS12_NOSMARTCARD_EXPORT 4
#define PIP_PKCS12_RESTORE_FAILED 5
#define PIP_PKCS12_BACKUP_FAILED 6
#define PIP_PKCS12_NSS_ERROR 7
nsPKCS12Blob::nsPKCS12Blob() : mUIContext(new PipUIContext()) {}
// Given a file handle, read a PKCS#12 blob from that file, decode it, and
// import the results into the internal database.
nsresult nsPKCS12Blob::ImportFromFile(nsIFile* aFile,
const nsAString& aPassword,
uint32_t& aError) {
uint32_t passwordBufferLength;
UniquePtr<uint8_t[]> passwordBuffer;
UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
if (!slot) {
return NS_ERROR_FAILURE;
}
passwordBuffer = stringToBigEndianBytes(aPassword, passwordBufferLength);
// initialize the decoder
SECItem unicodePw = {siBuffer, passwordBuffer.get(), passwordBufferLength};
UniqueSEC_PKCS12DecoderContext dcx(
SEC_PKCS12DecoderStart(&unicodePw, slot.get(), nullptr, nullptr, nullptr,
nullptr, nullptr, nullptr));
if (!dcx) {
return NS_ERROR_FAILURE;
}
// read input aFile and feed it to the decoder
PRErrorCode nssError;
nsresult rv = inputToDecoder(dcx, aFile, nssError);
if (NS_FAILED(rv)) {
return rv;
}
if (nssError != 0) {
aError = handlePRErrorCode(nssError);
return NS_OK;
}
// verify the blob
SECStatus srv = SEC_PKCS12DecoderVerify(dcx.get());
if (srv != SECSuccess) {
aError = handlePRErrorCode(PR_GetError());
return NS_OK;
}
// validate bags
srv = SEC_PKCS12DecoderValidateBags(dcx.get(), nicknameCollision);
if (srv != SECSuccess) {
aError = handlePRErrorCode(PR_GetError());
return NS_OK;
}
// import cert and key
srv = SEC_PKCS12DecoderImportBags(dcx.get());
if (srv != SECSuccess) {
aError = handlePRErrorCode(PR_GetError());
return NS_OK;
}
aError = nsIX509CertDB::Success;
return NS_OK;
}
static bool isExtractable(UniqueSECKEYPrivateKey& privKey) {
ScopedAutoSECItem value;
SECStatus rv = PK11_ReadRawAttribute(PK11_TypePrivKey, privKey.get(),
CKA_EXTRACTABLE, &value);
if (rv != SECSuccess) {
return false;
}
bool isExtractable = false;
if ((value.len == 1) && value.data) {
isExtractable = !!(*(CK_BBOOL*)value.data);
}
return isExtractable;
}
// Having already loaded the certs, form them into a blob (loading the keys
// also), encode the blob, and stuff it into the file.
nsresult nsPKCS12Blob::ExportToFile(nsIFile* aFile,
const nsTArray<RefPtr<nsIX509Cert>>& aCerts,
const nsAString& aPassword,
uint32_t& aError) {
nsCString passwordUtf8 = NS_ConvertUTF16toUTF8(aPassword);
uint32_t passwordBufferLength = passwordUtf8.Length();
aError = nsIX509CertDB::Success;
// The conversion to UCS2 is executed by sec_pkcs12_encode_password when
// necessary (for some older PKCS12 algorithms). The NSS 3.31 and newer
// expects password to be in the utf8 encoding to support modern encoders.
UniquePtr<unsigned char[]> passwordBuffer(
reinterpret_cast<unsigned char*>(ToNewCString(passwordUtf8)));
if (!passwordBuffer.get()) {
return NS_OK;
}
UniqueSEC_PKCS12ExportContext ecx(
SEC_PKCS12CreateExportContext(nullptr, nullptr, nullptr, nullptr));
if (!ecx) {
aError = nsIX509CertDB::ERROR_PKCS12_BACKUP_FAILED;
return NS_OK;
}
bool useModernCrypto =
StaticPrefs::security_pki_use_modern_crypto_with_pkcs12();
// add password integrity
SECItem unicodePw = {siBuffer, passwordBuffer.get(), passwordBufferLength};
SECStatus srv = SEC_PKCS12AddPasswordIntegrity(
ecx.get(), &unicodePw, useModernCrypto ? SEC_OID_SHA256 : SEC_OID_SHA1);
if (srv != SECSuccess) {
aError = nsIX509CertDB::ERROR_PKCS12_BACKUP_FAILED;
return NS_OK;
}
for (auto& cert : aCerts) {
UniqueCERTCertificate nssCert(cert->GetCert());
if (!nssCert) {
aError = nsIX509CertDB::ERROR_PKCS12_BACKUP_FAILED;
return NS_OK;
}
// We can probably only successfully export certs that are on the internal
// token. Most, if not all, smart card vendors won't let you extract the
// private key (in any way shape or form) from the card. So let's punt if
// the cert is not in the internal db.
if (nssCert->slot && !PK11_IsInternal(nssCert->slot)) {
// We aren't the internal token, see if the key is extractable.
UniqueSECKEYPrivateKey privKey(
PK11_FindKeyByDERCert(nssCert->slot, nssCert.get(), mUIContext));
if (privKey && !isExtractable(privKey)) {
// This is informative. If a serious error occurs later it will
// override it later and return.
aError = nsIX509CertDB::ERROR_PKCS12_NOSMARTCARD_EXPORT;
continue;
}
}
// certSafe and keySafe are owned by ecx.
SEC_PKCS12SafeInfo* certSafe;
SEC_PKCS12SafeInfo* keySafe = SEC_PKCS12CreateUnencryptedSafe(ecx.get());
// We use SEC_OID_AES_128_CBC for the password and SEC_OID_AES_256_CBC
// for the certificate because it's a default for openssl an pk12util
// command.
if (!SEC_PKCS12IsEncryptionAllowed() || PK11_IsFIPS()) {
certSafe = keySafe;
} else {
SECOidTag privAlg =
useModernCrypto ? SEC_OID_AES_128_CBC
: SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC;
certSafe =
SEC_PKCS12CreatePasswordPrivSafe(ecx.get(), &unicodePw, privAlg);
}
if (!certSafe || !keySafe) {
aError = nsIX509CertDB::ERROR_PKCS12_BACKUP_FAILED;
return NS_OK;
}
// add the cert and key to the blob
SECOidTag algorithm =
useModernCrypto
? SEC_OID_AES_256_CBC
: SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC;
srv = SEC_PKCS12AddCertAndKey(ecx.get(), certSafe, nullptr, nssCert.get(),
CERT_GetDefaultCertDB(), keySafe, nullptr,
true, &unicodePw, algorithm);
if (srv != SECSuccess) {
aError = nsIX509CertDB::ERROR_PKCS12_BACKUP_FAILED;
return NS_OK;
}
}
UniquePRFileDesc prFile;
PRFileDesc* rawPRFile;
nsresult rv = aFile->OpenNSPRFileDesc(PR_RDWR | PR_CREATE_FILE | PR_TRUNCATE,
0664, &rawPRFile);
if (NS_FAILED(rv) || !rawPRFile) {
aError = nsIX509CertDB::ERROR_PKCS12_BACKUP_FAILED;
return NS_OK;
}
prFile.reset(rawPRFile);
// encode and write
srv = SEC_PKCS12Encode(ecx.get(), writeExportFile, prFile.get());
if (srv != SECSuccess) {
aError = nsIX509CertDB::ERROR_PKCS12_BACKUP_FAILED;
}
return NS_OK;
}
// For the NSS PKCS#12 library, must convert PRUnichars (shorts) to a buffer of
// octets. Must handle byte order correctly.
UniquePtr<uint8_t[]> nsPKCS12Blob::stringToBigEndianBytes(
const nsAString& uni, uint32_t& bytesLength) {
if (uni.IsVoid()) {
bytesLength = 0;
return nullptr;
}
uint32_t wideLength = uni.Length() + 1; // +1 for the null terminator.
bytesLength = wideLength * 2;
auto buffer = MakeUnique<uint8_t[]>(bytesLength);
// We have to use a cast here because on Windows, uni.get() returns
// char16ptr_t instead of char16_t*.
mozilla::NativeEndian::copyAndSwapToBigEndian(
buffer.get(), static_cast<const char16_t*>(uni.BeginReading()),
wideLength);
return buffer;
}
// Given a decoder, read bytes from file and input them to the decoder.
nsresult nsPKCS12Blob::inputToDecoder(UniqueSEC_PKCS12DecoderContext& dcx,
nsIFile* file, PRErrorCode& nssError) {
nssError = 0;
nsCOMPtr<nsIInputStream> fileStream;
nsresult rv = NS_NewLocalFileInputStream(getter_AddRefs(fileStream), file);
if (NS_FAILED(rv)) {
return rv;
}
char buf[PIP_PKCS12_BUFFER_SIZE];
uint32_t amount;
while (true) {
rv = fileStream->Read(buf, PIP_PKCS12_BUFFER_SIZE, &amount);
if (NS_FAILED(rv)) {
return rv;
}
// feed the file data into the decoder
SECStatus srv =
SEC_PKCS12DecoderUpdate(dcx.get(), (unsigned char*)buf, amount);
if (srv != SECSuccess) {
nssError = PR_GetError();
return NS_OK;
}
if (amount < PIP_PKCS12_BUFFER_SIZE) {
break;
}
}
return NS_OK;
}
// What to do when the nickname collides with one already in the db.
SECItem* nsPKCS12Blob::nicknameCollision(SECItem* oldNick, PRBool* cancel,
void* wincx) {
*cancel = false;
int count = 1;
nsCString nickname;
nsAutoString nickFromProp;
nsresult rv = GetPIPNSSBundleString("P12DefaultNickname", nickFromProp);
if (NS_FAILED(rv)) {
return nullptr;
}
NS_ConvertUTF16toUTF8 nickFromPropC(nickFromProp);
// The user is trying to import a PKCS#12 file that doesn't have the
// attribute we use to set the nickname. So in order to reduce the
// number of interactions we require with the user, we'll build a nickname
// for the user. The nickname isn't prominently displayed in the UI,
// so it's OK if we generate one on our own here.
// XXX If the NSS API were smarter and actually passed a pointer to
// the CERTCertificate* we're importing we could actually just
// call default_nickname (which is what the issuance code path
// does) and come up with a reasonable nickname. Alas, the NSS
// API limits our ability to produce a useful nickname without
// bugging the user. :(
while (1) {
// If we've gotten this far, that means there isn't a certificate
// in the database that has the same subject name as the cert we're
// trying to import. So we need to come up with a "nickname" to
// satisfy the NSS requirement or fail in trying to import.
// Basically we use a default nickname from a properties file and
// see if a certificate exists with that nickname. If there isn't, then
// create update the count by one and append the string '#1' Or
// whatever the count currently is, and look for a cert with
// that nickname. Keep updating the count until we find a nickname
// without a corresponding cert.
// XXX If a user imports *many* certs without the 'friendly name'
// attribute, then this may take a long time. :(
nickname = nickFromPropC;
if (count > 1) {
nickname.AppendPrintf(" #%d", count);
}
UniqueCERTCertificate cert(
CERT_FindCertByNickname(CERT_GetDefaultCertDB(), nickname.get()));
if (!cert) {
break;
}
count++;
}
UniqueSECItem newNick(
SECITEM_AllocItem(nullptr, nullptr, nickname.Length() + 1));
if (!newNick) {
return nullptr;
}
memcpy(newNick->data, nickname.get(), nickname.Length());
newNick->data[nickname.Length()] = 0;
return newNick.release();
}
// write bytes to the exported PKCS#12 file
void nsPKCS12Blob::writeExportFile(void* arg, const char* buf,
unsigned long len) {
PRFileDesc* file = static_cast<PRFileDesc*>(arg);
MOZ_RELEASE_ASSERT(file);
PR_Write(file, buf, len);
}
// Translate PRErrorCode to nsIX509CertDB error
uint32_t nsPKCS12Blob::handlePRErrorCode(PRErrorCode aPrerr) {
MOZ_ASSERT(aPrerr != 0);
uint32_t error = nsIX509CertDB::ERROR_UNKNOWN;
switch (aPrerr) {
case SEC_ERROR_PKCS12_CERT_COLLISION:
error = nsIX509CertDB::ERROR_PKCS12_DUPLICATE_DATA;
break;
// INVALID_ARGS is returned on bad password when importing cert
// exported from firefox or generated by openssl
case SEC_ERROR_INVALID_ARGS:
case SEC_ERROR_BAD_PASSWORD:
error = nsIX509CertDB::ERROR_BAD_PASSWORD;
break;
case SEC_ERROR_BAD_DER:
case SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE:
case SEC_ERROR_PKCS12_INVALID_MAC:
error = nsIX509CertDB::ERROR_DECODE_ERROR;
break;
case SEC_ERROR_PKCS12_DUPLICATE_DATA:
error = nsIX509CertDB::ERROR_PKCS12_DUPLICATE_DATA;
break;
}
return error;
}