[apple/security.git] / libsecurity_apple_csp / lib / AppleCSPContext.cpp

/*
 * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
 * 
 * The contents of this file constitute Original Code as defined in and are
 * subject to the Apple Public Source License Version 1.2 (the 'License').
 * You may not use this file except in compliance with the License. Please obtain
 * a copy of the License at http://www.apple.com/publicsource and read it before
 * using this file.
 * 
 * This Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
 * specific language governing rights and limitations under the License.
 */


//
// AppleCSPContext.cpp - CSP-wide contexts 
//

#include "AppleCSPContext.h"
#include "AppleCSPSession.h"
#include "AppleCSPUtils.h"

/*
 * Empty destructor (just to avoid out-of-line copies)
 */
AppleCSPContext::~AppleCSPContext()
{ }

/* 
 * get symmetric key bits - context.key can be either ref or raw.
 * A convenience routine typically used by subclass's init().
 */
void AppleCSPContext::symmetricKeyBits(
	const Context 	&context,
	AppleCSPSession &session,
	CSSM_ALGORITHMS	requiredAlg,	// throws if this doesn't match key alg
	CSSM_KEYUSE 	intendedUse,	// throws if key usage doesn't match this
	uint8			*&keyBits,		// RETURNED (not mallocd or copied)
	CSSM_SIZE		&keyLen)		// RETURNED
{
	/* key must be present and it must be a session key matching caller's spec */
    CssmKey &key = 
		context.get<CssmKey>(CSSM_ATTRIBUTE_KEY, CSSMERR_CSP_MISSING_ATTR_KEY);
	if(key.keyClass() != CSSM_KEYCLASS_SESSION_KEY) {
		CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS);
	}
	if(key.algorithm() != requiredAlg) {
		CssmError::throwMe(CSSMERR_CSP_ALGID_MISMATCH);
	}
	cspValidateIntendedKeyUsage(&key.KeyHeader, intendedUse);
	cspVerifyKeyTimes(key.KeyHeader);
	
	/* extract raw bits one way or the other */
	switch(key.blobType()) {
		case CSSM_KEYBLOB_RAW:
			/* easy case, the bits are right there in the CssmKey */
			if(key.blobFormat() != CSSM_KEYBLOB_RAW_FORMAT_OCTET_STRING) {
				CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_FORMAT);
			}
			keyLen = key.length();
			keyBits = key.KeyData.Data;
			break;
			
		case CSSM_KEYBLOB_REFERENCE:
		{
			/* do a lookup to get a binary key */
			BinaryKey &binKey = session.lookupRefKey(key);
			/* fails if this is not a SymmetricBinaryKey */
			SymmetricBinaryKey *symBinKey =
				dynamic_cast<SymmetricBinaryKey *>(&binKey);
			if(symBinKey == NULL) {
				CssmError::throwMe(CSSMERR_CSP_INVALID_KEY);
			}
			keyLen = symBinKey->mKeyData.Length;
			keyBits = symBinKey->mKeyData.Data;
			break;
		}
		default:
			CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_FORMAT);
	}
	return;
}

AppleKeyPairGenContext::~AppleKeyPairGenContext()
{ /* virtual */ }

// Called from subclass after it allocates its BinaryKeys.
// Caller frees BinaryKeys if we throw any exception. 
void AppleKeyPairGenContext::generate(
	const Context 	&context, 
	AppleCSPSession	&session,
	CssmKey 		&pubKey, 
	BinaryKey 		*pubBinKey,
	CssmKey 		&privKey,
	BinaryKey		*privBinKey)
{
	uint32			keySize;
	cspKeyStorage 	privStorage;
	cspKeyStorage 	pubStorage;
	CssmKey::Header	&pubHdr  = pubKey.header(); 
	CssmKey::Header	&privHdr = privKey.header(); 
	
	// validate context and key header args
	pubStorage  = cspParseKeyAttr(CKT_Public,  pubHdr.KeyAttr);
	privStorage = cspParseKeyAttr(CKT_Private, privHdr.KeyAttr);
	cspValidateKeyUsageBits(CKT_Public,  pubHdr.KeyUsage);
	cspValidateKeyUsageBits(CKT_Private, privHdr.KeyUsage);
	
	// have subclass generate the key pairs in the form of 
	// its native BinaryKeys
	generate(context, *pubBinKey, *privBinKey, keySize);

	// FIXME - Any other header setup?
	pubHdr.LogicalKeySizeInBits = 
		privHdr.LogicalKeySizeInBits = keySize;
	pubHdr.KeyAttr  &= ~KEY_ATTR_RETURN_MASK;
	privHdr.KeyAttr &= ~KEY_ATTR_RETURN_MASK;
		 
	// Handle key formatting. Delete the BinaryKeys if
	// we're not creating ref keys, after safe completion of 
	// generateKeyBlob (which may throw, in which case the binary keys
	// get deleted by our caller). 
	CSSM_KEYATTR_FLAGS attrFlags = 0;
	switch(pubStorage) {
		case CKS_Ref:
			session.addRefKey(*pubBinKey, pubKey);
			break;
		case CKS_Data:
			pubHdr.Format = requestedKeyFormat(context, pubKey);
			pubBinKey->mKeyHeader  = pubHdr;
			pubBinKey->generateKeyBlob(
				session.normAlloc(),		// alloc in user space
				CssmData::overlay(pubKey.KeyData),
				pubHdr.Format,
				session,
				NULL,						// no paramKey here!
				attrFlags);
			break;
		case CKS_None:
			break;
	}
	switch(privStorage) {
		case CKS_Ref:
			session.addRefKey(*privBinKey, privKey);
			break;
		case CKS_Data:
			privHdr.Format = requestedKeyFormat(context, privKey);
			privBinKey->mKeyHeader = privHdr;
			privBinKey->generateKeyBlob(
				session.normAlloc(),		// alloc in user space
				CssmData::overlay(privKey.KeyData),
				privHdr.Format,
				session,
				NULL,
				attrFlags);
			break;
		case CKS_None:
			break;
	}
	if(pubStorage != CKS_Ref) {
		delete pubBinKey;
	}
	if(privStorage != CKS_Ref) {
		delete privBinKey;
	}
}

/*
 * Called from subclass's generate method. Subclass is also a 
 * AppleCSPContext.
 */
void AppleSymmKeyGenContext::generateSymKey(
	const Context 	&context, 
	AppleCSPSession	&session,		// for ref keys
	CssmKey 		&cssmKey)		// RETURNED 
{
	/* there really is no legal way this should throw... */
	uint32 reqKeySize = context.getInt(
		CSSM_ATTRIBUTE_KEY_LENGTH, 
		CSSMERR_CSP_MISSING_ATTR_KEY_LENGTH);
	if((reqKeySize < minSizeInBits) ||
	   (reqKeySize > maxSizeInBits)) {
		CssmError::throwMe(CSSMERR_CSP_UNSUPPORTED_KEY_SIZE);
	}
	if(mustBeByteSized) {
		if((reqKeySize & 0x7) != 0) {
			CssmError::throwMe(CSSMERR_CSP_UNSUPPORTED_KEY_SIZE);
		}
	}
	
	// validate KeyAtrr and KeyUsage already present in header
	cspKeyStorage 	keyStorage;
	CssmKey::Header	&hdr  = cssmKey.header(); 
	
	keyStorage = cspParseKeyAttr(CKT_Session,  hdr.KeyAttr);
	cspValidateKeyUsageBits(CKT_Session, hdr.KeyUsage);
	hdr.KeyAttr  &= ~KEY_ATTR_RETURN_MASK;
	
	hdr.LogicalKeySizeInBits = reqKeySize;
	uint32 keySizeInBytes = (reqKeySize + 7) / 8;
	SymmetricBinaryKey *binKey = NULL;
	CssmData *keyData = NULL;
	
	switch(keyStorage) {
		case CKS_None:
			/* no way */
			CssmError::throwMe(CSSMERR_CSP_INVALID_KEYATTR_MASK);
		case CKS_Ref:
			/* cook up a symmetric binary key */
			binKey = new SymmetricBinaryKey(reqKeySize);
			keyData = &binKey->mKeyData;
			break;
		case CKS_Data:
			/* key bytes --> caller's cssmKey */
			keyData = &(CssmData::overlay(cssmKey.KeyData));
			setUpCssmData(*keyData, keySizeInBytes, 
				session.normAlloc());
			break;
	}
	
	// in any case, fill key bytes with random data
	session.getRandomBytes(keySizeInBytes, keyData->Data);

	if(keyStorage == CKS_Ref) {
		session.addRefKey(*binKey, cssmKey);
	}
	else {
		/* Raw data */
		hdr.BlobType = CSSM_KEYBLOB_RAW;
		hdr.Format = CSSM_KEYBLOB_RAW_FORMAT_OCTET_STRING; 
	}

	// FIXME - any other header fields?
}

//
// Symmetric Binary Key support
//
SymmetricBinaryKey::SymmetricBinaryKey(
	unsigned keySizeInBits) :
		mAllocator(Allocator::standard(Allocator::sensitive))
{
	setUpCssmData(mKeyData, (keySizeInBits + 7) / 8, mAllocator);
}

SymmetricBinaryKey::~SymmetricBinaryKey()
{
	freeCssmData(mKeyData, mAllocator);
}

void SymmetricBinaryKey::generateKeyBlob(
	Allocator 		&allocator,
	CssmData			&blob,
	CSSM_KEYBLOB_FORMAT	&format,	// CSSM_KEYBLOB_RAW_FORMAT_PKCS1, etc.
	AppleCSPSession		&session,
	const CssmKey		*paramKey,	/* optional, unused here */
	CSSM_KEYATTR_FLAGS 	&attrFlags)	/* IN/OUT */
{
	switch(format) {
		case CSSM_KEYBLOB_RAW_FORMAT_NONE:			// default
		case CSSM_KEYBLOB_RAW_FORMAT_OCTET_STRING:	// the one we can do
		case CSSM_KEYBLOB_RAW_FORMAT_DIGEST:		// same thing
			break;
		default:
			CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_SYMMETRIC_KEY_FORMAT);
	}
	copyCssmData(mKeyData, blob, allocator);
	format = CSSM_KEYBLOB_RAW_FORMAT_OCTET_STRING;
}
Commit	Line	Data
b1ab9ed8 A	1	/*
	2	* Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
	3	*
	4	* The contents of this file constitute Original Code as defined in and are
	5	* subject to the Apple Public Source License Version 1.2 (the 'License').
	6	* You may not use this file except in compliance with the License. Please obtain
	7	* a copy of the License at http://www.apple.com/publicsource and read it before
	8	* using this file.
	9	*
	10	* This Original Code and all software distributed under the License are
	11	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
	12	* OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
	13	* LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
	14	* PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
	15	* specific language governing rights and limitations under the License.
	16	*/
	17
	18
	19	//
	20	// AppleCSPContext.cpp - CSP-wide contexts
	21	//
	22
	23	#include "AppleCSPContext.h"
	24	#include "AppleCSPSession.h"
	25	#include "AppleCSPUtils.h"
	26
	27	/*
	28	* Empty destructor (just to avoid out-of-line copies)
	29	*/
	30	AppleCSPContext::~AppleCSPContext()
	31	{ }
	32
	33	/*
	34	* get symmetric key bits - context.key can be either ref or raw.
	35	* A convenience routine typically used by subclass's init().
	36	*/
	37	void AppleCSPContext::symmetricKeyBits(
	38	const Context &context,
	39	AppleCSPSession &session,
	40	CSSM_ALGORITHMS requiredAlg, // throws if this doesn't match key alg
	41	CSSM_KEYUSE intendedUse, // throws if key usage doesn't match this
	42	uint8 *&keyBits, // RETURNED (not mallocd or copied)
	43	CSSM_SIZE &keyLen) // RETURNED
	44	{
	45	/* key must be present and it must be a session key matching caller's spec */
	46	CssmKey &key =
	47	context.get<CssmKey>(CSSM_ATTRIBUTE_KEY, CSSMERR_CSP_MISSING_ATTR_KEY);
	48	if(key.keyClass() != CSSM_KEYCLASS_SESSION_KEY) {
	49	CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS);
	50	}
	51	if(key.algorithm() != requiredAlg) {
	52	CssmError::throwMe(CSSMERR_CSP_ALGID_MISMATCH);
	53	}
	54	cspValidateIntendedKeyUsage(&key.KeyHeader, intendedUse);
	55	cspVerifyKeyTimes(key.KeyHeader);
	56
	57	/* extract raw bits one way or the other */
	58	switch(key.blobType()) {
	59	case CSSM_KEYBLOB_RAW:
	60	/* easy case, the bits are right there in the CssmKey */
	61	if(key.blobFormat() != CSSM_KEYBLOB_RAW_FORMAT_OCTET_STRING) {
	62	CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_FORMAT);
	63	}
	64	keyLen = key.length();
65	keyBits = key.KeyData.Data;
66	break;
67
68	case CSSM_KEYBLOB_REFERENCE:
69	{
70	/* do a lookup to get a binary key */
71	BinaryKey &binKey = session.lookupRefKey(key);
72	/* fails if this is not a SymmetricBinaryKey */
73	SymmetricBinaryKey *symBinKey =
74	dynamic_cast<SymmetricBinaryKey *>(&binKey);
75	if(symBinKey == NULL) {
76	CssmError::throwMe(CSSMERR_CSP_INVALID_KEY);
77	}
78	keyLen = symBinKey->mKeyData.Length;
79	keyBits = symBinKey->mKeyData.Data;
80	break;
81	}
82	default:
83	CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_FORMAT);
84	}
85	return;
86	}
87
88	AppleKeyPairGenContext::~AppleKeyPairGenContext()
89	{ /* virtual */ }
90
91	// Called from subclass after it allocates its BinaryKeys.
92	// Caller frees BinaryKeys if we throw any exception.
93	void AppleKeyPairGenContext::generate(
94	const Context &context,
95	AppleCSPSession &session,
96	CssmKey &pubKey,
97	BinaryKey *pubBinKey,
98	CssmKey &privKey,
99	BinaryKey *privBinKey)
100	{
101	uint32 keySize;
102	cspKeyStorage privStorage;
103	cspKeyStorage pubStorage;
104	CssmKey::Header &pubHdr = pubKey.header();
105	CssmKey::Header &privHdr = privKey.header();
106
107	// validate context and key header args
108	pubStorage = cspParseKeyAttr(CKT_Public, pubHdr.KeyAttr);
109	privStorage = cspParseKeyAttr(CKT_Private, privHdr.KeyAttr);
110	cspValidateKeyUsageBits(CKT_Public, pubHdr.KeyUsage);
111	cspValidateKeyUsageBits(CKT_Private, privHdr.KeyUsage);
112
113	// have subclass generate the key pairs in the form of
114	// its native BinaryKeys
115	generate(context, pubBinKey, privBinKey, keySize);
116
117	// FIXME - Any other header setup?
118	pubHdr.LogicalKeySizeInBits =
119	privHdr.LogicalKeySizeInBits = keySize;
120	pubHdr.KeyAttr &= ~KEY_ATTR_RETURN_MASK;
121	privHdr.KeyAttr &= ~KEY_ATTR_RETURN_MASK;
122
123	// Handle key formatting. Delete the BinaryKeys if
124	// we're not creating ref keys, after safe completion of
125	// generateKeyBlob (which may throw, in which case the binary keys
126	// get deleted by our caller).
127	CSSM_KEYATTR_FLAGS attrFlags = 0;
128	switch(pubStorage) {
129	case CKS_Ref:
130	session.addRefKey(*pubBinKey, pubKey);
131	break;
132	case CKS_Data:
133	pubHdr.Format = requestedKeyFormat(context, pubKey);
134	pubBinKey->mKeyHeader = pubHdr;
135	pubBinKey->generateKeyBlob(
136	session.normAlloc(), // alloc in user space
137	CssmData::overlay(pubKey.KeyData),
138	pubHdr.Format,
139	session,
140	NULL, // no paramKey here!
141	attrFlags);
142	break;
143	case CKS_None:
144	break;
145	}
146	switch(privStorage) {
147	case CKS_Ref:
148	session.addRefKey(*privBinKey, privKey);
149	break;
150	case CKS_Data:
151	privHdr.Format = requestedKeyFormat(context, privKey);
152	privBinKey->mKeyHeader = privHdr;
153	privBinKey->generateKeyBlob(
154	session.normAlloc(), // alloc in user space
155	CssmData::overlay(privKey.KeyData),
156	privHdr.Format,
157	session,
158	NULL,
159	attrFlags);
160	break;
161	case CKS_None:
162	break;
163	}
164	if(pubStorage != CKS_Ref) {
165	delete pubBinKey;
166	}
167	if(privStorage != CKS_Ref) {
168	delete privBinKey;
169	}
170	}
171
172	/*
173	* Called from subclass's generate method. Subclass is also a
174	* AppleCSPContext.
175	*/
176	void AppleSymmKeyGenContext::generateSymKey(
177	const Context &context,
178	AppleCSPSession &session, // for ref keys
179	CssmKey &cssmKey) // RETURNED
180	{
181	/* there really is no legal way this should throw... */
182	uint32 reqKeySize = context.getInt(
183	CSSM_ATTRIBUTE_KEY_LENGTH,
184	CSSMERR_CSP_MISSING_ATTR_KEY_LENGTH);
185	if((reqKeySize < minSizeInBits) \|\|
186	(reqKeySize > maxSizeInBits)) {
187	CssmError::throwMe(CSSMERR_CSP_UNSUPPORTED_KEY_SIZE);
188	}
189	if(mustBeByteSized) {
190	if((reqKeySize & 0x7) != 0) {
191	CssmError::throwMe(CSSMERR_CSP_UNSUPPORTED_KEY_SIZE);
192	}
193	}
194
195	// validate KeyAtrr and KeyUsage already present in header
196	cspKeyStorage keyStorage;
197	CssmKey::Header &hdr = cssmKey.header();
198
199	keyStorage = cspParseKeyAttr(CKT_Session, hdr.KeyAttr);
200	cspValidateKeyUsageBits(CKT_Session, hdr.KeyUsage);
201	hdr.KeyAttr &= ~KEY_ATTR_RETURN_MASK;
202
203	hdr.LogicalKeySizeInBits = reqKeySize;
204	uint32 keySizeInBytes = (reqKeySize + 7) / 8;
205	SymmetricBinaryKey *binKey = NULL;
206	CssmData *keyData = NULL;
207
208	switch(keyStorage) {
209	case CKS_None:
210	/* no way */
211	CssmError::throwMe(CSSMERR_CSP_INVALID_KEYATTR_MASK);
212	case CKS_Ref:
213	/* cook up a symmetric binary key */
214	binKey = new SymmetricBinaryKey(reqKeySize);
215	keyData = &binKey->mKeyData;
216	break;
217	case CKS_Data:
218	/* key bytes --> caller's cssmKey */
219	keyData = &(CssmData::overlay(cssmKey.KeyData));
220	setUpCssmData(*keyData, keySizeInBytes,
221	session.normAlloc());
222	break;
223	}
224
225	// in any case, fill key bytes with random data
226	session.getRandomBytes(keySizeInBytes, keyData->Data);
227
228	if(keyStorage == CKS_Ref) {
229	session.addRefKey(*binKey, cssmKey);
230	}
231	else {
232	/* Raw data */
233	hdr.BlobType = CSSM_KEYBLOB_RAW;
234	hdr.Format = CSSM_KEYBLOB_RAW_FORMAT_OCTET_STRING;
235	}
236
237	// FIXME - any other header fields?
238	}
239
240	//
241	// Symmetric Binary Key support
242	//
243	SymmetricBinaryKey::SymmetricBinaryKey(
244	unsigned keySizeInBits) :
245	mAllocator(Allocator::standard(Allocator::sensitive))
246	{
247	setUpCssmData(mKeyData, (keySizeInBits + 7) / 8, mAllocator);
248	}
249
250	SymmetricBinaryKey::~SymmetricBinaryKey()
251	{
252	freeCssmData(mKeyData, mAllocator);
253	}
254
255	void SymmetricBinaryKey::generateKeyBlob(
256	Allocator &allocator,
257	CssmData &blob,
258	CSSM_KEYBLOB_FORMAT &format, // CSSM_KEYBLOB_RAW_FORMAT_PKCS1, etc.
259	AppleCSPSession &session,
260	const CssmKey paramKey, / optional, unused here */
261	CSSM_KEYATTR_FLAGS &attrFlags) /* IN/OUT */
262	{
263	switch(format) {
264	case CSSM_KEYBLOB_RAW_FORMAT_NONE: // default
265	case CSSM_KEYBLOB_RAW_FORMAT_OCTET_STRING: // the one we can do
266	case CSSM_KEYBLOB_RAW_FORMAT_DIGEST: // same thing
267	break;
268	default:
269	CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_SYMMETRIC_KEY_FORMAT);
270	}
271	copyCssmData(mKeyData, blob, allocator);
272	format = CSSM_KEYBLOB_RAW_FORMAT_OCTET_STRING;
273	}
274