[apple/security.git] / AppleCSP / CryptKitCSP / FEEKeys.cpp

/*
 * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
 * 
 * The contents of this file constitute Original Code as defined in and are
 * subject to the Apple Public Source License Version 1.2 (the 'License').
 * You may not use this file except in compliance with the License. Please obtain
 * a copy of the License at http://www.apple.com/publicsource and read it before
 * using this file.
 * 
 * This Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
 * specific language governing rights and limitations under the License.
 */


/*
 * FEEKeys.cpp - FEE-related asymmetric key pair classes. 
 *
 * Created 2/21/2001 by dmitch.
 */

#ifdef	CRYPTKIT_CSP_ENABLE

#include "FEEKeys.h"
#include "FEECSPUtils.h"
#include "CryptKitSpace.h"
#include <CryptKit/feePublicKey.h>
#include <CryptKit/falloc.h>
#include <Security/cssmdata.h>
#include "AppleCSPSession.h"
#include "AppleCSPUtils.h"
#include <assert.h>
#include <Security/debugging.h>

#define feeKeyDebug(args...)	debug("feeKey", ## args)

/***
 *** FEE-style BinaryKey
 ***/
 
/* constructor with optional existing feePubKey */
CryptKit::FEEBinaryKey::FEEBinaryKey(feePubKey feeKey)
	: mFeeKey(feeKey)
{
	if(mFeeKey == NULL) {
		mFeeKey = feePubKeyAlloc();
		if(mFeeKey == NULL) {
			CssmError::throwMe(CSSMERR_CSP_MEMORY_ERROR);
		}
	}
}

CryptKit::FEEBinaryKey::~FEEBinaryKey()
{
	if(mFeeKey) {
		feePubKeyFree(mFeeKey);
		mFeeKey = NULL;
	}
}

void CryptKit::FEEBinaryKey::generateKeyBlob(
		CssmAllocator 		&allocator,
		CssmData			&blob,
		CSSM_KEYBLOB_FORMAT	&format)
{
	unsigned char 	*keyBlob;
	unsigned 		len;
	feeReturn		frtn;
	bool			derBlob;
	
	assert(mFeeKey != NULL);
	switch(format) {
		/* also case FEE_KEYBLOB_DEFAULT_FORMAT: */
		case CSSM_KEYBLOB_RAW_FORMAT_NONE:
			derBlob = true;
			break;
		case CSSM_KEYBLOB_RAW_FORMAT_OCTET_STRING:
			/* native non-DER-encoded blob */
			derBlob = false;
			break;
		default:
			feeKeyDebug("FEEBinaryKey::generateKeyBlob: bad format (%ld)\n", format);
			CssmError::throwMe(feePubKeyIsPrivate(mFeeKey) ?
				CSSMERR_CSP_INVALID_ATTR_PRIVATE_KEY_FORMAT :
				CSSMERR_CSP_INVALID_ATTR_PUBLIC_KEY_FORMAT);
	}
	if(feePubKeyIsPrivate(mFeeKey)) {
		if(derBlob) {
			frtn = feePubKeyCreateDERPrivBlob(mFeeKey, &keyBlob, &len);
		}
		else {
			frtn = feePubKeyCreatePrivBlob(mFeeKey, &keyBlob, &len);
		}
	}
	else {
		if(derBlob) {
			frtn = feePubKeyCreateDERPubBlob(mFeeKey, &keyBlob, &len);
		}
		else {
			frtn = feePubKeyCreatePubBlob(mFeeKey, &keyBlob, &len);
		}
	}
	if(frtn) {
		throwCryptKit(frtn, "feePubKeyCreate*Blob");
	}
	setUpCssmData(blob, len, allocator);
	memmove(blob.data(), keyBlob, len);
	blob.length(len);
	ffree(keyBlob);
	format = derBlob ? FEE_KEYBLOB_DEFAULT_FORMAT : 
		CSSM_KEYBLOB_RAW_FORMAT_OCTET_STRING;
}
		
/***
 *** FEE-style AppleKeyPairGenContext
 ***/

/*
 * This one is specified in, and called from, CSPFullPluginSession. Our
 * only job is to prepare two subclass-specific BinaryKeys and call up to
 * AppleKeyPairGenContext.
 */
void CryptKit::FEEKeyPairGenContext::generate(
	const Context 	&context, 
	CssmKey 		&pubKey, 
	CssmKey 		&privKey)
{
	FEEBinaryKey *pubBinKey  = new FEEBinaryKey();
	FEEBinaryKey *privBinKey = new FEEBinaryKey();
	
	try {
		AppleKeyPairGenContext::generate(context, 
			session(),
			pubKey, 
			pubBinKey, 
			privKey, 
			privBinKey);
	}
	catch (...) {
		delete pubBinKey;
		delete privBinKey;
		throw;
	}

}
	
// this one is specified in, and called from, AppleKeyPairGenContext
void CryptKit::FEEKeyPairGenContext::generate(
	const Context 	&context,
	BinaryKey		&pubBinKey,	
	BinaryKey		&privBinKey,
	uint32			&keyBits)
{
	/* 
	 * These casts throw exceptions if the keys are of the 
	 * wrong classes, which would be a major bogon, since we created
	 * the keys in the above generate() function.
	 */
	FEEBinaryKey &fPubBinKey = 
		dynamic_cast<FEEBinaryKey &>(pubBinKey);
	FEEBinaryKey &fPrivBinKey = 
		dynamic_cast<FEEBinaryKey &>(privBinKey);

	/*
	 * Two parameters from context. Key size in bits is required;
	 * seed is optional. If not present, we cook up random private data. 
	 */
	keyBits = context.getInt(CSSM_ATTRIBUTE_KEY_LENGTH,
				CSSMERR_CSP_MISSING_ATTR_KEY_LENGTH);
	CssmCryptoData *cseed = context.get<CssmCryptoData>(CSSM_ATTRIBUTE_SEED);
	CssmData *seed;
	bool haveSeed;
	CssmAutoData aSeed(session());		// malloc on demand
	if(cseed) {
		/* caller specified seed */
		haveSeed = true;
		seed = &cseed->param();
	}
	else {
		/* generate random seed */
		haveSeed = false;
		unsigned keyBytes = ((keyBits + 7) / 8) + 1;
		aSeed.malloc(keyBytes);
		session().getRandomBytes(keyBytes, aSeed);
		seed = &aSeed.get();
	}
	
	/* Curve and prime types - optional */
	feePrimeType primeType = FPT_Default;
	uint32 uPrimeType = context.getInt(CSSM_ATTRIBUTE_FEE_PRIME_TYPE);
	switch(uPrimeType) {
		case CSSM_FEE_PRIME_TYPE_DEFAULT:
			break;
		case CSSM_FEE_PRIME_TYPE_MERSENNE:
			primeType = FPT_Mersenne;
			break;
		case CSSM_FEE_PRIME_TYPE_FEE:
			primeType = FPT_FEE;
			break;
		case CSSM_FEE_PRIME_TYPE_GENERAL:
			primeType = FPT_General;
			break;
		default:
			/* FIXME - maybe we should be more specific */
			CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_ALG_PARAMS);
	}
	feeCurveType curveType = FCT_Default;
	uint32 uCurveType = context.getInt(CSSM_ATTRIBUTE_FEE_CURVE_TYPE);
	switch(uCurveType) {
		case CSSM_FEE_CURVE_TYPE_DEFAULT:
			break;
		case CSSM_FEE_CURVE_TYPE_MONTGOMERY:
			curveType = FCT_Montgomery;
			break;
		case CSSM_FEE_CURVE_TYPE_WEIERSTRASS:
			curveType = FCT_Weierstrass;
			break;
		default:
			/* FIXME - maybe we should be more specific */
			CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_ALG_PARAMS);
	}
	feeReturn frtn = feePubKeyInitFromPrivDataKeyBits( 
		fPrivBinKey.feeKey(),
		(unsigned char *)seed->data(),
		seed->length(),
		keyBits,
		primeType,
		curveType,
		/* 
		 * our random seed: trust it
		 * caller's seed: hash it
		 */
		haveSeed ? 1 : 0);
	if(frtn) {
		throwCryptKit(frtn, "feePubKeyInitFromPrivDataKeyBits");
	}
	frtn = feePubKeyInitPubKeyFromPriv(fPrivBinKey.feeKey(), 
		fPubBinKey.feeKey());
	if(frtn) {
		throwCryptKit(frtn, "feePubKeyInitPubKeyFromPriv");
	}
}


/***
 *** FEE-style CSPKeyInfoProvider.
 ***/
CryptKit::FEEKeyInfoProvider::FEEKeyInfoProvider(
	const CssmKey &cssmKey) :
		CSPKeyInfoProvider(cssmKey)
{
	switch(cssmKey.algorithm()) {
		case CSSM_ALGID_FEE:
			break;
		default:
			CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
	}
	switch(cssmKey.keyClass()) {
		case CSSM_KEYCLASS_PUBLIC_KEY:
		case CSSM_KEYCLASS_PRIVATE_KEY:
			/* FIXME - verify proper CSSM_KEYBLOB_RAW_FORMAT_xx */
			break;
		default:
			CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS);
	}
	/* OK, we'll handle this one */
	return;
}

/* Given a raw key, cook up a Binary key */
void CryptKit::FEEKeyInfoProvider::CssmKeyToBinary(
	BinaryKey **binKey)
{
	*binKey = NULL;
	feePubKey feeKey = NULL;
	
	/* first cook up a feePubKey, then drop that into a BinaryKey */
	feeKey = rawCssmKeyToFee(mKey);
	FEEBinaryKey *feeBinKey = new FEEBinaryKey(feeKey);
	*binKey = feeBinKey;
}
		
/* 
 * Obtain key size in bits.
 * Currently only raw public keys are dealt with (they're the ones
 * which come from certs, the only current use for this function).
 * Note that if we need to handle ref keys, we'll need a session ref...
 */
void CryptKit::FEEKeyInfoProvider::QueryKeySizeInBits(
	CSSM_KEY_SIZE &keySize)
{
	feePubKey feeKey = NULL;
	
	if(mKey.blobType() != CSSM_KEYBLOB_RAW) {
		CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_FORMAT);
	}
	feeKey = rawCssmKeyToFee(mKey);
	keySize.LogicalKeySizeInBits = feePubKeyBitsize(feeKey);
	keySize.EffectiveKeySizeInBits = keySize.LogicalKeySizeInBits;
	feePubKeyFree(feeKey);
}

#endif	/* CRYPTKIT_CSP_ENABLE */
Commit	Line	Data
bac41a7b A	1	/*
	2	* Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
	3	*
	4	* The contents of this file constitute Original Code as defined in and are
	5	* subject to the Apple Public Source License Version 1.2 (the 'License').
	6	* You may not use this file except in compliance with the License. Please obtain
	7	* a copy of the License at http://www.apple.com/publicsource and read it before
	8	* using this file.
	9	*
	10	* This Original Code and all software distributed under the License are
	11	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
	12	* OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
	13	* LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
	14	* PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
	15	* specific language governing rights and limitations under the License.
	16	*/
	17
	18
	19	/*
	20	* FEEKeys.cpp - FEE-related asymmetric key pair classes.
	21	*
	22	* Created 2/21/2001 by dmitch.
	23	*/
	24
	25	#ifdef CRYPTKIT_CSP_ENABLE
	26
	27	#include "FEEKeys.h"
	28	#include "FEECSPUtils.h"
	29	#include "CryptKitSpace.h"
	30	#include <CryptKit/feePublicKey.h>
	31	#include <CryptKit/falloc.h>
	32	#include <Security/cssmdata.h>
	33	#include "AppleCSPSession.h"
	34	#include "AppleCSPUtils.h"
	35	#include <assert.h>
	36	#include <Security/debugging.h>
	37
	38	#define feeKeyDebug(args...) debug("feeKey", ## args)
	39
	40	/***
	41	*** FEE-style BinaryKey
	42	***/
	43
	44	/* constructor with optional existing feePubKey */
	45	CryptKit::FEEBinaryKey::FEEBinaryKey(feePubKey feeKey)
	46	: mFeeKey(feeKey)
	47	{
	48	if(mFeeKey == NULL) {
	49	mFeeKey = feePubKeyAlloc();
	50	if(mFeeKey == NULL) {
	51	CssmError::throwMe(CSSMERR_CSP_MEMORY_ERROR);
	52	}
	53	}
	54	}
	55
	56	CryptKit::FEEBinaryKey::~FEEBinaryKey()
	57	{
	58	if(mFeeKey) {
	59	feePubKeyFree(mFeeKey);
	60	mFeeKey = NULL;
	61	}
	62	}
	63
	64	void CryptKit::FEEBinaryKey::generateKeyBlob(
65	CssmAllocator &allocator,
66	CssmData &blob,
67	CSSM_KEYBLOB_FORMAT &format)
68	{
69	unsigned char *keyBlob;
70	unsigned len;
71	feeReturn frtn;
72	bool derBlob;
73
74	assert(mFeeKey != NULL);
75	switch(format) {
76	/* also case FEE_KEYBLOB_DEFAULT_FORMAT: */
77	case CSSM_KEYBLOB_RAW_FORMAT_NONE:
78	derBlob = true;
79	break;
80	case CSSM_KEYBLOB_RAW_FORMAT_OCTET_STRING:
81	/* native non-DER-encoded blob */
82	derBlob = false;
83	break;
84	default:
85	feeKeyDebug("FEEBinaryKey::generateKeyBlob: bad format (%ld)\n", format);
86	CssmError::throwMe(feePubKeyIsPrivate(mFeeKey) ?
87	CSSMERR_CSP_INVALID_ATTR_PRIVATE_KEY_FORMAT :
88	CSSMERR_CSP_INVALID_ATTR_PUBLIC_KEY_FORMAT);
89	}
90	if(feePubKeyIsPrivate(mFeeKey)) {
91	if(derBlob) {
92	frtn = feePubKeyCreateDERPrivBlob(mFeeKey, &keyBlob, &len);
93	}
94	else {
95	frtn = feePubKeyCreatePrivBlob(mFeeKey, &keyBlob, &len);
96	}
97	}
98	else {
99	if(derBlob) {
100	frtn = feePubKeyCreateDERPubBlob(mFeeKey, &keyBlob, &len);
101	}
102	else {
103	frtn = feePubKeyCreatePubBlob(mFeeKey, &keyBlob, &len);
104	}
105	}
106	if(frtn) {
107	throwCryptKit(frtn, "feePubKeyCreate*Blob");
108	}
109	setUpCssmData(blob, len, allocator);
110	memmove(blob.data(), keyBlob, len);
111	blob.length(len);
112	ffree(keyBlob);
113	format = derBlob ? FEE_KEYBLOB_DEFAULT_FORMAT :
114	CSSM_KEYBLOB_RAW_FORMAT_OCTET_STRING;
115	}
116
117	/***
118	*** FEE-style AppleKeyPairGenContext
119	***/
120
121	/*
122	* This one is specified in, and called from, CSPFullPluginSession. Our
123	* only job is to prepare two subclass-specific BinaryKeys and call up to
124	* AppleKeyPairGenContext.
125	*/
126	void CryptKit::FEEKeyPairGenContext::generate(
127	const Context &context,
128	CssmKey &pubKey,
129	CssmKey &privKey)
130	{
131	FEEBinaryKey *pubBinKey = new FEEBinaryKey();
132	FEEBinaryKey *privBinKey = new FEEBinaryKey();
133
134	try {
135	AppleKeyPairGenContext::generate(context,
136	session(),
137	pubKey,
138	pubBinKey,
139	privKey,
140	privBinKey);
141	}
142	catch (...) {
143	delete pubBinKey;
144	delete privBinKey;
145	throw;
146	}
147
148	}
149
150	// this one is specified in, and called from, AppleKeyPairGenContext
151	void CryptKit::FEEKeyPairGenContext::generate(
152	const Context &context,
153	BinaryKey &pubBinKey,
154	BinaryKey &privBinKey,
155	uint32 &keyBits)
156	{
157	/*
158	* These casts throw exceptions if the keys are of the
159	* wrong classes, which would be a major bogon, since we created
160	* the keys in the above generate() function.
161	*/
162	FEEBinaryKey &fPubBinKey =
163	dynamic_cast<FEEBinaryKey &>(pubBinKey);
164	FEEBinaryKey &fPrivBinKey =
165	dynamic_cast<FEEBinaryKey &>(privBinKey);
166
167	/*
168	* Two parameters from context. Key size in bits is required;
169	* seed is optional. If not present, we cook up random private data.
170	*/
171	keyBits = context.getInt(CSSM_ATTRIBUTE_KEY_LENGTH,
172	CSSMERR_CSP_MISSING_ATTR_KEY_LENGTH);
173	CssmCryptoData *cseed = context.get<CssmCryptoData>(CSSM_ATTRIBUTE_SEED);
174	CssmData *seed;
175	bool haveSeed;
176	CssmAutoData aSeed(session()); // malloc on demand
177	if(cseed) {
178	/* caller specified seed */
179	haveSeed = true;
180	seed = &cseed->param();
181	}
182	else {
183	/* generate random seed */
184	haveSeed = false;
185	unsigned keyBytes = ((keyBits + 7) / 8) + 1;
186	aSeed.malloc(keyBytes);
187	session().getRandomBytes(keyBytes, aSeed);
188	seed = &aSeed.get();
189	}
190
191	/* Curve and prime types - optional */
192	feePrimeType primeType = FPT_Default;
193	uint32 uPrimeType = context.getInt(CSSM_ATTRIBUTE_FEE_PRIME_TYPE);
194	switch(uPrimeType) {
195	case CSSM_FEE_PRIME_TYPE_DEFAULT:
196	break;
197	case CSSM_FEE_PRIME_TYPE_MERSENNE:
198	primeType = FPT_Mersenne;
199	break;
200	case CSSM_FEE_PRIME_TYPE_FEE:
201	primeType = FPT_FEE;
202	break;
203	case CSSM_FEE_PRIME_TYPE_GENERAL:
204	primeType = FPT_General;
205	break;
206	default:
207	/* FIXME - maybe we should be more specific */
208	CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_ALG_PARAMS);
209	}
210	feeCurveType curveType = FCT_Default;
211	uint32 uCurveType = context.getInt(CSSM_ATTRIBUTE_FEE_CURVE_TYPE);
212	switch(uCurveType) {
213	case CSSM_FEE_CURVE_TYPE_DEFAULT:
214	break;
215	case CSSM_FEE_CURVE_TYPE_MONTGOMERY:
216	curveType = FCT_Montgomery;
217	break;
218	case CSSM_FEE_CURVE_TYPE_WEIERSTRASS:
219	curveType = FCT_Weierstrass;
220	break;
221	default:
222	/* FIXME - maybe we should be more specific */
223	CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_ALG_PARAMS);
224	}
225	feeReturn frtn = feePubKeyInitFromPrivDataKeyBits(
226	fPrivBinKey.feeKey(),
227	(unsigned char *)seed->data(),
228	seed->length(),
229	keyBits,
230	primeType,
231	curveType,
232	/*
233	* our random seed: trust it
234	* caller's seed: hash it
235	*/
236	haveSeed ? 1 : 0);
237	if(frtn) {
238	throwCryptKit(frtn, "feePubKeyInitFromPrivDataKeyBits");
239	}
240	frtn = feePubKeyInitPubKeyFromPriv(fPrivBinKey.feeKey(),
241	fPubBinKey.feeKey());
242	if(frtn) {
243	throwCryptKit(frtn, "feePubKeyInitPubKeyFromPriv");
244	}
245	}
246
247
248	/***
249	*** FEE-style CSPKeyInfoProvider.
250	***/
251	CryptKit::FEEKeyInfoProvider::FEEKeyInfoProvider(
252	const CssmKey &cssmKey) :
253	CSPKeyInfoProvider(cssmKey)
254	{
255	switch(cssmKey.algorithm()) {
256	case CSSM_ALGID_FEE:
257	break;
258	default:
259	CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
260	}
261	switch(cssmKey.keyClass()) {
262	case CSSM_KEYCLASS_PUBLIC_KEY:
263	case CSSM_KEYCLASS_PRIVATE_KEY:
264	/* FIXME - verify proper CSSM_KEYBLOB_RAW_FORMAT_xx */
265	break;
266	default:
267	CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS);
268	}
269	/* OK, we'll handle this one */
270	return;
271	}
272
273	/* Given a raw key, cook up a Binary key */
274	void CryptKit::FEEKeyInfoProvider::CssmKeyToBinary(
275	BinaryKey **binKey)
276	{
277	*binKey = NULL;
278	feePubKey feeKey = NULL;
279
280	/* first cook up a feePubKey, then drop that into a BinaryKey */
281	feeKey = rawCssmKeyToFee(mKey);
282	FEEBinaryKey *feeBinKey = new FEEBinaryKey(feeKey);
283	*binKey = feeBinKey;
284	}
285
286	/*
287	* Obtain key size in bits.
288	* Currently only raw public keys are dealt with (they're the ones
289	* which come from certs, the only current use for this function).
290	* Note that if we need to handle ref keys, we'll need a session ref...
291	*/
292	void CryptKit::FEEKeyInfoProvider::QueryKeySizeInBits(
293	CSSM_KEY_SIZE &keySize)
294	{
295	feePubKey feeKey = NULL;
296
297	if(mKey.blobType() != CSSM_KEYBLOB_RAW) {
298	CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_FORMAT);
299	}
300	feeKey = rawCssmKeyToFee(mKey);
301	keySize.LogicalKeySizeInBits = feePubKeyBitsize(feeKey);
302	keySize.EffectiveKeySizeInBits = keySize.LogicalKeySizeInBits;
303	feePubKeyFree(feeKey);
304	}
305
306	#endif /* CRYPTKIT_CSP_ENABLE */