[apple/security.git] / Security / libsecurity_sd_cspdl / lib / SDContext.cpp

/*
 * Copyright (c) 2004,2011-2012,2014 Apple Inc. All Rights Reserved.
 *
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */


//
// SDContext - cryptographic contexts for the security server
//
#include "SDContext.h"

#include "SDCSPSession.h"
#include "SDKey.h"
#include <security_utilities/debugging.h>

#define ssCryptDebug(args...)  secdebug("ssCrypt", ## args)

using namespace SecurityServer;

//
// SDContext
//
SDContext::SDContext(SDCSPSession &session)
: mSession(session), mContext(NULL)
{
}

void SDContext::clearOutBuf()
{
	if(mOutBuf.Data) {
		mSession.free(mOutBuf.Data);
		mOutBuf.clear();
	}
}

void SDContext::copyOutBuf(CssmData &out)
{
	if(out.length() < mOutBuf.length()) {
		CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR);
	}
	memmove(out.Data, mOutBuf.Data, mOutBuf.Length);
	out.Length = mOutBuf.Length;
	clearOutBuf();
}

void
SDContext::init(const Context &context,
				bool /* encoding */) // @@@ should be removed from API since it's already in mDirection
{
	mContext = &context;
	clearOutBuf();
}

SecurityServer::ClientSession &
SDContext::clientSession()
{
	return mSession.clientSession();
}


//
// SDRandomContext -- Context for GenerateRandom operations
//
SDRandomContext::SDRandomContext(SDCSPSession &session) : SDContext(session) {}

void
SDRandomContext::init(const Context &context, bool encoding)
{
	SDContext::init(context, encoding);

	// set/freeze output size
	mOutSize = context.getInt(CSSM_ATTRIBUTE_OUTPUT_SIZE, CSSMERR_CSP_MISSING_ATTR_OUTPUT_SIZE);

#if 0
	// seed the PRNG (if specified)
	if (const CssmCryptoData *seed = context.get<CssmCryptoData>(CSSM_ATTRIBUTE_SEED)) {
		const CssmData &seedValue = (*seed)();
		clientSession().seedRandom(seedValue);
	}
#endif
}

size_t 
SDRandomContext::outputSize(bool final, size_t inSize)
{
	return mOutSize;
}

void
SDRandomContext::final(CssmData &out)
{
	clientSession().generateRandom(*mContext, out);
}


// signature contexts
SDSignatureContext::SDSignatureContext(SDCSPSession &session) 
	: SDContext(session),
		mKeyHandle(noKey),
		mNullDigest(NULL),
		mDigest(NULL)
{
	/* nothing else for now */
}

SDSignatureContext::~SDSignatureContext()
{
	delete mNullDigest;
	delete mDigest;
}

void SDSignatureContext::init(const Context &context, bool signing)
{
	SDContext::init(context, signing);

	/* reusable: skip everything except resetting digest state */
	if((mNullDigest != NULL) || (mDigest != NULL)) {
		if(mNullDigest != NULL) {
			mNullDigest->digestInit();
		}
		return;
	}
	
	/* snag key from context */
 	const CssmKey &keyInContext =
		context.get<const CssmKey>(CSSM_ATTRIBUTE_KEY,
								   CSSMERR_CSP_MISSING_ATTR_KEY);
	mKeyHandle = mSession.lookupKey(keyInContext).keyHandle();
	
	/* get digest alg and sig alg from Context.algorithm */
	switch(context.algorithm()) {
		/*** DSA ***/
		case CSSM_ALGID_SHA1WithDSA:
			mDigestAlg = CSSM_ALGID_SHA1;
			mSigAlg = CSSM_ALGID_DSA;
			break;
		case CSSM_ALGID_DSA:				// Raw
			mDigestAlg = CSSM_ALGID_NONE;
			mSigAlg = CSSM_ALGID_DSA;
			break;
		/*** RSA ***/
		case CSSM_ALGID_SHA1WithRSA:
			mDigestAlg = CSSM_ALGID_SHA1;
			mSigAlg = CSSM_ALGID_RSA;
			break;
		case CSSM_ALGID_MD5WithRSA:
			mDigestAlg = CSSM_ALGID_MD5;
			mSigAlg = CSSM_ALGID_RSA;
			break;
		case CSSM_ALGID_MD2WithRSA:
			mDigestAlg = CSSM_ALGID_MD2;
			mSigAlg = CSSM_ALGID_RSA;
			break;
		case CSSM_ALGID_RSA:				// Raw
			mDigestAlg = CSSM_ALGID_NONE;
			mSigAlg = CSSM_ALGID_RSA;
			break;
		/*** FEE ***/
		case CSSM_ALGID_FEE_SHA1:
			mDigestAlg = CSSM_ALGID_SHA1;
			mSigAlg = CSSM_ALGID_FEE;
			break;
		case CSSM_ALGID_FEE_MD5:
			mDigestAlg = CSSM_ALGID_MD5;
			mSigAlg = CSSM_ALGID_FEE;
			break;
		case CSSM_ALGID_FEE:				// Raw
			mDigestAlg = CSSM_ALGID_NONE;
			mSigAlg = CSSM_ALGID_FEE;
			break;
		/*** ECDSA ***/
		case CSSM_ALGID_SHA1WithECDSA:
			mDigestAlg = CSSM_ALGID_SHA1;
			mSigAlg = CSSM_ALGID_ECDSA;
			break;
		case CSSM_ALGID_SHA224WithECDSA:
			mDigestAlg = CSSM_ALGID_SHA224;
			mSigAlg = CSSM_ALGID_ECDSA;
			break;
		case CSSM_ALGID_SHA256WithECDSA:
			mDigestAlg = CSSM_ALGID_SHA256;
			mSigAlg = CSSM_ALGID_ECDSA;
			break;
		case CSSM_ALGID_SHA384WithECDSA:
			mDigestAlg = CSSM_ALGID_SHA384;
			mSigAlg = CSSM_ALGID_ECDSA;
			break;
		case CSSM_ALGID_SHA512WithECDSA:
			mDigestAlg = CSSM_ALGID_SHA512;
			mSigAlg = CSSM_ALGID_ECDSA;
			break;
		case CSSM_ALGID_ECDSA:				// Raw
			mDigestAlg = CSSM_ALGID_NONE;
			mSigAlg = CSSM_ALGID_ECDSA;
			break;
		default:
			CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
	}
		
	/* set up mNullDigest or mDigest */
	if(mDigestAlg == CSSM_ALGID_NONE) {
		mNullDigest = new NullDigest();
	}
	else {
		mDigest = new CssmClient::Digest(mSession.mRawCsp, mDigestAlg);
	}
}

/* 
 * for raw sign/verify - optionally called after init.
 * Note that in init (in this case), we set mDigestAlg to ALGID_NONE and set up
Commit	Line	Data
b1ab9ed8	1	/*
d8f41ccd	2	* Copyright (c) 2004,2011-2012,2014 Apple Inc. All Rights Reserved.
b1ab9ed8 A	3	*
	4	* @APPLE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
	12	*
	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
	20	*
	21	* @APPLE_LICENSE_HEADER_END@
	22	*/
	23
	24
	25	//
	26	// SDContext - cryptographic contexts for the security server
	27	//
	28	#include "SDContext.h"
	29
	30	#include "SDCSPSession.h"
	31	#include "SDKey.h"
	32	#include <security_utilities/debugging.h>
	33
	34	#define ssCryptDebug(args...) secdebug("ssCrypt", ## args)
	35
	36	using namespace SecurityServer;
	37
	38	//
	39	// SDContext
	40	//
	41	SDContext::SDContext(SDCSPSession &session)
	42	: mSession(session), mContext(NULL)
	43	{
	44	}
	45
	46	void SDContext::clearOutBuf()
	47	{
	48	if(mOutBuf.Data) {
	49	mSession.free(mOutBuf.Data);
	50	mOutBuf.clear();
	51	}
	52	}
	53
	54	void SDContext::copyOutBuf(CssmData &out)
	55	{
	56	if(out.length() < mOutBuf.length()) {
	57	CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR);
	58	}
	59	memmove(out.Data, mOutBuf.Data, mOutBuf.Length);
	60	out.Length = mOutBuf.Length;
	61	clearOutBuf();
	62	}
	63
	64	void
	65	SDContext::init(const Context &context,
	66	bool /* encoding */) // @@@ should be removed from API since it's already in mDirection
67	{
68	mContext = &context;
69	clearOutBuf();
70	}
71
72	SecurityServer::ClientSession &
73	SDContext::clientSession()
74	{
75	return mSession.clientSession();
76	}
77
78
79	//
80	// SDRandomContext -- Context for GenerateRandom operations
81	//
82	SDRandomContext::SDRandomContext(SDCSPSession &session) : SDContext(session) {}
83
84	void
85	SDRandomContext::init(const Context &context, bool encoding)
86	{
87	SDContext::init(context, encoding);
88
89	// set/freeze output size
90	mOutSize = context.getInt(CSSM_ATTRIBUTE_OUTPUT_SIZE, CSSMERR_CSP_MISSING_ATTR_OUTPUT_SIZE);
91
92	#if 0
93	// seed the PRNG (if specified)
94	if (const CssmCryptoData *seed = context.get<CssmCryptoData>(CSSM_ATTRIBUTE_SEED)) {
95	const CssmData &seedValue = (*seed)();
96	clientSession().seedRandom(seedValue);
97	}
98	#endif
99	}
100
101	size_t
102	SDRandomContext::outputSize(bool final, size_t inSize)
103	{
104	return mOutSize;
105	}
106
107	void
108	SDRandomContext::final(CssmData &out)
109	{
110	clientSession().generateRandom(*mContext, out);
111	}
112
113
114	// signature contexts
115	SDSignatureContext::SDSignatureContext(SDCSPSession &session)
116	: SDContext(session),
117	mKeyHandle(noKey),
118	mNullDigest(NULL),
119	mDigest(NULL)
120	{
121	/* nothing else for now */
122	}
123
124	SDSignatureContext::~SDSignatureContext()
125	{
126	delete mNullDigest;
127	delete mDigest;
128	}
129
130	void SDSignatureContext::init(const Context &context, bool signing)
131	{
132	SDContext::init(context, signing);
133
134	/* reusable: skip everything except resetting digest state */
135	if((mNullDigest != NULL) \|\| (mDigest != NULL)) {
136	if(mNullDigest != NULL) {
137	mNullDigest->digestInit();
138	}
139	return;
140	}
141
142	/* snag key from context */
143	const CssmKey &keyInContext =
144	context.get<const CssmKey>(CSSM_ATTRIBUTE_KEY,
145	CSSMERR_CSP_MISSING_ATTR_KEY);
146	mKeyHandle = mSession.lookupKey(keyInContext).keyHandle();
147
148	/* get digest alg and sig alg from Context.algorithm */
149	switch(context.algorithm()) {
150	/* DSA */
151	case CSSM_ALGID_SHA1WithDSA:
152	mDigestAlg = CSSM_ALGID_SHA1;
153	mSigAlg = CSSM_ALGID_DSA;
154	break;
155	case CSSM_ALGID_DSA: // Raw
156	mDigestAlg = CSSM_ALGID_NONE;
157	mSigAlg = CSSM_ALGID_DSA;
158	break;
159	/* RSA */
160	case CSSM_ALGID_SHA1WithRSA:
161	mDigestAlg = CSSM_ALGID_SHA1;
162	mSigAlg = CSSM_ALGID_RSA;
163	break;
164	case CSSM_ALGID_MD5WithRSA:
165	mDigestAlg = CSSM_ALGID_MD5;
166	mSigAlg = CSSM_ALGID_RSA;
167	break;
168	case CSSM_ALGID_MD2WithRSA:
169	mDigestAlg = CSSM_ALGID_MD2;
170	mSigAlg = CSSM_ALGID_RSA;
171	break;
172	case CSSM_ALGID_RSA: // Raw
173	mDigestAlg = CSSM_ALGID_NONE;
174	mSigAlg = CSSM_ALGID_RSA;
175	break;
176	/* FEE */
177	case CSSM_ALGID_FEE_SHA1:
178	mDigestAlg = CSSM_ALGID_SHA1;
179	mSigAlg = CSSM_ALGID_FEE;
180	break;
181	case CSSM_ALGID_FEE_MD5:
182	mDigestAlg = CSSM_ALGID_MD5;
183	mSigAlg = CSSM_ALGID_FEE;
184	break;
185	case CSSM_ALGID_FEE: // Raw
186	mDigestAlg = CSSM_ALGID_NONE;
187	mSigAlg = CSSM_ALGID_FEE;
188	break;
189	/* ECDSA */
190	case CSSM_ALGID_SHA1WithECDSA:
191	mDigestAlg = CSSM_ALGID_SHA1;
192	mSigAlg = CSSM_ALGID_ECDSA;
193	break;
194	case CSSM_ALGID_SHA224WithECDSA:
195	mDigestAlg = CSSM_ALGID_SHA224;
196	mSigAlg = CSSM_ALGID_ECDSA;
197	break;
198	case CSSM_ALGID_SHA256WithECDSA:
199	mDigestAlg = CSSM_ALGID_SHA256;
200	mSigAlg = CSSM_ALGID_ECDSA;
201	break;
202	case CSSM_ALGID_SHA384WithECDSA:
203	mDigestAlg = CSSM_ALGID_SHA384;
204	mSigAlg = CSSM_ALGID_ECDSA;
205	break;
206	case CSSM_ALGID_SHA512WithECDSA:
207	mDigestAlg = CSSM_ALGID_SHA512;
208	mSigAlg = CSSM_ALGID_ECDSA;
209	break;
210	case CSSM_ALGID_ECDSA: // Raw
211	mDigestAlg = CSSM_ALGID_NONE;
212	mSigAlg = CSSM_ALGID_ECDSA;
213	break;
214	default:
215	CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
216	}
217
218	/* set up mNullDigest or mDigest */
219	if(mDigestAlg == CSSM_ALGID_NONE) {
220	mNullDigest = new NullDigest();
221	}
222	else {
223	mDigest = new CssmClient::Digest(mSession.mRawCsp, mDigestAlg);
224	}
225	}
226
227	/*
228	* for raw sign/verify - optionally called after init.
229	* Note that in init (in this case), we set mDigestAlg to ALGID_NONE and set up
230