[apple/security.git] / OSX / libsecurity_apple_cspdl / lib / SSContext.cpp

/*
 * Copyright (c) 2000-2001,2011-2012,2014 Apple Inc. All Rights Reserved.
 * 
 * The contents of this file constitute Original Code as defined in and are
 * subject to the Apple Public Source License Version 1.2 (the 'License').
 * You may not use this file except in compliance with the License. Please obtain
 * a copy of the License at http://www.apple.com/publicsource and read it before
 * using this file.
 * 
 * This Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
 * specific language governing rights and limitations under the License.
 */


//
// SSContext - cryptographic contexts for the security server
//
#include "SSContext.h"

#include "SSCSPSession.h"
#include "SSKey.h"
#include <security_utilities/debugging.h>

#define ssCryptDebug(args...)  secinfo("ssCrypt", ## args)

using namespace SecurityServer;

//
// SSContext
//
SSContext::SSContext(SSCSPSession &session)
: mSession(session), mContext(NULL)
{
}

void SSContext::clearOutBuf()
{
	if(mOutBuf.Data) {
		mSession.free(mOutBuf.Data);
		mOutBuf.clear();
	}
}

void SSContext::copyOutBuf(CssmData &out)
{
	if(out.length() < mOutBuf.length()) {
		CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR);
	}
	memmove(out.Data, mOutBuf.Data, mOutBuf.Length);
	out.Length = mOutBuf.Length;
	clearOutBuf();
}

void
SSContext::init(const Context &context,
				bool /* encoding */) // @@@ should be removed from API since it's already in mDirection
{
	mContext = &context;
	clearOutBuf();
}

SecurityServer::ClientSession &
SSContext::clientSession()
{
	return mSession.clientSession();
}


//
// SSRandomContext -- Context for GenerateRandom operations
//
SSRandomContext::SSRandomContext(SSCSPSession &session) : SSContext(session) {}

void
SSRandomContext::init(const Context &context, bool encoding)
{
	SSContext::init(context, encoding);

	// set/freeze output size
	mOutSize = context.getInt(CSSM_ATTRIBUTE_OUTPUT_SIZE, CSSMERR_CSP_MISSING_ATTR_OUTPUT_SIZE);

#if 0
	// seed the PRNG (if specified)
	if (const CssmCryptoData *seed = context.get<CssmCryptoData>(CSSM_ATTRIBUTE_SEED)) {
		const CssmData &seedValue = (*seed)();
		clientSession().seedRandom(seedValue);
	}
#endif
}

size_t 
SSRandomContext::outputSize(bool final, size_t inSize)
{
	return mOutSize;
}

void
SSRandomContext::final(CssmData &out)
{
	clientSession().generateRandom(*mContext, out);
}


// signature contexts
SSSignatureContext::SSSignatureContext(SSCSPSession &session) 
	: SSContext(session),
		mKeyHandle(noKey),
		mNullDigest(NULL),
		mDigest(NULL)
{
	/* nothing else for now */
}

SSSignatureContext::~SSSignatureContext()
{
	delete mNullDigest;
	delete mDigest;
}

void SSSignatureContext::init(const Context &context, bool signing)
{
	SSContext::init(context, signing);

	/* reusable: skip everything except resetting digest state */
	if((mNullDigest != NULL) || (mDigest != NULL)) {
		if(mNullDigest != NULL) {
			mNullDigest->digestInit();
		}
		return;
	}
	
	/* snag key from context */
 	const CssmKey &keyInContext =
		context.get<const CssmKey>(CSSM_ATTRIBUTE_KEY,
								   CSSMERR_CSP_MISSING_ATTR_KEY);
	mKeyHandle = mSession.lookupKey(keyInContext).keyHandle();
	
	/* get digest alg and sig alg from Context.algorithm */
	switch(context.algorithm()) {
		/*** DSA ***/
		case CSSM_ALGID_SHA1WithDSA:
			mDigestAlg = CSSM_ALGID_SHA1;
			mSigAlg = CSSM_ALGID_DSA;
			break;
		case CSSM_ALGID_DSA:				// Raw
			mDigestAlg = CSSM_ALGID_NONE;
			mSigAlg = CSSM_ALGID_DSA;
			break;
		/*** RSA ***/
		case CSSM_ALGID_SHA1WithRSA:
			mDigestAlg = CSSM_ALGID_SHA1;
			mSigAlg = CSSM_ALGID_RSA;
			break;
		case CSSM_ALGID_MD5WithRSA:
			mDigestAlg = CSSM_ALGID_MD5;
			mSigAlg = CSSM_ALGID_RSA;
			break;
		case CSSM_ALGID_MD2WithRSA:
			mDigestAlg = CSSM_ALGID_MD2;
			mSigAlg = CSSM_ALGID_RSA;
			break;
		case CSSM_ALGID_SHA256WithRSA:
			mDigestAlg = CSSM_ALGID_SHA256;
			mSigAlg = CSSM_ALGID_RSA;
			break;
		case CSSM_ALGID_SHA224WithRSA:
			mDigestAlg = CSSM_ALGID_SHA224;
			mSigAlg = CSSM_ALGID_RSA;
			break;
		case CSSM_ALGID_SHA384WithRSA:
			mDigestAlg = CSSM_ALGID_SHA384;
			mSigAlg = CSSM_ALGID_RSA;
			break;
		case CSSM_ALGID_SHA512WithRSA:
			mDigestAlg = CSSM_ALGID_SHA512;
			mSigAlg = CSSM_ALGID_RSA;
			break;
		case CSSM_ALGID_RSA:				// Raw
			mDigestAlg = CSSM_ALGID_NONE;
			mSigAlg = CSSM_ALGID_RSA;
			break;
		/*** FEE ***/
		case CSSM_ALGID_FEE_SHA1:
			mDigestAlg = CSSM_ALGID_SHA1;
			mSigAlg = CSSM_ALGID_FEE;
			break;
		case CSSM_ALGID_FEE_MD5:
			mDigestAlg = CSSM_ALGID_MD5;
			mSigAlg = CSSM_ALGID_FEE;
			break;
		case CSSM_ALGID_FEE:				// Raw
			mDigestAlg = CSSM_ALGID_NONE;
			mSigAlg = CSSM_ALGID_FEE;
			break;
		/*** ECDSA ***/
		case CSSM_ALGID_SHA1WithECDSA:
			mDigestAlg = CSSM_ALGID_SHA1;
			mSigAlg = CSSM_ALGID_ECDSA;
			break;
		case CSSM_ALGID_SHA224WithECDSA:
			mDigestAlg = CSSM_ALGID_SHA224;
			mSigAlg = CSSM_ALGID_ECDSA;
			break;
		case CSSM_ALGID_SHA256WithECDSA:
			mDigestAlg = CSSM_ALGID_SHA256;
			mSigAlg = CSSM_ALGID_ECDSA;
			break;
		case CSSM_ALGID_SHA384WithECDSA:
			mDigestAlg = CSSM_ALGID_SHA384;
			mSigAlg = CSSM_ALGID_ECDSA;
			break;
		case CSSM_ALGID_SHA512WithECDSA:
			mDigestAlg = CSSM_ALGID_SHA512;
			mSigAlg = CSSM_ALGID_ECDSA;
			break;
		case CSSM_ALGID_ECDSA:				// Raw
			mDigestAlg = CSSM_ALGID_NONE;
			mSigAlg = CSSM_ALGID_ECDSA;
			break;
		default:
			CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
	}
		
	/* set up mNullDigest or mDigest */
	if(mDigestAlg == CSSM_ALGID_NONE) {
		mNullDigest = new NullDigest();
	}
	else {
		mDigest = new CssmClient::Digest(mSession.mRawCsp, mDigestAlg);
	}
}

/* 
 * for raw sign/verify - optionally called after init.
 * Note that in init (in this case), we set mDigestAlg to ALGID_NONE and set up
Commit	Line	Data
b1ab9ed8	1	/*
d8f41ccd	2	* Copyright (c) 2000-2001,2011-2012,2014 Apple Inc. All Rights Reserved.
b1ab9ed8 A	3	*
	4	* The contents of this file constitute Original Code as defined in and are
	5	* subject to the Apple Public Source License Version 1.2 (the 'License').
	6	* You may not use this file except in compliance with the License. Please obtain
	7	* a copy of the License at http://www.apple.com/publicsource and read it before
	8	* using this file.
	9	*
	10	* This Original Code and all software distributed under the License are
	11	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
	12	* OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
	13	* LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
	14	* PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
	15	* specific language governing rights and limitations under the License.
	16	*/
	17
	18
	19	//
	20	// SSContext - cryptographic contexts for the security server
	21	//
	22	#include "SSContext.h"
	23
	24	#include "SSCSPSession.h"
	25	#include "SSKey.h"
	26	#include <security_utilities/debugging.h>
	27
fa7225c8	28	#define ssCryptDebug(args...) secinfo("ssCrypt", ## args)
b1ab9ed8 A	29
	30	using namespace SecurityServer;
	31
	32	//
	33	// SSContext
	34	//
	35	SSContext::SSContext(SSCSPSession &session)
	36	: mSession(session), mContext(NULL)
	37	{
	38	}
	39
	40	void SSContext::clearOutBuf()
	41	{
	42	if(mOutBuf.Data) {
	43	mSession.free(mOutBuf.Data);
	44	mOutBuf.clear();
	45	}
	46	}
	47
	48	void SSContext::copyOutBuf(CssmData &out)
	49	{
	50	if(out.length() < mOutBuf.length()) {
	51	CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR);
	52	}
	53	memmove(out.Data, mOutBuf.Data, mOutBuf.Length);
	54	out.Length = mOutBuf.Length;
	55	clearOutBuf();
	56	}
	57
	58	void
	59	SSContext::init(const Context &context,
	60	bool /* encoding */) // @@@ should be removed from API since it's already in mDirection
	61	{
	62	mContext = &context;
	63	clearOutBuf();
	64	}
	65
	66	SecurityServer::ClientSession &
	67	SSContext::clientSession()
	68	{
	69	return mSession.clientSession();
	70	}
	71
	72
	73	//
	74	// SSRandomContext -- Context for GenerateRandom operations
	75	//
	76	SSRandomContext::SSRandomContext(SSCSPSession &session) : SSContext(session) {}
	77
	78	void
	79	SSRandomContext::init(const Context &context, bool encoding)
	80	{
	81	SSContext::init(context, encoding);
	82
	83	// set/freeze output size
	84	mOutSize = context.getInt(CSSM_ATTRIBUTE_OUTPUT_SIZE, CSSMERR_CSP_MISSING_ATTR_OUTPUT_SIZE);
	85
	86	#if 0
	87	// seed the PRNG (if specified)
	88	if (const CssmCryptoData *seed = context.get<CssmCryptoData>(CSSM_ATTRIBUTE_SEED)) {
	89	const CssmData &seedValue = (*seed)();
	90	clientSession().seedRandom(seedValue);
	91	}
	92	#endif
93	}
94
95	size_t
96	SSRandomContext::outputSize(bool final, size_t inSize)
97	{
98	return mOutSize;
99	}
100
101	void
102	SSRandomContext::final(CssmData &out)
103	{
104	clientSession().generateRandom(*mContext, out);
105	}
106
107
108	// signature contexts
109	SSSignatureContext::SSSignatureContext(SSCSPSession &session)
110	: SSContext(session),
111	mKeyHandle(noKey),
112	mNullDigest(NULL),
113	mDigest(NULL)
114	{
115	/* nothing else for now */
116	}
117
118	SSSignatureContext::~SSSignatureContext()
119	{
120	delete mNullDigest;
121	delete mDigest;
122	}
123
124	void SSSignatureContext::init(const Context &context, bool signing)
125	{
126	SSContext::init(context, signing);
127
128	/* reusable: skip everything except resetting digest state */
129	if((mNullDigest != NULL) \|\| (mDigest != NULL)) {
130	if(mNullDigest != NULL) {
131	mNullDigest->digestInit();
132	}
133	return;
134	}
135
136	/* snag key from context */
137	const CssmKey &keyInContext =
138	context.get<const CssmKey>(CSSM_ATTRIBUTE_KEY,
139	CSSMERR_CSP_MISSING_ATTR_KEY);
140	mKeyHandle = mSession.lookupKey(keyInContext).keyHandle();
141
142	/* get digest alg and sig alg from Context.algorithm */
143	switch(context.algorithm()) {
144	/* DSA */
145	case CSSM_ALGID_SHA1WithDSA:
146	mDigestAlg = CSSM_ALGID_SHA1;
147	mSigAlg = CSSM_ALGID_DSA;
148	break;
149	case CSSM_ALGID_DSA: // Raw
150	mDigestAlg = CSSM_ALGID_NONE;
151	mSigAlg = CSSM_ALGID_DSA;
152	break;
153	/* RSA */
154	case CSSM_ALGID_SHA1WithRSA:
155	mDigestAlg = CSSM_ALGID_SHA1;
156	mSigAlg = CSSM_ALGID_RSA;
157	break;
158	case CSSM_ALGID_MD5WithRSA:
159	mDigestAlg = CSSM_ALGID_MD5;
160	mSigAlg = CSSM_ALGID_RSA;
161	break;
162	case CSSM_ALGID_MD2WithRSA:
163	mDigestAlg = CSSM_ALGID_MD2;
164	mSigAlg = CSSM_ALGID_RSA;
165	break;
166	case CSSM_ALGID_SHA256WithRSA:
167	mDigestAlg = CSSM_ALGID_SHA256;
168	mSigAlg = CSSM_ALGID_RSA;
169	break;
170	case CSSM_ALGID_SHA224WithRSA:
171	mDigestAlg = CSSM_ALGID_SHA224;
172	mSigAlg = CSSM_ALGID_RSA;
173	break;
174	case CSSM_ALGID_SHA384WithRSA:
175	mDigestAlg = CSSM_ALGID_SHA384;
176	mSigAlg = CSSM_ALGID_RSA;
177	break;
178	case CSSM_ALGID_SHA512WithRSA:
179	mDigestAlg = CSSM_ALGID_SHA512;
180	mSigAlg = CSSM_ALGID_RSA;
181	break;
182	case CSSM_ALGID_RSA: // Raw
183	mDigestAlg = CSSM_ALGID_NONE;
184	mSigAlg = CSSM_ALGID_RSA;
185	break;
186	/* FEE */
187	case CSSM_ALGID_FEE_SHA1:
188	mDigestAlg = CSSM_ALGID_SHA1;
189	mSigAlg = CSSM_ALGID_FEE;
190	break;
191	case CSSM_ALGID_FEE_MD5:
192	mDigestAlg = CSSM_ALGID_MD5;
193	mSigAlg = CSSM_ALGID_FEE;
194	break;
195	case CSSM_ALGID_FEE: // Raw
196	mDigestAlg = CSSM_ALGID_NONE;
197	mSigAlg = CSSM_ALGID_FEE;
198	break;
199	/* ECDSA */
200	case CSSM_ALGID_SHA1WithECDSA:
201	mDigestAlg = CSSM_ALGID_SHA1;
202	mSigAlg = CSSM_ALGID_ECDSA;
203	break;
204	case CSSM_ALGID_SHA224WithECDSA:
205	mDigestAlg = CSSM_ALGID_SHA224;
206	mSigAlg = CSSM_ALGID_ECDSA;
207	break;
208	case CSSM_ALGID_SHA256WithECDSA:
209	mDigestAlg = CSSM_ALGID_SHA256;
210	mSigAlg = CSSM_ALGID_ECDSA;
211	break;
212	case CSSM_ALGID_SHA384WithECDSA:
213	mDigestAlg = CSSM_ALGID_SHA384;
214	mSigAlg = CSSM_ALGID_ECDSA;
215	break;
216	case CSSM_ALGID_SHA512WithECDSA:
217	mDigestAlg = CSSM_ALGID_SHA512;
218	mSigAlg = CSSM_ALGID_ECDSA;
219	break;
220	case CSSM_ALGID_ECDSA: // Raw
221	mDigestAlg = CSSM_ALGID_NONE;
222	mSigAlg = CSSM_ALGID_ECDSA;
223	break;
224	default:
225	CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
226	}
227
228	/* set up mNullDigest or mDigest */
229	if(mDigestAlg == CSSM_ALGID_NONE) {
230	mNullDigest = new NullDigest();
231	}
232	else {
233	mDigest = new CssmClient::Digest(mSession.mRawCsp, mDigestAlg);
234	}
235	}
236
237	/*
238	* for raw sign/verify - optionally called after init.
239	* Note that in init (in this case), we set mDigestAlg to ALGID_NONE and set up
240