]> git.saurik.com Git - apple/security.git/blame - OSX/sec/Security/SecECKey.m
projects / apple / security.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Security-59754.80.3.tar.gz
[apple/security.git] / OSX / sec / Security / SecECKey.m
CommitLineData
b1ab9ed8 1/*
5c19dc3a 2 * Copyright (c) 2010-2015 Apple Inc. All Rights Reserved.
b1ab9ed8
A		 3 *
4 * @APPLE_LICENSE_HEADER_START@
5c19dc3a 5 *
b1ab9ed8
A		 6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
5c19dc3a 12 *
b1ab9ed8
A		 13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
5c19dc3a 20 *
b1ab9ed8
A		 21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24/*
79b9da22 25 * SecECKey.m - CoreFoundation based ECDSA key object
b1ab9ed8
A		 26 */
27
28#include "SecECKey.h"
d8f41ccd 29#include "SecECKeyPriv.h"
b1ab9ed8 30
79b9da22
A		 31#import <Foundation/Foundation.h>
32
b1ab9ed8
A		 33#include <Security/SecKeyInternal.h>
34#include <Security/SecItem.h>
35#include <Security/SecBasePriv.h>
36#include <AssertMacros.h>
37#include <Security/SecureTransport.h> /* For error codes. */
38#include <CoreFoundation/CFData.h> /* For error codes. */
b1ab9ed8
A		 39#include <CoreFoundation/CFNumber.h>
40#include <Security/SecFramework.h>
41#include <Security/SecRandom.h>
427c49bc 42#include <utilities/debugging.h>
b54c578e 43#include <Security/SecItemPriv.h>
b1ab9ed8 44#include <Security/SecInternal.h>
d8f41ccd
A		 45#include <utilities/SecCFError.h>
46#include <utilities/SecCFWrappers.h>
fa7225c8 47#include <utilities/array_size.h>
b1ab9ed8
A		 48#include <corecrypto/ccec.h>
49#include <corecrypto/ccsha1.h>
50#include <corecrypto/ccsha2.h>
51#include <corecrypto/ccrng.h>
427c49bc 52#include <corecrypto/ccder_decode_eckey.h>
b1ab9ed8
A		 53
54#define kMaximumECKeySize 521
55
56static CFIndex SecECKeyGetAlgorithmID(SecKeyRef key) {
57 return kSecECDSAAlgorithmID;
58}
59
60
b1ab9ed8
A		 61/*
62 *
63 * Public Key
64 *
65 */
66
67/* Public key static functions. */
68static void SecECPublicKeyDestroy(SecKeyRef key) {
69 /* Zero out the public key */
866f8763
A		 70 ccec_pub_ctx_t pubkey = key->key;
71 if (ccec_ctx_cp(pubkey))
72 cc_clear(ccec_pub_ctx_size(ccn_sizeof_n(ccec_ctx_n(pubkey))), pubkey);
b1ab9ed8
A		 73}
74
427c49bc 75static ccec_const_cp_t getCPForPublicSize(CFIndex encoded_length)
b1ab9ed8 76{
427c49bc
A		 77 size_t keysize = ccec_x963_import_pub_size(encoded_length);
78 if(ccec_keysize_is_supported(keysize)) {
79 return ccec_get_cp(keysize);
b1ab9ed8 80 }
866f8763 81 return NULL;
b1ab9ed8 82}
427c49bc
A		 83
84static ccec_const_cp_t getCPForPrivateSize(CFIndex encoded_length)
b1ab9ed8 85{
427c49bc
A		 86 size_t keysize = ccec_x963_import_priv_size(encoded_length);
87 if(ccec_keysize_is_supported(keysize)) {
88 return ccec_get_cp(keysize);
b1ab9ed8 89 }
866f8763 90 return NULL;
b1ab9ed8
A		 91}
92
427c49bc
A		 93static ccoid_t ccoid_secp192r1 = CC_EC_OID_SECP192R1;
94static ccoid_t ccoid_secp256r1 = CC_EC_OID_SECP256R1;
95static ccoid_t ccoid_secp224r1 = CC_EC_OID_SECP224R1;
96static ccoid_t ccoid_secp384r1 = CC_EC_OID_SECP384R1;
97static ccoid_t ccoid_secp521r1 = CC_EC_OID_SECP521R1;
98
d64be36e
A		 99// <rdar://problem/66864716> OID_CERTICOM is wrong
100static ccoid_t ccoid_libder_secp384r1 = ((unsigned char *)"\x06\x04\x2B\x84\x00\x22");
101static ccoid_t ccoid_libder_secp521r1 = ((unsigned char *)"\x06\x04\x2B\x84\x00\x23");
102
fa7225c8 103static ccec_const_cp_t ccec_cp_for_oid(const unsigned char *oid)
b1ab9ed8 104{
fa7225c8 105 if (oid!=NULL) {
427c49bc
A		 106 if (ccoid_equal(oid, ccoid_secp192r1)) {
107 return ccec_cp_192();
108 } else if (ccoid_equal(oid, ccoid_secp256r1)) {
109 return ccec_cp_256();
110 } else if (ccoid_equal(oid, ccoid_secp224r1)) {
111 return ccec_cp_224();
d64be36e 112 } else if (ccoid_equal(oid, ccoid_secp384r1) || ccoid_equal(oid, ccoid_libder_secp384r1)) {
427c49bc 113 return ccec_cp_384();
d64be36e 114 } else if (ccoid_equal(oid, ccoid_secp521r1) || ccoid_equal(oid, ccoid_libder_secp521r1)) {
427c49bc 115 return ccec_cp_521();
b1ab9ed8
A		 116 }
117 }
427c49bc 118 return (ccec_const_cp_t){NULL};
b1ab9ed8
A		 119}
120
121static OSStatus SecECPublicKeyInit(SecKeyRef key,
122 const uint8_t *keyData, CFIndex keyDataLength, SecKeyEncoding encoding) {
866f8763 123 ccec_pub_ctx_t pubkey = key->key;
b1ab9ed8
A		 124 OSStatus err = errSecParam;
125
126 switch (encoding) {
127 case kSecDERKeyEncoding:
128 {
129 const SecDERKey *derKey = (const SecDERKey *)keyData;
130 if (keyDataLength != sizeof(SecDERKey)) {
131 err = errSecDecode;
132 break;
133 }
134
d64be36e
A		 135 require_action_quiet(derKey->parameters && derKey->parametersLength > 2 &&
136 derKey->parameters[1] <= derKey->parametersLength - 2, errOut, err = errSecDecode);
137 ccec_const_cp_t cp = ccec_cp_for_oid(derKey->parameters);
866f8763 138 require_action_quiet(cp, errOut, err = errSecDecode);
b1ab9ed8 139
b1ab9ed8
A		 140 err = (ccec_import_pub(cp, derKey->keyLength, derKey->key, pubkey)
141 ? errSecDecode : errSecSuccess);
142 break;
143 }
144 case kSecKeyEncodingBytes:
145 {
146 ccec_const_cp_t cp = getCPForPublicSize(keyDataLength);
866f8763 147 require_action_quiet(cp, errOut, err = errSecDecode);
b1ab9ed8
A		 148 err = (ccec_import_pub(cp, keyDataLength, keyData, pubkey)
149 ? errSecDecode : errSecSuccess);
150 break;
151 }
152 case kSecExtractPublicFromPrivate:
153 {
866f8763 154 ccec_full_ctx_t fullKey = (ccec_full_ctx_t)keyData;
b1ab9ed8
A		 155
156 cc_size fullKeyN = ccec_ctx_n(fullKey);
fa7225c8 157 require_quiet(fullKeyN <= ccn_nof(kMaximumECKeySize), errOut);
866f8763 158 memcpy(pubkey, fullKey, ccec_pub_ctx_size(ccn_sizeof_n(fullKeyN)));
b1ab9ed8
A		 159 err = errSecSuccess;
160 break;
161 }
162 case kSecKeyEncodingApplePkcs1:
163 default:
164 err = errSecParam;
165 break;
166 }
167
168errOut:
169 return err;
170}
171
fa7225c8
A		 172static CFTypeRef SecECPublicKeyCopyOperationResult(SecKeyRef key, SecKeyOperationType operation, SecKeyAlgorithm algorithm,
173 CFArrayRef algorithms, SecKeyOperationMode mode,
174 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
b54c578e
A		 175 if (operation != kSecKeyOperationTypeVerify || !CFEqual(algorithm, kSecKeyAlgorithmECDSASignatureDigestX962)) {
176 // EC public key supports only signature verification with X962 algorithm.
fa7225c8
A		 177 return kCFNull;
178 }
179
b54c578e
A		 180 if (mode == kSecKeyOperationModePerform) {
181 bool valid = false;
182 int err = -1;
183 size_t sigLen = CFDataGetLength(in2);
184 uint8_t *sig = (uint8_t *)CFDataGetBytePtr(in2);
185 ccec_pub_ctx_t pubkey = key->key;
fa7225c8 186
b54c578e
A		 187 err = ccec_verify(pubkey, CFDataGetLength(in1), CFDataGetBytePtr(in1), sigLen, sig, &valid);
188 if (err != 0) {
189 SecError(errSecVerifyFailed, error, CFSTR("EC signature verification failed (ccerr %d)"), err);
190 return NULL;
191 } else if (!valid) {
192 SecError(errSecVerifyFailed, error, CFSTR("EC signature verification failed, no match"));
193 return NULL;
fa7225c8 194 } else {
fa7225c8
A		 195 return kCFBooleanTrue;
196 }
197 } else {
b54c578e
A		 198 // Algorithm is supported.
199 return kCFBooleanTrue;
5c19dc3a 200 }
b1ab9ed8
A		 201}
202
203static size_t SecECPublicKeyBlockSize(SecKeyRef key) {
204 /* Get key size in octets */
866f8763 205 return ccec_ctx_size(ccec_ctx_pub(key->key));
b1ab9ed8
A		 206}
207
208/* Encode the public key and return it in a newly allocated CFDataRef. */
209static CFDataRef SecECPublicKeyExport(CFAllocatorRef allocator,
210 ccec_pub_ctx_t pubkey) {
211 size_t pub_size = ccec_export_pub_size(pubkey);
fa7225c8
A		 212 CFMutableDataRef blob = CFDataCreateMutableWithScratch(allocator, pub_size);
213 ccec_export_pub(pubkey, CFDataGetMutableBytePtr(blob));
b1ab9ed8
A		 214 return blob;
215}
216
fa7225c8 217static CFDataRef SecECPublicKeyCopyExternalRepresentation(SecKeyRef key, CFErrorRef *error) {
866f8763 218 ccec_pub_ctx_t pubkey = key->key;
fa7225c8
A		 219 return SecECPublicKeyExport(NULL, pubkey);
220}
221
b1ab9ed8
A		 222static OSStatus SecECPublicKeyCopyPublicOctets(SecKeyRef key, CFDataRef *serailziation)
223{
866f8763 224 ccec_pub_ctx_t pubkey = key->key;
b1ab9ed8
A		 225
226 CFAllocatorRef allocator = CFGetAllocator(key);
227 *serailziation = SecECPublicKeyExport(allocator, pubkey);
228
229 if (NULL == *serailziation)
230 return errSecDecode;
231 else
232 return errSecSuccess;
233}
234
235static CFDictionaryRef SecECPublicKeyCopyAttributeDictionary(SecKeyRef key) {
fa7225c8
A		 236 CFDictionaryRef dict = SecKeyGeneratePublicAttributeDictionary(key, kSecAttrKeyTypeEC);
237 CFMutableDictionaryRef mutableDict = CFDictionaryCreateMutableCopy(NULL, 0, dict);
238 CFDictionarySetValue(mutableDict, kSecAttrCanDerive, kCFBooleanFalse);
239 CFAssignRetained(dict, mutableDict);
240 return dict;
b1ab9ed8
A		 241}
242
d8f41ccd
A		 243static const char *
244getCurveName(SecKeyRef key)
245{
246 SecECNamedCurve curveType = SecECKeyGetNamedCurve(key);
247
248 switch (curveType)
249 {
250 case kSecECCurveSecp256r1:
251 return "kSecECCurveSecp256r1";
252 break;
253 case kSecECCurveSecp384r1:
254 return "kSecECCurveSecp384r1";
255 break;
256 case kSecECCurveSecp521r1:
257 return "kSecECCurveSecp521r1";
258 default:
259 return "kSecECCurveNone";
260 }
261}
262
427c49bc
A		 263static CFStringRef SecECPublicKeyCopyKeyDescription(SecKeyRef key)
264{
79b9da22 265 NSMutableString *strings[2];
d8f41ccd 266 const char* curve = getCurveName(key);
427c49bc 267
866f8763 268 ccec_pub_ctx_t ecPubkey = key->key;
fa7225c8 269 size_t len = ccec_ctx_size(ecPubkey);
79b9da22 270 NSMutableData *buffer = [NSMutableData dataWithLength:len];
fa7225c8 271 for (int i = 0; i < 2; ++i) {
79b9da22
A		 272 ccn_write_uint(ccec_ctx_n(ecPubkey), (i == 0) ? ccec_ctx_x(ecPubkey) : ccec_ctx_y(ecPubkey), len, buffer.mutableBytes);
273 strings[i] = [NSMutableString stringWithCapacity:len * 2];
fa7225c8 274 for (size_t byteIndex = 0; byteIndex < len; ++byteIndex) {
79b9da22 275 [strings[i] appendFormat:@"%02X", ((const uint8_t *)buffer.bytes)[byteIndex]];
fa7225c8 276 }
427c49bc 277 }
d8f41ccd 278
79b9da22
A		 279 NSString *description = [NSString stringWithFormat:@"<SecKeyRef curve type: %s, algorithm id: %lu, key type: %s, version: %d, block size: %zu bits, y: %@, x: %@, addr: %p>",
280 curve, (long)SecKeyGetAlgorithmId(key), key->key_class->name, key->key_class->version,
281 8 * SecKeyGetBlockSize(key), strings[1], strings[0], key];
282 return CFBridgingRetain(description);
427c49bc
A		 283}
284
d8f41ccd
A		 285static const struct ccec_rfc6637_curve * get_rfc6637_curve(SecKeyRef key)
286{
287 SecECNamedCurve curveType = SecECKeyGetNamedCurve(key);
288
289 if (curveType == kSecECCurveSecp256r1) {
290 return &ccec_rfc6637_dh_curve_p256;
291 } else if (curveType == kSecECCurveSecp521r1) {
292 return &ccec_rfc6637_dh_curve_p521;
293 }
294 return NULL;
295}
296
297static CFDataRef SecECKeyCopyWrapKey(SecKeyRef key, SecKeyWrapType type, CFDataRef unwrappedKey, CFDictionaryRef parameters, CFDictionaryRef *outParam, CFErrorRef *error)
298{
866f8763 299 ccec_pub_ctx_t pubkey = key->key;
d8f41ccd
A		 300 int err = errSecUnimplemented;
301 const struct ccec_rfc6637_curve *curve;
302 const struct ccec_rfc6637_wrap *wrap = NULL;
303 uint8_t sym_alg = 0;
fa7225c8 304 int32_t flags = 0;
d8f41ccd 305
d8f41ccd
A		 306 if (type != kSecKeyWrapPublicKeyPGP) {
307 SecError(errSecUnsupportedOperation, error, CFSTR("unsupported key wrapping algorithm"));
308 return NULL;
309 }
310
311 curve = get_rfc6637_curve(key);
312 if (curve == NULL) {
313 SecError(errSecUnsupportedOperation, error, CFSTR("unsupported curve"));
314 return NULL;
315 }
316
317 CFNumberRef num = CFDictionaryGetValue(parameters, _kSecKeyWrapPGPSymAlg);
318 if (!isNumber(num) || !CFNumberGetValue(num, kCFNumberSInt8Type, &sym_alg)) {
319 SecError(errSecUnsupportedOperation, error, CFSTR("unknown symalg given"));
320 return NULL;
321 }
322
323 CFDataRef fingerprint = CFDictionaryGetValue(parameters, _kSecKeyWrapPGPFingerprint);
324 if (!isData(fingerprint) || CFDataGetLength(fingerprint) < kSecKeyWrapPGPFingerprintMinSize) {
325 SecError(errSecUnsupportedOperation, error, CFSTR("invalid fingerprint"));
326 return NULL;
327 }
328
329 CFTypeRef wrapAlg = CFDictionaryGetValue(parameters, _kSecKeyWrapPGPWrapAlg);
330 if (wrapAlg == NULL) {
331 SecError(errSecUnsupportedOperation, error, CFSTR("no wrap alg"));
332 return NULL;
333 } else if (CFEqual(wrapAlg, _kSecKeyWrapRFC6637WrapDigestSHA256KekAES128)) {
334 wrap = &ccec_rfc6637_wrap_sha256_kek_aes128;
335 } else if (CFEqual(wrapAlg, _kSecKeyWrapRFC6637WrapDigestSHA512KekAES256)) {
336 wrap = &ccec_rfc6637_wrap_sha512_kek_aes256;
337 } else {
338 SecError(errSecUnsupportedOperation, error, CFSTR("unknown wrap alg"));
339 return NULL;
340 }
341
342 num = CFDictionaryGetValue(parameters, _kSecKeyWrapRFC6637Flags);
fa7225c8 343 if (isNumber(num)) {
6b200bc3 344 if (!CFNumberGetValue(num, kCFNumberSInt32Type, &flags)) {
d8f41ccd
A		 345 SecError(errSecUnsupportedOperation, error, CFSTR("invalid flags: %@"), num);
346 return NULL;
347 }
348 } else if (num) {
349 SecError(errSecUnsupportedOperation, error, CFSTR("unknown flags"));
350 return NULL;
351 }
352
353 CFIndex unwrappedKey_size = CFDataGetLength(unwrappedKey);
354
355 CFIndex output_size = ccec_rfc6637_wrap_key_size(pubkey, flags, unwrappedKey_size);
356 if (output_size == 0) {
357 SecError(errSecUnsupportedOperation, error, CFSTR("can't wrap that key, can't build size"));
358 return NULL;
359 }
360
361 CFMutableDataRef data = CFDataCreateMutableWithScratch(NULL, output_size);
fa7225c8 362 require_quiet(data, errOut);
d8f41ccd
A		 363
364 err = ccec_rfc6637_wrap_key(pubkey, CFDataGetMutableBytePtr(data), flags,
365 sym_alg, CFDataGetLength(unwrappedKey), CFDataGetBytePtr(unwrappedKey),
366 curve, wrap, CFDataGetBytePtr(fingerprint),
367 ccrng_seckey);
368 if (err) {
369 SecError(errSecUnsupportedOperation, error, CFSTR("Failed to wrap key"));
370 CFReleaseNull(data);
371 }
372
373errOut:
374 return data;
375}
376
b1ab9ed8 377SecKeyDescriptor kSecECPublicKeyDescriptor = {
fa7225c8
A		 378 .version = kSecKeyDescriptorVersion,
379 .name = "ECPublicKey",
380 .extraBytes = ccec_pub_ctx_size(ccn_sizeof(kMaximumECKeySize)),
381 .init = SecECPublicKeyInit,
382 .destroy = SecECPublicKeyDestroy,
383 .blockSize = SecECPublicKeyBlockSize,
384 .copyDictionary = SecECPublicKeyCopyAttributeDictionary,
385 .copyExternalRepresentation = SecECPublicKeyCopyExternalRepresentation,
386 .describe = SecECPublicKeyCopyKeyDescription,
387 .getAlgorithmID = SecECKeyGetAlgorithmID,
388 .copyPublic = SecECPublicKeyCopyPublicOctets,
389 .copyWrapKey = SecECKeyCopyWrapKey,
390 .copyOperationResult = SecECPublicKeyCopyOperationResult,
b1ab9ed8
A		 391};
392
393/* Public Key API functions. */
394SecKeyRef SecKeyCreateECPublicKey(CFAllocatorRef allocator,
395 const uint8_t *keyData, CFIndex keyDataLength,
396 SecKeyEncoding encoding) {
397 return SecKeyCreate(allocator, &kSecECPublicKeyDescriptor, keyData,
fa7225c8 398 keyDataLength, encoding);
b1ab9ed8
A		 399}
400
401
402
403/*
404 *
405 * Private Key
406 *
407 */
408
409/* Private key static functions. */
410static void SecECPrivateKeyDestroy(SecKeyRef key) {
411 /* Zero out the public key */
866f8763
A		 412 ccec_full_ctx_t fullkey = key->key;
413
414 if (ccec_ctx_cp(fullkey))
415 cc_clear(ccec_full_ctx_size(ccn_sizeof_n(ccec_ctx_n(fullkey))), fullkey);
b1ab9ed8
A		 416}
417
418
419static OSStatus SecECPrivateKeyInit(SecKeyRef key,
420 const uint8_t *keyData, CFIndex keyDataLength, SecKeyEncoding encoding) {
866f8763 421 ccec_full_ctx_t fullkey = key->key;
b1ab9ed8
A		 422 OSStatus err = errSecParam;
423
424 switch (encoding) {
425 case kSecKeyEncodingPkcs1:
427c49bc 426 {
b1ab9ed8
A		 427 /* TODO: DER import size (and thus cp), pub.x, pub.y and k. */
428 //err = ecc_import(keyData, keyDataLength, fullkey);
427c49bc
A		 429
430 /* DER != PKCS#1, but we'll go along with it */
fa7225c8 431 const unsigned char *oid;
427c49bc
A		 432 size_t n;
433 ccec_const_cp_t cp;
434
fa7225c8 435 require_noerr_quiet(ccec_der_import_priv_keytype(keyDataLength, keyData, (ccoid_t*)&oid, &n), abort);
427c49bc 436 cp = ccec_cp_for_oid(oid);
866f8763 437 if (cp == NULL) {
427c49bc
A		 438 cp = ccec_curve_for_length_lookup(n * 8 /* bytes -> bits */,
439 ccec_cp_192(), ccec_cp_224(), ccec_cp_256(), ccec_cp_384(), ccec_cp_521(), NULL);
440 }
866f8763 441 require_action_quiet(cp != NULL, abort, err = errSecDecode);
427c49bc
A		 442 ccec_ctx_init(cp, fullkey);
443
fa7225c8 444 require_noerr_quiet(ccec_der_import_priv(cp, keyDataLength, keyData, fullkey), abort);
427c49bc 445 err = errSecSuccess;
b1ab9ed8 446 break;
427c49bc 447 }
b1ab9ed8
A		 448 case kSecKeyEncodingBytes:
449 {
450 ccec_const_cp_t cp = getCPForPrivateSize(keyDataLength);
866f8763 451 require_quiet(cp != NULL, abort);
b1ab9ed8
A		 452
453 ccec_ctx_init(cp, fullkey);
866f8763 454 size_t pubSize = ccec_export_pub_size(ccec_ctx_pub(fullkey));
b1ab9ed8 455
79b9da22 456 require_quiet(pubSize < (size_t) keyDataLength, abort);
866f8763
A		 457 require_noerr_action_quiet(ccec_import_pub(cp, pubSize, keyData, ccec_ctx_pub(fullkey)),
458 abort,
459 err = errSecDecode);
b1ab9ed8
A		 460
461
462 keyData += pubSize;
463 keyDataLength -= pubSize;
464
465 cc_unit *k = ccec_ctx_k(fullkey);
fa7225c8
A		 466 require_noerr_action_quiet(ccn_read_uint(ccec_ctx_n(fullkey), k, keyDataLength, keyData),
467 abort,
468 err = errSecDecode);
b1ab9ed8
A		 469
470 err = errSecSuccess;
471 break;
472
473 }
474 case kSecGenerateKey:
475 {
476 CFDictionaryRef parameters = (CFDictionaryRef) keyData;
477
478 CFTypeRef ksize = CFDictionaryGetValue(parameters, kSecAttrKeySizeInBits);
479 CFIndex keyLengthInBits = getIntValue(ksize);
480
427c49bc 481 ccec_const_cp_t cp = ccec_get_cp(keyLengthInBits);
b1ab9ed8 482
866f8763 483 if (!cp) {
b1ab9ed8
A		 484 secwarning("Invalid or missing key size in: %@", parameters);
485 return errSecKeySizeNotAllowed;
486 }
487
5c19dc3a 488 if (!ccec_generate_key_fips(cp, ccrng_seckey, fullkey))
b1ab9ed8
A		 489 err = errSecSuccess;
490 break;
491 }
492
493 default:
494 break;
495 }
496abort:
497 return err;
498}
499
fa7225c8
A		 500static CFTypeRef SecECPrivateKeyCopyOperationResult(SecKeyRef key, SecKeyOperationType operation, SecKeyAlgorithm algorithm,
501 CFArrayRef allAlgorithms, SecKeyOperationMode mode,
502 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
503 // Default answer is 'unsupported', unless we find out that we can support it.
504 CFTypeRef result = kCFNull;
505
866f8763 506 ccec_full_ctx_t fullkey = key->key;
fa7225c8
A		 507 switch (operation) {
508 case kSecKeyOperationTypeSign: {
b54c578e 509 if (CFEqual(algorithm, kSecKeyAlgorithmECDSASignatureDigestX962)) {
fa7225c8
A		 510 if (mode == kSecKeyOperationModePerform) {
511 // Perform x962 mode of signature.
512 size_t size = ccec_sign_max_size(ccec_ctx_cp(fullkey));
513 result = CFDataCreateMutableWithScratch(NULL, size);
514 int err = ccec_sign(fullkey, CFDataGetLength(in1), CFDataGetBytePtr(in1),
515 &size, CFDataGetMutableBytePtr((CFMutableDataRef)result), ccrng_seckey);
516 require_action_quiet(err == 0, out, (CFReleaseNull(result),
517 SecError(errSecParam, error, CFSTR("%@: X962 signing failed (ccerr %d)"),
518 key, err)));
519 CFDataSetLength((CFMutableDataRef)result, size);
520 } else {
521 // Operation is supported.
522 result = kCFBooleanTrue;
523 }
524 }
525 break;
526 }
527 case kSecKeyOperationTypeKeyExchange:
528 if (CFEqual(algorithm, kSecKeyAlgorithmECDHKeyExchangeStandard) ||
529 CFEqual(algorithm, kSecKeyAlgorithmECDHKeyExchangeCofactor)) {
530 if (mode == kSecKeyOperationModePerform) {
531 int err;
532 ccec_const_cp_t cp = getCPForPublicSize(CFDataGetLength(in1));
866f8763 533 require_action_quiet(cp != NULL, out,
fa7225c8 534 SecError(errSecParam, error, CFSTR("ECpriv sharedsecret: bad public key")));
866f8763 535 ccec_pub_ctx_decl_cp(cp, pubkey);
fa7225c8
A		 536 err = ccec_import_pub(cp, CFDataGetLength(in1), CFDataGetBytePtr(in1), pubkey);
537 require_noerr_action_quiet(err, out, SecError(errSecParam, error,
538 CFSTR("ECpriv sharedsecret: bad public key (err %d)"), err));
539 size_t size = ccec_ccn_size(cp);
540 result = CFDataCreateMutableWithScratch(NULL, size);
541 err = ccecdh_compute_shared_secret(fullkey, pubkey, &size,
542 CFDataGetMutableBytePtr((CFMutableDataRef)result), ccrng_seckey);
543 require_noerr_action_quiet(err, out, (CFReleaseNull(result),
544 SecError(errSecDecode, error,
545 CFSTR("ECpriv failed to compute shared secret (err %d)"), err)));
546 CFDataSetLength((CFMutableDataRef)result, size);
547 } else {
548 // Operation is supported.
549 result = kCFBooleanTrue;
550 }
551 }
552 break;
553 default:
554 break;
b1ab9ed8 555 }
b1ab9ed8 556
fa7225c8
A		 557out:
558 return result;
b1ab9ed8
A		 559}
560
561static size_t SecECPrivateKeyBlockSize(SecKeyRef key) {
866f8763 562 ccec_full_ctx_t fullkey = key->key;
b1ab9ed8 563 /* Get key size in octets */
427c49bc 564 return ccec_ctx_size(fullkey);
b1ab9ed8
A		 565}
566
567static OSStatus SecECPrivateKeyCopyPublicOctets(SecKeyRef key, CFDataRef *serailziation)
568{
866f8763 569 ccec_full_ctx_t fullkey = key->key;
b1ab9ed8
A		 570
571 CFAllocatorRef allocator = CFGetAllocator(key);
866f8763 572 *serailziation = SecECPublicKeyExport(allocator, ccec_ctx_pub(fullkey));
b1ab9ed8
A		 573
574 if (NULL == *serailziation)
575 return errSecDecode;
576 else
577 return errSecSuccess;
578}
579
fa7225c8 580static CFDataRef SecECPrivateKeyCopyExternalRepresentation(SecKeyRef key, CFErrorRef *error) {
866f8763 581 ccec_full_ctx_t fullkey = key->key;
b1ab9ed8 582 size_t prime_size = ccec_cp_prime_size(ccec_ctx_cp(fullkey));
866f8763 583 size_t key_size = ccec_export_pub_size(ccec_ctx_pub(fullkey)) + prime_size;
fa7225c8 584 CFMutableDataRef blob = CFDataCreateMutableWithScratch(NULL, key_size);
866f8763
A		 585 ccec_export_pub(ccec_ctx_pub(fullkey), CFDataGetMutableBytePtr(blob));
586 UInt8 *dest = CFDataGetMutableBytePtr(blob) + ccec_export_pub_size(ccec_ctx_pub(fullkey));
fa7225c8
A		 587 const cc_unit *k = ccec_ctx_k(fullkey);
588 ccn_write_uint_padded(ccec_ctx_n(fullkey), k, prime_size, dest);
589 return blob;
b1ab9ed8
A		 590}
591
b1ab9ed8 592static CFDictionaryRef SecECPrivateKeyCopyAttributeDictionary(SecKeyRef key) {
fa7225c8 593 /* Export the full ec key pair. */
fa7225c8 594 CFDataRef fullKeyBlob = SecECPrivateKeyCopyExternalRepresentation(key, NULL);
b1ab9ed8 595
fa7225c8 596 CFDictionaryRef dict = SecKeyGeneratePrivateAttributeDictionary(key, kSecAttrKeyTypeEC, fullKeyBlob);
b1ab9ed8 597 CFReleaseSafe(fullKeyBlob);
b1ab9ed8
A		 598 return dict;
599}
427c49bc 600static CFStringRef SecECPrivateKeyCopyKeyDescription(SecKeyRef key) {
d8f41ccd
A		 601
602 const char* curve = getCurveName(key);
603
5c19dc3a 604 return CFStringCreateWithFormat(kCFAllocatorDefault,NULL,CFSTR( "<SecKeyRef curve type: %s, algorithm id: %lu, key type: %s, version: %d, block size: %zu bits, addr: %p>"), curve, (long)SecKeyGetAlgorithmId(key), key->key_class->name, key->key_class->version, (8*SecKeyGetBlockSize(key)), key);
427c49bc
A		 605
606}
b1ab9ed8 607
d8f41ccd
A		 608static CFDataRef SecECKeyCopyUnwrapKey(SecKeyRef key, SecKeyWrapType type, CFDataRef wrappedKey, CFDictionaryRef parameters, CFDictionaryRef *outParam, CFErrorRef *error)
609{
610 const struct ccec_rfc6637_curve *curve;
611 const struct ccec_rfc6637_unwrap *unwrap;
866f8763 612 ccec_full_ctx_t fullkey = key->key;
d8f41ccd
A		 613 CFMutableDataRef data;
614 int res;
615 uint8_t sym_alg = 0;
fa7225c8 616 int32_t flags = 0;
d8f41ccd 617
d8f41ccd
A		 618 curve = get_rfc6637_curve(key);
619 if (curve == NULL) {
620 SecError(errSecUnsupportedOperation, error, CFSTR("unsupported curve"));
621 return NULL;
622 }
623
624 CFTypeRef wrapAlg = CFDictionaryGetValue(parameters, _kSecKeyWrapPGPWrapAlg);
625 if (wrapAlg == NULL) {
626 SecError(errSecUnsupportedOperation, error, CFSTR("no wrap alg"));
627 return NULL;
628 } else if (CFEqual(wrapAlg, _kSecKeyWrapRFC6637WrapDigestSHA256KekAES128)) {
629 unwrap = &ccec_rfc6637_unwrap_sha256_kek_aes128;
630 } else if (CFEqual(wrapAlg, _kSecKeyWrapRFC6637WrapDigestSHA512KekAES256)) {
631 unwrap = &ccec_rfc6637_unwrap_sha512_kek_aes256;
632 } else {
633 SecError(errSecUnsupportedOperation, error, CFSTR("unknown wrap alg"));
634 return NULL;
635 }
636
637 CFDataRef fingerprint = CFDictionaryGetValue(parameters, _kSecKeyWrapPGPFingerprint);
638 if (!isData(fingerprint) || CFDataGetLength(fingerprint) < kSecKeyWrapPGPFingerprintMinSize) {
639 SecError(errSecUnsupportedOperation, error, CFSTR("invalid fingerprint"));
640 return NULL;
641 }
642
643 CFNumberRef num = CFDictionaryGetValue(parameters, _kSecKeyWrapRFC6637Flags);
fa7225c8
A		 644 if (isNumber(num)) {
645 if (!CFNumberGetValue(num, kCFNumberSInt32Type, &flags)) {
d8f41ccd
A		 646 SecError(errSecUnsupportedOperation, error, CFSTR("invalid flags: %@"), num);
647 return NULL;
648 }
649 } else if (num) {
650 SecError(errSecUnsupportedOperation, error, CFSTR("unknown flags"));
651 return NULL;
652 }
653
654 size_t keysize = CFDataGetLength(wrappedKey);
655 data = CFDataCreateMutableWithScratch(NULL, keysize);
656 if (data == NULL)
657 return NULL;
658
659 res = ccec_rfc6637_unwrap_key(fullkey, &keysize, CFDataGetMutableBytePtr(data),
660 flags, &sym_alg, curve, unwrap,
661 CFDataGetBytePtr(fingerprint),
662 CFDataGetLength(wrappedKey), CFDataGetBytePtr(wrappedKey));
663 if (res != 0) {
664 CFReleaseNull(data);
665 SecError(errSecUnsupportedOperation, error, CFSTR("failed to wrap key"));
666 return NULL;
667 }
668 assert(keysize <= (size_t)CFDataGetLength(data));
669 CFDataSetLength(data, keysize);
670
671 if (outParam) {
672 CFMutableDictionaryRef out = CFDictionaryCreateMutableForCFTypes(NULL);
673 if (out) {
674 CFNumberRef num = CFNumberCreate(NULL, kCFNumberSInt8Type, &sym_alg);
675 if (num) {
676 CFDictionarySetValue(out, _kSecKeyWrapPGPSymAlg, num);
677 CFRelease(num);
678 }
679 *outParam = out;
680 }
681 }
682
683 return data;
684}
685
b1ab9ed8 686SecKeyDescriptor kSecECPrivateKeyDescriptor = {
fa7225c8
A		 687 .version = kSecKeyDescriptorVersion,
688 .name = "ECPrivateKey",
689 .extraBytes = ccec_full_ctx_size(ccn_sizeof(kMaximumECKeySize)),
690
691 .init = SecECPrivateKeyInit,
692 .destroy = SecECPrivateKeyDestroy,
693 .blockSize = SecECPrivateKeyBlockSize,
694 .copyDictionary = SecECPrivateKeyCopyAttributeDictionary,
695 .describe = SecECPrivateKeyCopyKeyDescription,
696 .getAlgorithmID = SecECKeyGetAlgorithmID,
697 .copyPublic = SecECPrivateKeyCopyPublicOctets,
698 .copyExternalRepresentation = SecECPrivateKeyCopyExternalRepresentation,
699 .copyWrapKey = SecECKeyCopyWrapKey,
700 .copyUnwrapKey = SecECKeyCopyUnwrapKey,
701 .copyOperationResult = SecECPrivateKeyCopyOperationResult,
b1ab9ed8
A		 702};
703
704/* Private Key API functions. */
705SecKeyRef SecKeyCreateECPrivateKey(CFAllocatorRef allocator,
706 const uint8_t *keyData, CFIndex keyDataLength,
707 SecKeyEncoding encoding) {
708 return SecKeyCreate(allocator, &kSecECPrivateKeyDescriptor, keyData,
709 keyDataLength, encoding);
710}
711
712
713OSStatus SecECKeyGeneratePair(CFDictionaryRef parameters,
714 SecKeyRef *publicKey, SecKeyRef *privateKey) {
715 OSStatus status = errSecParam;
716
717 CFAllocatorRef allocator = NULL; /* @@@ get from parameters. */
718 SecKeyRef pubKey = NULL;
719
720 SecKeyRef privKey = SecKeyCreate(allocator, &kSecECPrivateKeyDescriptor,
721 (const void*) parameters, 0, kSecGenerateKey);
722
79b9da22 723 require_quiet(privKey, errOut);
b1ab9ed8
A		 724
725 /* Create SecKeyRef's from the pkcs1 encoded keys. */
726 pubKey = SecKeyCreate(allocator, &kSecECPublicKeyDescriptor,
fa7225c8 727 privKey->key, 0, kSecExtractPublicFromPrivate);
b1ab9ed8 728
79b9da22 729 require_quiet(pubKey, errOut);
b1ab9ed8
A		 730
731 if (publicKey) {
732 *publicKey = pubKey;
733 pubKey = NULL;
734 }
735 if (privateKey) {
736 *privateKey = privKey;
737 privKey = NULL;
738 }
739
740 status = errSecSuccess;
741
742errOut:
743 CFReleaseSafe(pubKey);
744 CFReleaseSafe(privKey);
745
746 return status;
747}
748
749
750/* It's debatable whether this belongs here or in the ssl code since the
751 curve values come from a tls related rfc4492. */
752SecECNamedCurve SecECKeyGetNamedCurve(SecKeyRef key) {
fa7225c8
A		 753 SecECNamedCurve result = kSecECCurveNone;
754 CFDictionaryRef attributes = NULL;
755 require_quiet(SecKeyGetAlgorithmId(key) == kSecECDSAAlgorithmID, out);
756 require_quiet(attributes = SecKeyCopyAttributes(key), out);
757 CFTypeRef bitsRef = CFDictionaryGetValue(attributes, kSecAttrKeySizeInBits);
6b200bc3 758 CFIndex bits = 0;
fa7225c8
A		 759 require_quiet(bitsRef != NULL && CFGetTypeID(bitsRef) == CFNumberGetTypeID() &&
760 CFNumberGetValue(bitsRef, kCFNumberCFIndexType, &bits), out);
761 switch (bits) {
b1ab9ed8 762#if 0
fa7225c8
A		 763 case 192:
764 result = kSecECCurveSecp192r1;
765 break;
766 case 224:
767 result = kSecECCurveSecp224r1;
768 break;
b1ab9ed8 769#endif
fa7225c8
A		 770 case 256:
771 result = kSecECCurveSecp256r1;
772 break;
773 case 384:
774 result = kSecECCurveSecp384r1;
775 break;
776 case 521:
777 result = kSecECCurveSecp521r1;
778 break;
b1ab9ed8 779 }
fa7225c8
A		 780
781out:
782 CFReleaseSafe(attributes);
783 return result;
b1ab9ed8
A		 784}
785
786CFDataRef SecECKeyCopyPublicBits(SecKeyRef key) {
fa7225c8
A		 787 CFDataRef bytes = NULL;
788 SecKeyCopyPublicBytes(key, &bytes);
789 return bytes;
b1ab9ed8 790}
d8f41ccd
A		 791
792/* Vile accessors that get us the pub or priv key to use temporarily */
793
794bool SecECDoWithFullKey(SecKeyRef key, CFErrorRef* error, void (^action)(ccec_full_ctx_t private)) {
795 if (key->key_class == &kSecECPrivateKeyDescriptor) {
796 action(key->key);
797 } else {
798 return SecError(errSecParam, error, CFSTR("Not an EC Full Key object, sorry can't do."));
799 }
800
801 return true;
802}
803
804bool SecECDoWithPubKey(SecKeyRef key, CFErrorRef* error, void (^action)(ccec_pub_ctx_t public)) {
805 if (key->key_class == &kSecECPublicKeyDescriptor) {
806 action(key->key);
807 } else {
808 return SecError(errSecParam, error, CFSTR("Not an EC Public Key object, sorry can't do."));
809 }
810
811 return true;
812}
813
mirror of Security