]> git.saurik.com Git - apple/security.git/blob - AppleCSPDL/SSContext.cpp
projects / apple / security.git / blob
? search:


4ea3794e987f50f2981849b8d5d0ac78fc165981
[apple/security.git] / AppleCSPDL / SSContext.cpp
1 /*
2 * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
3 *
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
8 * using this file.
9 *
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
16 */
17
18
19 //
20 // SSContext - cryptographic contexts for the security server
21 //
22 #include "SSContext.h"
23
24 #include "SSCSPSession.h"
25 #include "SSKey.h"
26 #include <Security/debugging.h>
27
28 #define ssCryptDebug(args...) debug("ssCrypt", ## args)
29
30 using namespace SecurityServer;
31
32 //
33 // SSContext
34 //
35 SSContext::SSContext(SSCSPSession &session)
36 : mSession(session), mContext(NULL)
37 {
38 }
39
40 void SSContext::clearOutBuf()
41 {
42 if(mOutBuf.Data) {
43 mSession.free(mOutBuf.Data);
44 mOutBuf.clear();
45 }
46 }
47
48 void SSContext::copyOutBuf(CssmData &out)
49 {
50 if(out.length() < mOutBuf.length()) {
51 CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR);
52 }
53 memmove(out.Data, mOutBuf.Data, mOutBuf.Length);
54 out.Length = mOutBuf.Length;
55 clearOutBuf();
56 }
57
58 void
59 SSContext::init(const Context &context,
60 bool /* encoding */) // @@@ should be removed from API since it's already in mDirection
61 {
62 mContext = &context;
63 clearOutBuf();
64 }
65
66 SecurityServer::ClientSession &
67 SSContext::clientSession()
68 {
69 return mSession.clientSession();
70 }
71
72
73 //
74 // SSRandomContext -- Context for GenerateRandom operations
75 //
76 SSRandomContext::SSRandomContext(SSCSPSession &session) : SSContext(session) {}
77
78 void
79 SSRandomContext::init(const Context &context, bool encoding)
80 {
81 SSContext::init(context, encoding);
82
83 // set/freeze output size
84 mOutSize = context.getInt(CSSM_ATTRIBUTE_OUTPUT_SIZE, CSSMERR_CSP_MISSING_ATTR_OUTPUT_SIZE);
85
86 #if 0
87 // seed the PRNG (if specified)
88 if (const CssmCryptoData *seed = context.get<CssmCryptoData>(CSSM_ATTRIBUTE_SEED)) {
89 const CssmData &seedValue = (*seed)();
90 clientSession().seedRandom(seedValue);
91 }
92 #endif
93 }
94
95 size_t
96 SSRandomContext::outputSize(bool final, size_t inSize)
97 {
98 return mOutSize;
99 }
100
101 void
102 SSRandomContext::final(CssmData &out)
103 {
104 clientSession().generateRandom(out);
105 }
106
107
108 // signature contexts
109 SSSignatureContext::SSSignatureContext(SSCSPSession &session)
110 : SSContext(session),
111 mKeyHandle(noKey),
112 mNullDigest(NULL),
113 mDigest(NULL)
114 {
115 /* nothing else for now */
116 }
117
118 SSSignatureContext::~SSSignatureContext()
119 {
120 delete mNullDigest;
121 delete mDigest;
122 }
123
124 void SSSignatureContext::init(const Context &context, bool signing)
125 {
126 SSContext::init(context, signing);
127
128 /* reusable: skip everything except resetting digest state */
129 if((mNullDigest != NULL) || (mDigest != NULL)) {
130 if(mNullDigest != NULL) {
131 mNullDigest->digestInit();
132 }
133 return;
134 }
135
136 /* snag key from context */
137 const CssmKey &keyInContext =
138 context.get<const CssmKey>(CSSM_ATTRIBUTE_KEY,
139 CSSMERR_CSP_MISSING_ATTR_KEY);
140 mKeyHandle = mSession.lookupKey(keyInContext).keyHandle();
141
142 /* get digest alg and sig alg from Context.algorithm */
143 switch(context.algorithm()) {
144 /*** DSA ***/
145 case CSSM_ALGID_SHA1WithDSA:
146 mDigestAlg = CSSM_ALGID_SHA1;
147 mSigAlg = CSSM_ALGID_DSA;
148 break;
149 case CSSM_ALGID_DSA: // Raw
150 mDigestAlg = CSSM_ALGID_NONE;
151 mSigAlg = CSSM_ALGID_DSA;
152 break;
153 /*** RSA ***/
154 case CSSM_ALGID_SHA1WithRSA:
155 mDigestAlg = CSSM_ALGID_SHA1;
156 mSigAlg = CSSM_ALGID_RSA;
157 break;
158 case CSSM_ALGID_MD5WithRSA:
159 mDigestAlg = CSSM_ALGID_MD5;
160 mSigAlg = CSSM_ALGID_RSA;
161 break;
162 case CSSM_ALGID_MD2WithRSA:
163 mDigestAlg = CSSM_ALGID_MD2;
164 mSigAlg = CSSM_ALGID_RSA;
165 break;
166 case CSSM_ALGID_RSA: // Raw
167 mDigestAlg = CSSM_ALGID_NONE;
168 mSigAlg = CSSM_ALGID_RSA;
169 break;
170 /*** FEE ***/
171 case CSSM_ALGID_FEE_SHA1:
172 mDigestAlg = CSSM_ALGID_SHA1;
173 mSigAlg = CSSM_ALGID_FEE;
174 break;
175 case CSSM_ALGID_FEE_MD5:
176 mDigestAlg = CSSM_ALGID_MD5;
177 mSigAlg = CSSM_ALGID_FEE;
178 break;
179 case CSSM_ALGID_FEE: // Raw
180 mDigestAlg = CSSM_ALGID_NONE;
181 mSigAlg = CSSM_ALGID_FEE;
182 break;
183 /*** ECDSA ***/
184 case CSSM_ALGID_SHA1WithECDSA:
185 mDigestAlg = CSSM_ALGID_SHA1;
186 mSigAlg = CSSM_ALGID_ECDSA;
187 break;
188 case CSSM_ALGID_ECDSA: // Raw
189 mDigestAlg = CSSM_ALGID_NONE;
190 mSigAlg = CSSM_ALGID_ECDSA;
191 break;
192 default:
193 CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
194 }
195
196 /* set up mNullDigest or mDigest */
197 if(mDigestAlg == CSSM_ALGID_NONE) {
198 mNullDigest = new NullDigest();
199 }
200 else {
201 mDigest = new CssmClient::Digest(mSession.mRawCsp, mDigestAlg);
202 }
203 }
204
205 /*
206 * for raw sign/verify - optionally called after init.
207 * Note that in init (in this case), we set mDigestAlg to ALGID_NONE and set up
208 * a NullDigest. We now overwrite mDigestAlg, and we'll useƊthis
209 * new value when we do the actual sign/vfy.
210 */
211 void SSSignatureContext::setDigestAlgorithm(CSSM_ALGORITHMS digestAlg)
212 {
213 mDigestAlg = digestAlg;
214 }
215
216 void SSSignatureContext::update(const CssmData &data)
217 {
218 /* Note that for this context, we really can not deal with an out-of-sequence
219 * update --> final(true, 0) --> update since we lose the pending digest state
220 * when we perform the implied final() during outputSize(true, 0). */
221 assert(mOutBuf.Data == NULL);
222
223 /* add incoming data to digest or accumulator */
224 if(mNullDigest) {
225 mNullDigest->digestUpdate(data.data(), data.length());
226 }
227 else {
228 mDigest->digest(data);
229 }
230 }
231
232 size_t SSSignatureContext::outputSize(bool final, size_t inSize)
233 {
234 if(!final) {
235 ssCryptDebug("===sig outputSize !final\n");
236 return 0;
237 }
238 if(!encoding()) {
239 ssCryptDebug("===sig outputSize final, !encoding\n");
240 /* don't see why this is even called... */
241 return 0;
242 }
243 if(inSize == 0) {
244 /*
245 * This is the implied signal to go for it. Note that in this case,
246 * we can not go back and re-do the op in case of an unexpected
247 * sequence of update/outputSize(final, 0)/final - we lose the digest
248 * state. Perhaps we should save the digest...? But still it would
249 * be impossible to do another update.
250 */
251 clearOutBuf();
252 sign(mOutBuf);
253 ssCryptDebug("===sig outputSize(pre-op) %u", (unsigned)mOutBuf.Length);
254 return (size_t)mOutBuf.Length;
255 }
256 else {
257 /* out-of-band case, ask CSP via SS */
258 uint32 outSize = clientSession().getOutputSize(*mContext,
259 mKeyHandle,
260 /* FIXME - what to use for inSize here - we don't want to
261 * interrogate mDigest, as that would result in another RPC...
262 * and signature size is not related to input size...right? */
263 inSize,
264 true);
265 ssCryptDebug("===sig outputSize(RPC) %u", (unsigned)outSize);
266 return (size_t)outSize;
267 }
268 }
269
270 /* sign */
271
272 /* first the common routine shared by final and outputSize */
273 void SSSignatureContext::sign(CssmData &sig)
274 {
275 /* we have to pass down a modified Context, thus.... */
276 Context tempContext = *mContext;
277 tempContext.AlgorithmType = mSigAlg;
278
279 if(mNullDigest) {
280 CssmData dData(const_cast<void *>(mNullDigest->digestPtr()),
281 mNullDigest->digestSizeInBytes());
282 clientSession().generateSignature(tempContext,
283 mKeyHandle,
284 dData,
285 sig,
286 mDigestAlg);
287 }
288 else {
289 clientSession().generateSignature(tempContext,
290 mKeyHandle,
291 (*mDigest)(),
292 sig,
293 mDigestAlg);
294 }
295 }
296
297 /* this is the one called by CSPFullPluginSession */
298 void SSSignatureContext::final(CssmData &sig)
299 {
300 if(mOutBuf.Data) {
301 /* normal final case in which the actual RPC via SS was done in the
302 * previous outputSize() call. */
303 ssCryptDebug("===final via pre-op and copy");
304 copyOutBuf(sig);
305 return;
306 }
307
308 ssCryptDebug("===final via RPC");
309 sign(sig);
310 }
311
312 /* verify */
313 void
314 SSSignatureContext::final(const CssmData &sig)
315 {
316 /* we have to pass down a modified Context, thus.... */
317 Context tempContext = *mContext;
318 tempContext.AlgorithmType = mSigAlg;
319
320 if(mNullDigest) {
321 CssmData dData(const_cast<void *>(mNullDigest->digestPtr()),
322 mNullDigest->digestSizeInBytes());
323 clientSession().verifySignature(tempContext,
324 mKeyHandle,
325 dData,
326 sig,
327 mDigestAlg);
328 }
329 else {
330 clientSession().verifySignature(tempContext,
331 mKeyHandle,
332 (*mDigest)(),
333 sig,
334 mDigestAlg);
335 }
336 }
337
338
339 //
340 // SSCryptContext -- Context for Encrypt and Decrypt operations
341 //
342 SSCryptContext::SSCryptContext(SSCSPSession &session)
343 : SSContext(session), mKeyHandle(noKey)
344 {
345 /* nothing for now */
346 }
347
348
349 SSCryptContext::~SSCryptContext()
350 {
351 /* nothing for now */
352 }
353
354 void
355 SSCryptContext::init(const Context &context, bool encoding)
356 {
357 ssCryptDebug("===init");
358 SSContext::init(context, encoding);
359
360 /* reusable; reset accumulator */
361 mNullDigest.digestInit();
362
363 const CssmKey &keyInContext =
364 context.get<const CssmKey>(CSSM_ATTRIBUTE_KEY,
365 CSSMERR_CSP_MISSING_ATTR_KEY);
366 mKeyHandle = mSession.lookupKey(keyInContext).keyHandle();
367 }
368
369 size_t
370 SSCryptContext::inputSize(size_t outSize)
371 {
372 ssCryptDebug("===inputSize outSize=%u", (unsigned)outSize);
373 return UINT_MAX;
374 }
375
376 size_t
377 SSCryptContext::outputSize(bool final, size_t inSize)
378 {
379 ssCryptDebug("===outputSize final %d inSize=%u", final, (unsigned)inSize);
380 if(!final) {
381 /* we buffer until final; no intermediate output */
382 return 0;
383 }
384 size_t inBufSize = mNullDigest.digestSizeInBytes();
385 if(inSize == 0) {
386 /* This is the implied signal to go for it */
387 clearOutBuf();
388 if(inBufSize == 0) {
389 return 0;
390 }
391 const CssmData in(const_cast<void *>(mNullDigest.digestPtr()), inBufSize);
392 if (encoding()) {
393 clientSession().encrypt(*mContext, mKeyHandle, in, mOutBuf);
394 }
395 else {
396 clientSession().decrypt(*mContext, mKeyHandle, in, mOutBuf);
397 }
398 /* leave the accumulator as is in case of unexpected sequence */
399 ssCryptDebug(" ===outSize(pre-op) %u", (unsigned)mOutBuf.Length);
400 return mOutBuf.Length;
401 }
402 else {
403 /* out-of-band case, ask CSP via SS */
404 uint32 outSize = clientSession().getOutputSize(*mContext,
405 mKeyHandle,
406 inBufSize + inSize,
407 encoding());
408 ssCryptDebug(" ===outSize(RPC) %u", (unsigned)outSize);
409 return (size_t)outSize;
410 }
411 }
412
413 void
414 SSCryptContext::minimumProgress(size_t &in, size_t &out)
415 {
416 in = 1;
417 out = 0;
418 }
419
420 void
421 SSCryptContext::update(void *inp, size_t &inSize, void *outp, size_t &outSize)
422 {
423 ssCryptDebug("===update inSize=%u", (unsigned)inSize);
424 /* add incoming data to accumulator */
425 mNullDigest.digestUpdate(inp, inSize);
426 outSize = 0;
427 clearOutBuf();
428 }
429
430 void
431 SSCryptContext::final(CssmData &out)
432 {
433 if(mOutBuf.Data != NULL) {
434 /* normal final case in which the actual RPC via SS was done in the
435 * previous outputSize() call. A memcpy is needed here because
436 * CSPFullPluginSession has just allocated the buf size we need. */
437 ssCryptDebug("===final via pre-op and copy");
438 copyOutBuf(out);
439 return;
440 }
441
442 /* when is this path taken...? */
443 ssCryptDebug("===final via RPC");
444 size_t inSize = mNullDigest.digestSizeInBytes();
445 if(!inSize) return;
446
447 const CssmData in(const_cast<void *>(mNullDigest.digestPtr()), inSize);
448 unsigned origOutSize = out.length();
449 if (encoding()) {
450 clientSession().encrypt(*mContext, mKeyHandle, in, out);
451 }
452 else {
453 clientSession().decrypt(*mContext, mKeyHandle, in, out);
454 }
455 assert(out.length() <= origOutSize);
456 mNullDigest.digestInit();
457 }
458
459 // Digest, using raw CSP
460 SSDigestContext::SSDigestContext(SSCSPSession &session)
461 : SSContext(session), mDigest(NULL)
462 {
463
464 }
465
466 SSDigestContext::~SSDigestContext()
467 {
468 delete mDigest;
469 }
470
471 void SSDigestContext::init(const Context &context, bool encoding)
472 {
473 CSSM_ALGORITHMS alg;
474
475 SSContext::init(context, encoding);
476 alg = context.algorithm();
477 mDigest = new CssmClient::Digest(mSession.mRawCsp, alg);
478 }
479
480 void SSDigestContext::update(const CssmData &data)
481 {
482 mDigest->digest(data);
483 }
484
485 void SSDigestContext::final(CssmData &out)
486 {
487 (*mDigest)(out);
488 }
489
490 size_t SSDigestContext::outputSize(bool final, size_t inSize)
491 {
492 if(!final) {
493 return 0;
494 }
495 else {
496 return (size_t)mDigest->getOutputSize(inSize);
497 }
498 }
499
500 // MACContext - common class for MAC generate, verify
501 SSMACContext::SSMACContext(SSCSPSession &session)
502 : SSContext(session), mKeyHandle(noKey)
503 {
504
505 }
506
507 void SSMACContext::init(const Context &context, bool encoding)
508 {
509 SSContext::init(context, encoding);
510
511 /* reusable; reset accumulator */
512 mNullDigest.digestInit();
513
514 /* snag key from context */
515 const CssmKey &keyInContext =
516 context.get<const CssmKey>(CSSM_ATTRIBUTE_KEY,
517 CSSMERR_CSP_MISSING_ATTR_KEY);
518 mKeyHandle = mSession.lookupKey(keyInContext).keyHandle();
519 }
520
521 void SSMACContext::update(const CssmData &data)
522 {
523 /* add incoming data to accumulator */
524 mNullDigest.digestUpdate(data.data(), data.length());
525 }
526
527 size_t SSMACContext::outputSize(bool final, size_t inSize)
528 {
529 if(!final) {
530 ssCryptDebug("===mac outputSize !final\n");
531 return 0;
532 }
533 if(!encoding()) {
534 ssCryptDebug("===mac outputSize final, !encoding\n");
535 /* don't see why this is even called... */
536 return 0;
537 }
538 if(inSize == 0) {
539 /*
540 * This is the implied signal to go for it.
541 */
542 clearOutBuf();
543 genMac(mOutBuf);
544 ssCryptDebug("===mac outputSize(pre-op) %u", (unsigned)mOutBuf.Length);
545 return (size_t)mOutBuf.Length;
546 }
547 else {
548 /* out-of-band case, ask CSP via SS */
549 uint32 outSize = clientSession().getOutputSize(*mContext,
550 mKeyHandle,
551 inSize + mNullDigest.digestSizeInBytes(),
552 true);
553 ssCryptDebug("===mac outputSize(RPC) %u", (unsigned)outSize);
554 return (size_t)outSize;
555 }
556 }
557
558 /* generate */
559
560 /* first the common routine used by final() and outputSize() */
561 void SSMACContext::genMac(CssmData &mac)
562 {
563 CssmData allData(const_cast<void *>(mNullDigest.digestPtr()),
564 mNullDigest.digestSizeInBytes());
565 clientSession().generateMac(*mContext, mKeyHandle, allData, mac);
566 }
567
568 void SSMACContext::final(CssmData &mac)
569 {
570 genMac(mac);
571 }
572
573 /* verify */
574 void SSMACContext::final(const CssmData &mac)
575 {
576 CssmData allData(const_cast<void *>(mNullDigest.digestPtr()),
577 mNullDigest.digestSizeInBytes());
578 clientSession().verifyMac(*mContext, mKeyHandle, allData, mac);
579 }
mirror of Security