OSX/sec/Security/SecFramework.c

   1 /*
   2  * Copyright (c) 2006-2010,2012-2014 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 /*
  25  * SecFramework.c - generic non API class specific functions
  26  */
  27
  28 #ifdef STANDALONE
  29 /* Allows us to build genanchors against the BaseSDK. */
  30 #undef __ENVIRONMENT_IPHONE_OS_VERSION_MIN_REQUIRED__
  31 #undef __ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__
  32 #endif
  33
  34 #include "SecFramework.h"
  35 #include <dispatch/dispatch.h>
  36 #include <CoreFoundation/CFBundle.h>
  37 #include <CoreFoundation/CFURLAccess.h>
  38 #include <Security/SecRandom.h>
  39 #include <CommonCrypto/CommonDigest.h>
  40 #include <CommonCrypto/CommonDigestSPI.h>
  41 #include <Security/SecAsn1Coder.h>
  42 #include <Security/oidsalg.h>
  43 #include <fcntl.h>
  44 #include <sys/types.h>
  45 #include <unistd.h>
  46 #include <utilities/debugging.h>
  47 #include <utilities/SecCFWrappers.h>
  48 #include <Security/SecBase.h>
  49 #include <errno.h>
  50 #include <inttypes.h>
  51
  52 #if !(TARGET_IPHONE_SIMULATOR && defined(IPHONE_SIMULATOR_HOST_MIN_VERSION_REQUIRED) && IPHONE_SIMULATOR_HOST_MIN_VERSION_REQUIRED < 1090)
  53 #include <sys/guarded.h>
  54 #define USE_GUARDED_OPEN 1
  55 #else
  56 #define USE_GUARDED_OPEN 0
  57 #endif
  58
  59
  60 /* Security.framework's bundle id. */
  61 static CFStringRef kSecFrameworkBundleID = CFSTR("com.apple.Security");
  62
  63 CFGiblisGetSingleton(CFBundleRef, SecFrameworkGetBundle, bundle,  ^{
  64     *bundle = CFRetainSafe(CFBundleGetBundleWithIdentifier(kSecFrameworkBundleID));
  65 })
  66
  67 CFStringRef SecFrameworkCopyLocalizedString(CFStringRef key,
  68     CFStringRef tableName) {
  69     CFBundleRef bundle = SecFrameworkGetBundle();
  70     if (bundle)
  71         return CFBundleCopyLocalizedString(bundle, key, key, tableName);
  72
  73     return CFRetainSafe(key);
  74 }
  75
  76 CFURLRef SecFrameworkCopyResourceURL(CFStringRef resourceName,
  77         CFStringRef resourceType, CFStringRef subDirName) {
  78     CFURLRef url = NULL;
  79     CFBundleRef bundle = SecFrameworkGetBundle();
  80     if (bundle) {
  81         url = CFBundleCopyResourceURL(bundle, resourceName,
  82                         resourceType, subDirName);
  83                 if (!url) {
  84             secwarning("resource: %@.%@ in %@ not found", resourceName,
  85                 resourceType, subDirName);
  86                 }
  87     }
  88
  89         return url;
  90 }
  91
  92 CFDataRef SecFrameworkCopyResourceContents(CFStringRef resourceName,
  93         CFStringRef resourceType, CFStringRef subDirName) {
  94     CFURLRef url = SecFrameworkCopyResourceURL(resourceName, resourceType,
  95         subDirName);
  96         CFDataRef data = NULL;
  97     if (url) {
  98         SInt32 error;
  99         if (!CFURLCreateDataAndPropertiesFromResource(kCFAllocatorDefault,
 100             url, &data, NULL, NULL, &error)) {
 101             secwarning("read: %ld", (long) error);
 102         }
 103         CFRelease(url);
 104     }
 105
 106         return data;
 107 }
 108
 109 /* Return the SHA1 digest of a chunk of data as newly allocated CFDataRef. */
 110 CFDataRef SecSHA1DigestCreate(CFAllocatorRef allocator,
 111         const UInt8 *data, CFIndex length) {
 112         CFMutableDataRef digest = CFDataCreateMutable(allocator,
 113                 CC_SHA1_DIGEST_LENGTH);
 114         CFDataSetLength(digest, CC_SHA1_DIGEST_LENGTH);
 115         CCDigest(kCCDigestSHA1, data, length, CFDataGetMutableBytePtr(digest));
 116         return digest;
 117 }
 118
 119 CFDataRef SecSHA256DigestCreate(CFAllocatorRef allocator,
 120                                 const UInt8 *data, CFIndex length) {
 121     CFMutableDataRef digest = CFDataCreateMutable(allocator,
 122                                                   CC_SHA256_DIGEST_LENGTH);
 123     CFDataSetLength(digest, CC_SHA256_DIGEST_LENGTH);
 124     CCDigest(kCCDigestSHA256, data, length, CFDataGetMutableBytePtr(digest));
 125     return digest;
 126 }
 127
 128 CFDataRef SecSHA256DigestCreateFromData(CFAllocatorRef allocator, CFDataRef data) {
 129     CFMutableDataRef digest = CFDataCreateMutable(allocator,
 130                                                   CC_SHA256_DIGEST_LENGTH);
 131     CFDataSetLength(digest, CC_SHA256_DIGEST_LENGTH);
 132     CCDigest(kCCDigestSHA256, CFDataGetBytePtr(data), CFDataGetLength(data), CFDataGetMutableBytePtr(digest));
 133     return digest;
 134 }
 135
 136 CFDataRef SecDigestCreate(CFAllocatorRef allocator,
 137     const SecAsn1Oid *algorithm, const SecAsn1Item *params,
 138         const UInt8 *data, CFIndex length) {
 139     unsigned char *(*digestFcn)(const void *data, CC_LONG len, unsigned char *md);
 140     CFIndex digestLen;
 141
 142     if (SecAsn1OidCompare(algorithm, &CSSMOID_SHA1)) {
 143         digestFcn = CC_SHA1;
 144         digestLen = CC_SHA1_DIGEST_LENGTH;
 145     } else if (SecAsn1OidCompare(algorithm, &CSSMOID_SHA224)) {
 146         digestFcn = CC_SHA224;
 147         digestLen = CC_SHA224_DIGEST_LENGTH;
 148     } else if (SecAsn1OidCompare(algorithm, &CSSMOID_SHA256)) {
 149         digestFcn = CC_SHA256;
 150         digestLen = CC_SHA256_DIGEST_LENGTH;
 151     } else if (SecAsn1OidCompare(algorithm, &CSSMOID_SHA384)) {
 152         digestFcn = CC_SHA384;
 153         digestLen = CC_SHA384_DIGEST_LENGTH;
 154     } else if (SecAsn1OidCompare(algorithm, &CSSMOID_SHA512)) {
 155         digestFcn = CC_SHA512;
 156         digestLen = CC_SHA512_DIGEST_LENGTH;
 157     } else {
 158         return NULL;
 159     }
 160
 161         CFMutableDataRef digest = CFDataCreateMutable(allocator, digestLen);
 162         CFDataSetLength(digest, digestLen);
 163         //FIXME: Cast from CFIndex to CC_LONG
 164         digestFcn(data, (CC_LONG)length, CFDataGetMutableBytePtr(digest));
 165         return digest;
 166 }
 167
 168
 169 #include <CommonCrypto/CommonRandomSPI.h>
 170 const SecRandomRef kSecRandomDefault = NULL;
 171
 172 int SecRandomCopyBytes(SecRandomRef rnd, size_t count, uint8_t *bytes) {
 173     if (rnd != kSecRandomDefault)
 174         return errSecParam;
 175     return CCRandomCopyBytes(kCCRandomDefault, bytes, count);
 176 }
 177
 178 #if 0
 179 #include <CommonCrypto/CommonDigest.h>
 180 #include <stdlib.h>
 181
 182 /* FIPS rng declarations. */
 183 typedef struct __SecRandom *SecRandomRef;
 184 SecRandomRef SecRandomCreate(CFIndex randomAlg, CFIndex seedLength,
 185         const UInt8 *seed);
 186 void SecRandomCopyBytes(SecRandomRef randomref, CFIndex numBytes, UInt8 *outBytes);
 187
 188 /* FIPS Rng implementation. */
 189 struct __SecRandom {
 190         CC_SHA1_CTX sha1;
 191         CFIndex bytesLeft;
 192         UInt8 block[64];
 193 };
 194
 195 SecRandomRef SecRandomCreate(CFIndex randomAlg, CFIndex seedLength,
 196         const UInt8 *seed) {
 197         SecRandomRef result = (SecRandomRef)malloc(sizeof(struct __SecRandom));
 198         CC_SHA1_Init(&result->sha1);
 199         memset(result->block + 20, 0, 44);
 200         result->bytesLeft = 0;
 201
 202         if (seedLength) {
 203                 /* Digest the seed and put it into output. */
 204                 CCDigest(kCCDigestSHA1, seed, seedLength, result->block);
 205         } else {
 206                 /* Seed 20 bytes from "/dev/srandom". */
 207                 int fd = open("/dev/srandom", O_RDONLY);
 208                 if (fd < 0)
 209                         goto errOut;
 210
 211                 if (read(fd, result->block, 20) != 20)
 212                         goto errOut;
 213
 214                 close(fd);
 215         }
 216
 217         CC_SHA1_Update(&result->sha1, result->block, 64);
 218
 219         return result;
 220
 221 errOut:
 222         free(result);
 223         return NULL;
 224 }
 225
 226 void SecRandomCopyBytes(SecRandomRef randomref, CFIndex numBytes,
 227         UInt8 *outBytes) {
 228         while (numBytes > 0) {
 229                 if (!randomref->bytesLeft) {
 230                         CC_SHA1_Update(&randomref->sha1, randomref->block, 64);
 231                         OSWriteBigInt32(randomref->block, 0, randomref->sha1.h0);
 232                         OSWriteBigInt32(randomref->block, 4, randomref->sha1.h1);
 233                         OSWriteBigInt32(randomref->block, 8, randomref->sha1.h2);
 234                         OSWriteBigInt32(randomref->block, 12, randomref->sha1.h3);
 235                         OSWriteBigInt32(randomref->block, 16, randomref->sha1.h4);
 236                         randomref->bytesLeft = 20;
 237                 }
 238                 CFIndex outLength = (numBytes > randomref->bytesLeft ?
 239                                                          randomref->bytesLeft : numBytes);
 240                 memcpy(outBytes, randomref->block + 20 - randomref->bytesLeft,
 241                         outLength);
 242                 randomref->bytesLeft -= outLength;
 243                 outBytes += outLength;
 244                 numBytes -= outLength;
 245         }
 246 }
 247 #endif