]> git.saurik.com Git - apple/security.git/blob - OSX/sec/Security/SecOTRMath.c
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-57337.50.23.tar.gz
[apple/security.git] / OSX / sec / Security / SecOTRMath.c
1 /*
2 * Copyright (c) 2011-2012,2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24
25 #include "SecOTRMath.h"
26
27 #include "SecOTRPacketData.h"
28
29 #include <utilities/SecCFWrappers.h>
30 #include <AssertMacros.h>
31
32 #include <pthread.h>
33
34 #include <Security/SecRandom.h>
35
36 #include <corecrypto/ccsha2.h>
37 #include <corecrypto/cczp.h>
38 #include <corecrypto/ccdh_gp.h>
39
40 #include <limits.h>
41
42 void OTRExponentiate(cc_unit* res, const cc_unit* base, const cc_unit* exponent)
43 {
44 ccdh_const_gp_t gp = ccdh_gp_rfc3526group05();
45 cczp_power(gp.zp, res, base, exponent);
46 }
47
48 void OTRGroupExponentiate(cc_unit* res, const cc_unit* exponent)
49 {
50 OTRExponentiate(res, ccdh_gp_g(ccdh_gp_rfc3526group05()) , exponent);
51 }
52
53 //
54 // Random Number Generation
55 //
56
57 OSStatus GetRandomBytesInLSBs(size_t bytesOfRandomness, size_t n, cc_unit* place)
58 {
59 OSStatus result = errSecParam;
60 require(bytesOfRandomness * 8 <= ccn_bitsof_n(n), fail);
61 {
62 uint8_t randomBytes[bytesOfRandomness];
63
64 result = SecRandomCopyBytes(kSecRandomDefault, sizeof(randomBytes), randomBytes);
65
66 require_noerr(result, fail);
67
68 ccn_read_uint(n, place, sizeof(randomBytes), randomBytes);
69
70 bzero(randomBytes, bytesOfRandomness);
71 }
72 fail:
73 return result;
74 }
75
76 OSStatus FillWithRandomBytes(size_t n, cc_unit* place)
77 {
78 return GetRandomBytesInLSBs(ccn_sizeof(n), n, place);
79 }
80
81
82 static const uint8_t kIVZero[16] = { };
83
84 static void AES_CTR_Transform(size_t keySize, const uint8_t* key,
85 const uint8_t iv[16],
86 size_t howMuch, const uint8_t* from, uint8_t* to)
87 {
88 const struct ccmode_ctr* ctr_encrypt = ccaes_ctr_crypt_mode();
89 ccctr_ctx_decl(ctr_encrypt->size, ctr_ctx);
90 ctr_encrypt->init(ctr_encrypt, ctr_ctx, keySize, key, iv);
91
92 ctr_encrypt->ctr(ctr_ctx, howMuch, from, to);
93 }
94
95 void AES_CTR_HighHalf_Transform(size_t keySize, const uint8_t* key,
96 uint64_t highHalf,
97 size_t howMuch, const uint8_t* from, uint8_t* to)
98 {
99 uint8_t iv[16] = { highHalf >> 56, highHalf >> 48, highHalf >> 40, highHalf >> 32,
100 highHalf >> 24, highHalf >> 16, highHalf >> 8 , highHalf >> 0,
101 0, 0, 0, 0,
102 0, 0, 0, 0 };
103 AES_CTR_Transform(keySize, key, iv, howMuch, from, to);
104 }
105
106 void AES_CTR_IV0_Transform(size_t keySize, const uint8_t* key,
107 size_t howMuch, const uint8_t* from, uint8_t* to)
108 {
109 AES_CTR_Transform(keySize, key, kIVZero, howMuch, from, to);
110 }
111
112
113 //
114 // Key Derivation
115 //
116
117 static void HashMPIWithPrefix(uint8_t byte, cc_size sN, const cc_unit* s, uint8_t* buffer)
118 {
119 CFMutableDataRef dataToHash = CFDataCreateMutable(kCFAllocatorDefault, 0);
120 CFDataAppendBytes(dataToHash, &byte, 1);
121
122 AppendMPI(dataToHash, sN, s);
123
124 uint8_t *bytesToHash = CFDataGetMutableBytePtr(dataToHash);
125 CFIndex amountToHash = CFDataGetLength(dataToHash);
126
127 /* 64 bits cast: amountToHash is the size of an identity +1 , which is currently hardcoded and never more than 2^32 bytes */
128 assert((unsigned long)amountToHash<UINT32_MAX); /* Debug check, Correct as long as CFIndex is a signed long and CC_LONG is a uint32_t */
129
130 (void) CC_SHA256(bytesToHash, (CC_LONG)amountToHash, buffer);
131
132 bzero(bytesToHash, (size_t)amountToHash);
133 CFReleaseNull(dataToHash);
134 }
135
136 void DeriveOTR256BitsFromS(KeyType whichKey, cc_size sN, const cc_unit* s, size_t keySize, uint8_t* key)
137 {
138 HashMPIWithPrefix(whichKey, sN, s, key);
139 }
140
141 void DeriveOTR128BitPairFromS(KeyType whichKey, size_t sSize, const cc_unit* s,
142 size_t firstKeySize, uint8_t* firstKey,
143 size_t secondKeySize, uint8_t* secondKey)
144 {
145 uint8_t hashBuffer[CCSHA256_OUTPUT_SIZE];
146
147 HashMPIWithPrefix(whichKey, sSize, s, hashBuffer);
148
149 if (firstKey) {
150 firstKeySize = firstKeySize > CCSHA256_OUTPUT_SIZE/2 ? CCSHA256_OUTPUT_SIZE/2 : firstKeySize;
151 memcpy(firstKey, hashBuffer, firstKeySize);
152 }
153 if (secondKey) {
154 secondKeySize = secondKeySize > CCSHA256_OUTPUT_SIZE/2 ? CCSHA256_OUTPUT_SIZE/2 : secondKeySize;
155 memcpy(secondKey, hashBuffer, secondKeySize);
156 }
157
158 bzero(hashBuffer, CCSHA256_OUTPUT_SIZE);
159
160 }
161
162 void DeriveOTR64BitsFromS(KeyType whichKey, size_t sn, const cc_unit* s,
163 size_t topKeySize, uint8_t* topKey)
164 {
165 uint8_t hashBuffer[CCSHA256_OUTPUT_SIZE];
166
167 HashMPIWithPrefix(whichKey, sn, s, hashBuffer);
168
169 topKeySize = topKeySize > CCSHA256_OUTPUT_SIZE/2 ? CCSHA256_OUTPUT_SIZE/2 : topKeySize;
170 memcpy(topKey, hashBuffer, topKeySize);
171
172 bzero(hashBuffer, CCSHA256_OUTPUT_SIZE);
173 }
174
mirror of Security