OSX/libsecurity_apple_csp/lib/miscalgorithms.cpp

   1 /*
   2  * Copyright (c) 2000-2001,2011,2014 Apple Inc. All Rights Reserved.
   3  *
   4  * The contents of this file constitute Original Code as defined in and are
   5  * subject to the Apple Public Source License Version 1.2 (the 'License').
   6  * You may not use this file except in compliance with the License. Please obtain
   7  * a copy of the License at http://www.apple.com/publicsource and read it before
   8  * using this file.
   9  *
  10  * This Original Code and all software distributed under the License are
  11  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
  12  * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
  13  * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
  14  * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
  15  * specific language governing rights and limitations under the License.
  16  */
  17
  18 #ifdef  BSAFE_CSP_ENABLE
  19
  20 //
  21 // miscalgorithms - miscellaneous BSafe context creators and managers
  22 //
  23 #include "bsafecspi.h"
  24
  25 #include <stdio.h>      // debug
  26
  27
  28 //
  29 // Digest algorithms.
  30 // NOTE: There is no init() method, since BSafe digest algorithms re-initialize
  31 // automatically and there is no directional difference.
  32 //
  33 BSafe::DigestContext::DigestContext(
  34         AppleCSPSession &session,
  35         const Context &,
  36         B_INFO_TYPE bAlgInfo,
  37         size_t sz)
  38         : BSafeContext(session)
  39 {
  40     mOutSize = sz;
  41     inUpdate = B_DigestUpdate;
  42     outFinal = B_DigestFinal;
  43     setAlgorithm(bAlgInfo);
  44     check(B_DigestInit(bsAlgorithm, bsKey, chooser(), bsSurrender));
  45     initialized = true;
  46 }
  47
  48
  49 //
  50 // Signing/Verifying algorithms
  51 //
  52 // FIXME:
  53 // We really should match the key algorithm to the sign/vfy
  54 // algorithm. Also: verify key usage bits.
  55 void BSafe::SigningContext::init(
  56         const Context &context,
  57         bool signing)
  58 {
  59     if (reusing(signing))
  60         return;         // all set to go
  61
  62     setAlgorithm(algorithm, NULL);
  63     setKeyFromContext(context); // may set outSize for some keys
  64
  65     if (signing) {
  66         check(B_SignInit(bsAlgorithm, bsKey, chooser(), bsSurrender));
  67         setRandom();    // needed by some signing algorithms
  68         inUpdate = B_SignUpdate;
  69         outFinalR = B_SignFinal;
  70         outFinal = NULL;
  71     } else {
  72         check(B_VerifyInit(bsAlgorithm, bsKey, chooser(), bsSurrender));
  73         inUpdate = B_VerifyUpdate;
  74         inFinalR = B_VerifyFinal;
  75         inFinal = NULL;
  76     }
  77 }
  78
  79
  80 //
  81 // MAC algorithms.
  82 // Note that BSafe treats MACs as digest algorithms - it has no MAC algorithm
  83 // class. Thus, verifying consists of "digesting" followed by comparing the result.
  84 //
  85 // FIXME : what kind of key do we expect here? For now, any old
  86 // symmetric key will work...
  87 //
  88 void BSafe::MacContext::init(
  89         const Context &context,
  90         bool signing)
  91 {
  92     if (reusing(signing))
  93         return;         // all set to go
  94
  95     B_DIGEST_SPECIFIER digestSpec;
  96     digestSpec.digestInfoType = algorithm;
  97     digestSpec.digestInfoParams = NULL;
  98
  99     setAlgorithm(AI_HMAC, &digestSpec);
 100     setKeyFromContext(context);
 101     check(B_DigestInit(bsAlgorithm, bsKey, chooser(), bsSurrender));
 102
 103     if (signing) {
 104         inUpdate = B_DigestUpdate;
 105         outFinal = B_DigestFinal;
 106     } else {
 107         inUpdate = B_DigestUpdate;
 108         // need not set xxFinal - we override final().
 109     }
 110 }
 111
 112 void BSafe::MacContext::final(const CssmData &in)
 113 {
 114     // we need to perform a DigestFinal step into a temp buffer and compare to 'in'
 115     void *digest = normAllocator->malloc(in.length());
 116     unsigned int length;
 117     check(B_DigestFinal(bsAlgorithm, POINTER(digest), &length, in.length(), bsSurrender));
 118     bool verified = length == in.length() && !memcmp(digest, in.data(), in.length());
 119     normAllocator->free(digest);
 120         initialized = false;
 121     if (!verified)
 122         CssmError::throwMe(CSSMERR_CSP_VERIFY_FAILED);
 123 }
 124
 125
 126 //
 127 // Random-number generation algorithms.
 128 // Note that we don't use bsRandom, since that's our internal fixed "best to use" method,
 129 // not the one the user asked for.
 130 // NOTE: We freeze the output size at init().
 131 //
 132 void BSafe::RandomContext::init(const Context &context, bool)
 133 {
 134         reset();        // throw away, we need to re-seed anyway
 135         setAlgorithm(algorithm, NULL);  // MD5 generator mode (RSA proprietary)
 136         check(B_RandomInit(bsAlgorithm, chooser(), bsSurrender));
 137
 138         // set/freeze output size
 139         mOutSize = context.getInt(CSSM_ATTRIBUTE_OUTPUT_SIZE, CSSMERR_CSP_MISSING_ATTR_OUTPUT_SIZE);
 140
 141         // seed the PRNG (if specified)
 142         if (const CssmCryptoData *seed = context.get<CssmCryptoData>(CSSM_ATTRIBUTE_SEED)) {
 143                 const CssmData &seedValue = (*seed)();
 144                 check(B_RandomUpdate(bsAlgorithm, POINTER(seedValue.data()), seedValue.length(), bsSurrender));
 145         }
 146 }
 147
 148 void BSafe::RandomContext::final(CssmData &data)
 149 {
 150         check(B_GenerateRandomBytes(bsAlgorithm, POINTER(data.data()), mOutSize, bsSurrender));
 151 }
 152 #endif  /* BSAFE_CSP_ENABLE */