]> git.saurik.com Git - apple/security.git/blob - AppleCSP/AppleCSP/pkcs8.cpp
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-164.1.tar.gz
[apple/security.git] / AppleCSP / AppleCSP / pkcs8.cpp
1 /*
2 * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
3 *
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
8 * using this file.
9 *
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
16 */
17
18
19 //
20 // pkcs8.cpp - PKCS8 key wrap/unwrap support.
21 //
22
23
24 #include "pkcs8.h"
25 #include "AppleCSPUtils.h"
26 #include "AppleCSPKeys.h"
27 #include <SecurityNssAsn1/keyTemplates.h>
28 #include <SecurityNssAsn1/SecNssCoder.h>
29 #include <SecurityNssAsn1/nssUtils.h>
30 #include "AppleCSPSession.h"
31 #include <Security/cssmapple.h>
32
33 /*
34 * Given a key in PKCS8 format, fill in the following
35 * header fields:
36 *
37 * CSSM_KEYBLOB_FORMAT Format
38 * CSSM_ALGORITHMS AlgorithmId
39 * uint32 LogicalKeySizeInBits
40 */
41 void AppleCSPSession::pkcs8InferKeyHeader(
42 CssmKey &key)
43 {
44 /*
45 * Incoming key blob is a PrivateKeyInfo. Take it apart
46 * to get its algorithm info, from which we infer other
47 * fields.
48 */
49 NSS_PrivateKeyInfo privKeyInfo;
50 SecNssCoder coder;
51 CSSM_DATA &keyData = key.KeyData;
52
53 memset(&privKeyInfo, 0, sizeof(privKeyInfo));
54 if(coder.decodeItem(keyData, NSS_PrivateKeyInfoTemplate,
55 &privKeyInfo)) {
56 errorLog0("pkcs8InferKeyHeader decode error\n");
57 CssmError::throwMe(CSSMERR_CSP_INVALID_KEY);
58 }
59
60 CSSM_KEYHEADER &hdr = key.KeyHeader;
61 if(!cssmOidToAlg(&privKeyInfo.algorithm.algorithm,
62 &hdr.AlgorithmId)) {
63 errorLog0("pkcs8InferKeyHeader unknown algorithm\n");
64 CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
65 }
66
67 switch(hdr.AlgorithmId) {
68 case CSSM_ALGID_RSA:
69 hdr.Format = CSSM_KEYBLOB_RAW_FORMAT_PKCS8;
70 break;
71 case CSSM_ALGID_DSA:
72 hdr.Format = CSSM_KEYBLOB_RAW_FORMAT_FIPS186;
73 break;
74 default:
75 /* punt */
76 hdr.Format = CSSM_KEYBLOB_RAW_FORMAT_NONE;
77 break;
78 }
79
80 /*
81 * Find someone whoe knows about this key and ask them the
82 * key size
83 */
84 CSPKeyInfoProvider *provider = infoProvider(key);
85 if(provider == NULL) {
86 errorLog0("pkcs8InferKeyHeader no info provider\n");
87 /* but we got this far, so don't abort */
88 return;
89 }
90 CSSM_KEY_SIZE keySize;
91 provider->QueryKeySizeInBits(keySize);
92 hdr.LogicalKeySizeInBits = keySize.LogicalKeySizeInBits;
93 delete provider;
94 }
95
96 /*
97 * When doing a PKCS8 wrap operation on a reference key, this
98 * is used to infer the blob type to obtain before the encryption.
99 */
100 CSSM_KEYBLOB_FORMAT pkcs8RawKeyFormat(
101 CSSM_ALGORITHMS keyAlg)
102 {
103 switch(keyAlg) {
104 case CSSM_ALGID_RSA:
105 return CSSM_KEYBLOB_RAW_FORMAT_PKCS8;
106 case CSSM_ALGID_DSA:
107 return CSSM_KEYBLOB_RAW_FORMAT_FIPS186;
108 default:
109 /* punt */
110 return CSSM_KEYBLOB_RAW_FORMAT_NONE;
111 }
112 }
mirror of Security