]> git.saurik.com Git - apple/security.git/blob - AppleCSP/RSA_DSA/RSA_asymmetric.cpp
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-164.1.tar.gz
[apple/security.git] / AppleCSP / RSA_DSA / RSA_asymmetric.cpp
1 /*
2 * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
3 *
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
8 * using this file.
9 *
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
16 */
17
18
19 /*
20 * RSA_asymmetric.cpp - CSPContext for RSA asymmetric encryption
21 */
22
23 #include "RSA_asymmetric.h"
24 #include "RSA_DSA_utils.h"
25 #include <Security/debugging.h>
26 #include <open_ssl/opensslUtils/opensslUtils.h>
27
28 #define rsaCryptDebug(args...) secdebug("rsaCrypt", ## args)
29 #define rbprintf(args...) secdebug("rsaBuf", ## args)
30
31 RSA_CryptContext::~RSA_CryptContext()
32 {
33 if(mAllocdRsaKey) {
34 assert(mRsaKey != NULL);
35 RSA_free(mRsaKey);
36 mRsaKey = NULL;
37 mAllocdRsaKey = false;
38 }
39 }
40
41 /* called by CSPFullPluginSession */
42 void RSA_CryptContext::init(const Context &context, bool encoding /*= true*/)
43 {
44 if(mInitFlag && !opStarted()) {
45 /* reusing - e.g. query followed by encrypt */
46 return;
47 }
48
49 /* optional mode to use alternate key class (e.g., decrypt with public key) */
50 CSSM_KEYCLASS keyClass;
51 switch (context.getInt(CSSM_ATTRIBUTE_MODE)) {
52 case CSSM_ALGMODE_PUBLIC_KEY:
53 keyClass = CSSM_KEYCLASS_PUBLIC_KEY;
54 break;
55 case CSSM_ALGMODE_PRIVATE_KEY:
56 keyClass = CSSM_KEYCLASS_PRIVATE_KEY;
57 break;
58 case CSSM_ALGMODE_NONE:
59 /* default, not present in context: infer from op type */
60 keyClass = encoding ? CSSM_KEYCLASS_PUBLIC_KEY : CSSM_KEYCLASS_PRIVATE_KEY;
61 break;
62 default:
63 CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_MODE);
64 }
65
66 /* fetch key from context */
67 if(mRsaKey == NULL) {
68 assert(!opStarted());
69 mRsaKey = contextToRsaKey(context,
70 session(),
71 keyClass,
72 encoding ? CSSM_KEYUSE_ENCRYPT : CSSM_KEYUSE_DECRYPT,
73 mAllocdRsaKey);
74 }
75 else {
76 assert(opStarted());
77 }
78
79 unsigned cipherBlockSize = RSA_size(mRsaKey);
80 unsigned plainBlockSize;
81
82 /* padding - not present means value zero, CSSM_PADDING_NONE */
83 uint32 padding = context.getInt(CSSM_ATTRIBUTE_PADDING);
84 switch(padding) {
85 case CSSM_PADDING_NONE:
86 mPadding = RSA_NO_PADDING;
87 plainBlockSize = cipherBlockSize;
88 break;
89 case CSSM_PADDING_PKCS1:
90 mPadding = RSA_PKCS1_PADDING;
91 plainBlockSize = cipherBlockSize - 11;
92 break;
93 default:
94 CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_PADDING);
95 }
96
97 /* optional blinding attribute */
98 uint32 blinding = context.getInt(CSSM_ATTRIBUTE_RSA_BLINDING);
99 if(blinding) {
100 if(RSA_blinding_on(mRsaKey, NULL) <= 0) {
101 /* actually no legit failures */
102 CssmError::throwMe(CSSMERR_CSP_INTERNAL_ERROR);
103 }
104 }
105 else {
106 RSA_blinding_off(mRsaKey);
107 }
108
109 /* finally, have BlockCryptor set up its stuff. */
110 setup(encoding ? plainBlockSize : cipherBlockSize, // blockSizeIn
111 encoding ? cipherBlockSize : plainBlockSize, // blockSizeOut
112 false, // pkcs5Pad
113 false, // needsFinal
114 BCM_ECB,
115 NULL); // IV
116 mInitFlag = true;
117
118 }
119 /* called by BlockCryptor */
120 void RSA_CryptContext::encryptBlock(
121 const void *plainText, // length implied (one block)
122 size_t plainTextLen,
123 void *cipherText,
124 size_t &cipherTextLen, // in/out, throws on overflow
125 bool final)
126 {
127 int irtn;
128
129 if(mRsaKey->d == NULL) {
130 irtn = RSA_public_encrypt(plainTextLen,
131 (unsigned char *)plainText,
132 (unsigned char *)cipherText,
133 mRsaKey,
134 mPadding);
135 }
136 else {
137 irtn = RSA_private_encrypt(plainTextLen,
138 (unsigned char *)plainText,
139 (unsigned char *)cipherText,
140 mRsaKey,
141 mPadding);
142 }
143 if(irtn < 0) {
144 throwRsaDsa("RSA_public_encrypt");
145 }
146 else if((unsigned)irtn > cipherTextLen) {
147 rsaCryptDebug("RSA_public_encrypt overflow");
148 CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR);
149 }
150 cipherTextLen = (size_t)irtn;
151 }
152
153 void RSA_CryptContext::decryptBlock(
154 const void *cipherText, // length implied (one cipher block)
155 void *plainText,
156 size_t &plainTextLen, // in/out, throws on overflow
157 bool final)
158 {
159 int irtn;
160
161 if(mRsaKey->d == NULL) {
162 irtn = RSA_public_decrypt(inBlockSize(),
163 (unsigned char *)cipherText,
164 (unsigned char *)plainText,
165 mRsaKey,
166 mPadding);
167 }
168 else {
169 irtn = RSA_private_decrypt(inBlockSize(),
170 (unsigned char *)cipherText,
171 (unsigned char *)plainText,
172 mRsaKey,
173 mPadding);
174 }
175 if(irtn < 0) {
176 throwRsaDsa("RSA_private_decrypt");
177 }
178 else if((unsigned)irtn > plainTextLen) {
179 rsaCryptDebug("RSA_private_decrypt overflow");
180 CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR);
181 }
182 plainTextLen = (size_t)irtn;
183 }
184
185 size_t RSA_CryptContext::outputSize(
186 bool final, // ignored
187 size_t inSize /*= 0*/) // output for given input size
188 {
189 UInt32 rawBytes = inSize + inBufSize();
190 UInt32 rawBlocks = (rawBytes + inBlockSize() - 1) / inBlockSize();
191 rbprintf("--- RSA_CryptContext::outputSize inSize 0x%lx outSize 0x%lx mInBufSize 0x%lx",
192 inSize, rawBlocks * outBlockSize(), inBufSize());
193 return rawBlocks * outBlockSize();
194 }
mirror of Security