AppleCSP/DiffieHellman/DH_utils.cpp

   1 /*
   2  * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
   3  *
   4  * The contents of this file constitute Original Code as defined in and are
   5  * subject to the Apple Public Source License Version 1.2 (the 'License').
   6  * You may not use this file except in compliance with the License. Please obtain
   7  * a copy of the License at http://www.apple.com/publicsource and read it before
   8  * using this file.
   9  *
  10  * This Original Code and all software distributed under the License are
  11  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
  12  * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
  13  * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
  14  * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
  15  * specific language governing rights and limitations under the License.
  16  */
  17
  18
  19 /*
  20  * DH_utils.cpp
  21  */
  22
  23 #include "DH_utils.h"
  24 #include "DH_keys.h"
  25 #include <opensslUtils/openRsaSnacc.h>
  26 #include <Security/logging.h>
  27 #include <Security/debugging.h>
  28 #include <open_ssl/opensslUtils/opensslUtils.h>
  29 #include <openssl/bn.h>
  30 #include <openssl/dh.h>
  31 #include <openssl/err.h>
  32
  33 #define dhMiscDebug(args...)    debug("dhMisc", ## args)
  34
  35 /*
  36  * Given a Context:
  37  * -- obtain CSSM key (there must only be one)
  38  * -- validate keyClass - MUST be private! (DH public keys are never found
  39  *    in contexts.)
  40  * -- validate keyUsage
  41  * -- convert to DH *, allocating the DH key if necessary
  42  */
  43 DH *contextToDhKey(
  44         const Context           &context,
  45         AppleCSPSession         &session,
  46         CSSM_KEYUSE                     usage,            // CSSM_KEYUSE_ENCRYPT, CSSM_KEYUSE_SIGN, etc.
  47         bool                            &mallocdKey)  // RETURNED
  48 {
  49     CssmKey &cssmKey =
  50                 context.get<CssmKey>(CSSM_ATTRIBUTE_KEY, CSSMERR_CSP_MISSING_ATTR_KEY);
  51         const CSSM_KEYHEADER &hdr = cssmKey.KeyHeader;
  52         if(hdr.AlgorithmId != CSSM_ALGID_DH) {
  53                 CssmError::throwMe(CSSMERR_CSP_ALGID_MISMATCH);
  54         }
  55         if(hdr.KeyClass != CSSM_KEYCLASS_PRIVATE_KEY) {
  56                 CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS);
  57         }
  58         cspValidateIntendedKeyUsage(&hdr, usage);
  59         return cssmKeyToDh(cssmKey, session, mallocdKey);
  60 }
  61 /*
  62  * Convert a CssmKey (Private only!) to an DH * key. May result in the
  63  * creation of a new DH (when cssmKey is a raw key); allocdKey is true
  64  * in that case in which case the caller generally has to free the allocd key).
  65  */
  66 DH *cssmKeyToDh(
  67         const CssmKey   &cssmKey,
  68         AppleCSPSession &session,
  69         bool                    &allocdKey)             // RETURNED
  70 {
  71         DH *dhKey = NULL;
  72         allocdKey = false;
  73
  74         const CSSM_KEYHEADER *hdr = &cssmKey.KeyHeader;
  75         if(hdr->AlgorithmId != CSSM_ALGID_DH) {
  76                 // someone else's key (should never happen)
  77                 CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
  78         }
  79         assert(hdr->KeyClass == CSSM_KEYCLASS_PRIVATE_KEY);
  80         switch(hdr->BlobType) {
  81                 case CSSM_KEYBLOB_RAW:
  82                         dhKey = rawCssmKeyToDh(cssmKey);
  83                         allocdKey = true;
  84                         break;
  85                 case CSSM_KEYBLOB_REFERENCE:
  86                 {
  87                         BinaryKey &binKey = session.lookupRefKey(cssmKey);
  88                         DHBinaryKey *dhBinKey = dynamic_cast<DHBinaryKey *>(&binKey);
  89                         /* this cast failing means that this is some other
  90                          * kind of binary key */
  91                         if(dhBinKey == NULL) {
  92                                 dhMiscDebug("cssmKeyToDh: wrong BinaryKey subclass\n");
  93                                 CssmError::throwMe(CSSMERR_CSP_INVALID_KEY);
  94                         }
  95                         assert(dhBinKey->mDhKey != NULL);
  96                         dhKey = dhBinKey->mDhKey;
  97                         break;
  98                 }
  99                 default:
 100                         CssmError::throwMe(CSSMERR_CSP_KEY_BLOB_TYPE_INCORRECT);
 101         }
 102         return dhKey;
 103 }
 104
 105 /*
 106  * Convert a raw CssmKey (Private only!)  to a newly alloc'd DH key.
 107  */
 108 DH *rawCssmKeyToDh(
 109         const CssmKey   &cssmKey)
 110 {
 111         const CSSM_KEYHEADER *hdr = &cssmKey.KeyHeader;
 112
 113         if(hdr->AlgorithmId != CSSM_ALGID_DH) {
 114                 // someone else's key (should never happen)
 115                 CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
 116         }
 117         assert(hdr->BlobType == CSSM_KEYBLOB_RAW);
 118         assert(hdr->KeyClass == CSSM_KEYCLASS_PRIVATE_KEY);
 119         if(hdr->Format != DH_PRIV_KEY_FORMAT) {
 120                 CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_PRIVATE_KEY_FORMAT);
 121         }
 122
 123         DH *dhKey = DH_new();
 124         if(dhKey == NULL) {
 125                 CssmError::throwMe(CSSMERR_CSP_MEMORY_ERROR);
 126         }
 127         CSSM_RETURN crtn;
 128         crtn = DHPrivateKeyDecode(dhKey,
 129                 cssmKey.KeyData.Data,
 130                 cssmKey.KeyData.Length);
 131         if(crtn) {
 132                 CssmError::throwMe(crtn);
 133         }
 134         return dhKey;
 135 }
 136