]> git.saurik.com Git - apple/security.git/blob - SecurityTests/clxutils/p12/p12GetPassKey.cpp
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-57031.1.35.tar.gz
[apple/security.git] / SecurityTests / clxutils / p12 / p12GetPassKey.cpp
1 /*
2 * p12GetPassKey.h - get a CSSM_ALGID_SECURE_PASSPHRASE key for encode/decode
3 */
4
5 #include <CoreFoundation/CoreFoundation.h>
6 #include <Security/Security.h>
7 #include "p12GetPassKey.h"
8 #include <CoreServices.framework/Frameworks/CarbonCore.framework/Headers/MacErrors.h>
9 #include <Security/cssmapple.h>
10 #include <utilLib/cspwrap.h>
11
12 /* when true, simulate secure passphrase in CSPDL */
13 #define SIMULATE_PASSPHRASE 1
14
15 /*
16 * Safe gets().
17 * -- guaranteed no buffer overflow
18 * -- guaranteed NULL-terminated string
19 * -- handles empty string (i.e., response is just CR) properly
20 */
21 void getString(
22 char *buf,
23 unsigned bufSize)
24 {
25 unsigned dex;
26 char c;
27 char *cp = buf;
28
29 for(dex=0; dex<bufSize-1; dex++) {
30 c = getchar();
31 if (c == EOF) {
32 break;
33 }
34
35 if(!isprint(c)) {
36 break;
37 }
38 switch(c) {
39 case '\n':
40 case '\r':
41 goto done;
42 default:
43 *cp++ = c;
44 }
45 }
46 done:
47 *cp = '\0';
48 }
49
50 OSStatus p12GetPassKey(
51 CSSM_CSP_HANDLE cspHand,
52 GPK_Type gpkType,
53 bool isRawCsp,
54 CSSM_KEY *passKey) // RETURNED
55 {
56 if(isRawCsp || SIMULATE_PASSPHRASE) {
57 char passphrase[512];
58
59 if(gpkType == GPK_Decode) {
60 printf("Enter passphrase for PKCS12 Decode: ");
61 }
62 else {
63 printf("Enter passphrase for PKCS12 Encode: ");
64 }
65 getString(passphrase, 512);
66
67 /* cook up a raw key with passphrase as data */
68 unsigned phraseLen = strlen(passphrase);
69 CSSM_KEY rawKey;
70 memset(&rawKey, 0, sizeof(CSSM_KEY));
71 CSSM_KEYHEADER &hdr = rawKey.KeyHeader;
72 hdr.HeaderVersion = CSSM_KEYHEADER_VERSION;
73 hdr.BlobType = CSSM_KEYBLOB_RAW;
74 hdr.Format = CSSM_KEYBLOB_RAW_FORMAT_OCTET_STRING;
75 hdr.AlgorithmId = CSSM_ALGID_SECURE_PASSPHRASE;
76 hdr.KeyClass = CSSM_KEYCLASS_SESSION_KEY;
77 hdr.LogicalKeySizeInBits = phraseLen * 2 * 8;
78 hdr.KeyAttr = CSSM_KEYATTR_MODIFIABLE | CSSM_KEYATTR_EXTRACTABLE;
79 hdr.KeyUsage = CSSM_KEYUSE_DERIVE;
80
81 #if 0
82 /* data = Unicode version of C string passphrase, bigendian */
83 rawKey.KeyData.Length = phraseLen * 2;
84 rawKey.KeyData.Data = (uint8 *)malloc(phraseLen * 2);
85 const char *cpIn = passphrase;
86 char *cpOut = (char *)rawKey.KeyData.Data;
87
88 for(unsigned dex=0; dex<phraseLen; dex++) {
89 *cpOut++ = 0;
90 *cpOut++ = *cpIn++;
91 }
92 #else
93
94 /* data = external representation of CFString */
95 CFStringRef cfStr = CFStringCreateWithCString(NULL, passphrase,
96 kCFStringEncodingASCII);
97 CFDataRef cfData = CFStringCreateExternalRepresentation(NULL,
98 cfStr, kCFStringEncodingUnicode, 0);
99 unsigned keyLen = CFDataGetLength(cfData);
100 rawKey.KeyData.Length = keyLen;
101 rawKey.KeyData.Data = (uint8 *)malloc(keyLen);
102 memmove(rawKey.KeyData.Data, CFDataGetBytePtr(cfData), keyLen);
103 CFRelease(cfData);
104 CFRelease(cfStr);
105 hdr.LogicalKeySizeInBits = keyLen * 8;
106 #endif
107 CSSM_DATA descrData = {0, NULL};
108
109 /* NULL unwrap to make a ref key */
110 CSSM_RETURN crtn = cspUnwrapKey(cspHand,
111 &rawKey,
112 NULL, // wrappingKey
113 CSSM_ALGID_NONE,
114 0, 0, 0, // mode, pad, vector
115 passKey,
116 &descrData,
117 "someLabel",
118 9); // labelLen
119 if(crtn) {
120 printf("***Error doing NULL wrap of passKey.\n");
121 return crtn;
122 }
123 return crtn;
124 }
125 else {
126 printf("SS does not support secure passphrase yet.");
127 /*
128 * TBD: do a DeriveKey
129 */
130 return unimpErr;
131 }
132 }
mirror of Security