2 * Copyright (c) 2006-2015 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
25 * SecFramework.c - generic non API class specific functions
29 #include "SecFrameworkP.h"
31 #include <CoreFoundation/CFBundle.h>
32 #include <CoreFoundation/CFURLAccess.h>
34 #include "SecRandomP.h"
36 #include <CommonCrypto/CommonDigest.h>
37 #include <Security/SecAsn1Coder.h>
38 #include <Security/oidsalg.h>
40 #include <sys/types.h>
45 #include <CoreFoundation/CFBundlePriv.h>
47 #include <utilities/debugging.h>
49 /* Security framework's own bundle used for localized string lookups. */
50 static CFBundleRef kSecFrameworkBundle
;
51 static pthread_once_t kSecFrameworkBundleLookup
= PTHREAD_ONCE_INIT
;
53 static void SecFrameworkBundleLookup(void) {
54 // figure out the path to our executable
58 // make a file URL from the returned string
59 CFURLRef urlRef
= CFURLCreateFromFileSystemRepresentation(NULL
, (const UInt8
*) info
.dli_fname
, strlen(info
.dli_fname
), false);
60 kSecFrameworkBundle
= _CFBundleCreateWithExecutableURLIfLooksLikeBundle(NULL
, urlRef
);
63 if (kSecFrameworkBundle
)
64 CFRetain(kSecFrameworkBundle
);
67 CFStringRef
SecFrameworkCopyLocalizedString(CFStringRef key
,
68 CFStringRef tableName
) {
69 pthread_once(&kSecFrameworkBundleLookup
, SecFrameworkBundleLookup
);
70 if (kSecFrameworkBundle
) {
71 return CFBundleCopyLocalizedString(kSecFrameworkBundle
, key
, key
,
79 CFURLRef
SecFrameworkCopyResourceURL(CFStringRef resourceName
,
80 CFStringRef resourceType
, CFStringRef subDirName
) {
82 pthread_once(&kSecFrameworkBundleLookup
, SecFrameworkBundleLookup
);
83 if (kSecFrameworkBundle
) {
84 url
= CFBundleCopyResourceURL(kSecFrameworkBundle
, resourceName
,
85 resourceType
, subDirName
);
87 secdebug("SecFramework", "resource: %@.%@ in %@ not found", resourceName
,
88 resourceType
, subDirName
);
96 CFDataRef
SecFrameworkCopyResourceContents(CFStringRef resourceName
,
97 CFStringRef resourceType
, CFStringRef subDirName
) {
98 CFURLRef url
= SecFrameworkCopyResourceURL(resourceName
, resourceType
,
100 CFDataRef data
= NULL
;
103 if (!CFURLCreateDataAndPropertiesFromResource(kCFAllocatorDefault
,
104 url
, &data
, NULL
, NULL
, &error
)) {
105 secdebug("SecFramework", "read: %d", (int)error
);
113 /* Return the SHA1 digest of a chunk of data as newly allocated CFDataRef. */
114 CFDataRef
SecSHA1DigestCreate(CFAllocatorRef allocator
,
115 const UInt8
*data
, CFIndex length
) {
116 CFMutableDataRef digest
= CFDataCreateMutable(allocator
,
117 CC_SHA1_DIGEST_LENGTH
);
118 CFDataSetLength(digest
, CC_SHA1_DIGEST_LENGTH
);
119 CC_SHA1(data
, (CC_LONG
)length
, CFDataGetMutableBytePtr(digest
));
124 CFDataRef
SecDigestCreate(CFAllocatorRef allocator
,
125 const SecAsn1Oid
*algorithm
, const SecAsn1Item
*params
,
126 const UInt8
*data
, CFIndex length
) {
127 unsigned char *(*digestFcn
)(const void *data
, CC_LONG len
, unsigned char *md
);
130 if (SecAsn1OidCompare(algorithm
, &CSSMOID_SHA1
)) {
132 digestLen
= CC_SHA1_DIGEST_LENGTH
;
133 } else if (SecAsn1OidCompare(algorithm
, &CSSMOID_SHA224
)) {
134 digestFcn
= CC_SHA224
;
135 digestLen
= CC_SHA224_DIGEST_LENGTH
;
136 } else if (SecAsn1OidCompare(algorithm
, &CSSMOID_SHA256
)) {
137 digestFcn
= CC_SHA256
;
138 digestLen
= CC_SHA256_DIGEST_LENGTH
;
139 } else if (SecAsn1OidCompare(algorithm
, &CSSMOID_SHA384
)) {
140 digestFcn
= CC_SHA384
;
141 digestLen
= CC_SHA384_DIGEST_LENGTH
;
142 } else if (SecAsn1OidCompare(algorithm
, &CSSMOID_SHA512
)) {
143 digestFcn
= CC_SHA512
;
144 digestLen
= CC_SHA512_DIGEST_LENGTH
;
149 CFMutableDataRef digest
= CFDataCreateMutable(allocator
, digestLen
);
150 CFDataSetLength(digest
, digestLen
);
151 digestFcn(data
, length
, CFDataGetMutableBytePtr(digest
));
158 /* Default random ref for /dev/random. */
159 const SecRandomRef kSecRandomDefault
= NULL
;
161 /* File descriptor for "/dev/random". */
162 static int kSecRandomFD
;
163 static pthread_once_t kSecDevRandomOpen
= PTHREAD_ONCE_INIT
;
165 static void SecDevRandomOpen(void) {
166 kSecRandomFD
= open("/dev/random", O_RDONLY
);
169 int SecRandomCopyBytes(SecRandomRef rnd
, size_t count
, uint8_t *bytes
) {
170 if (rnd
!= kSecRandomDefault
)
172 pthread_once(&kSecDevRandomOpen
, SecDevRandomOpen
);
173 if (kSecRandomFD
< 0)
176 ssize_t bytes_read
= read(kSecRandomFD
, bytes
, count
);
177 if (bytes_read
== -1) {
182 if (bytes_read
== 0) {
191 #include <CommonCrypto/CommonDigest.h>
194 /* FIPS rng declarations. */
195 typedef struct __SecRandom
*SecRandomRef
;
196 SecRandomRef
SecRandomCreate(CFIndex randomAlg
, CFIndex seedLength
,
198 void SecRandomCopyBytes(SecRandomRef randomref
, CFIndex numBytes
, UInt8
*outBytes
);
200 /* FIPS Rng implementation. */
207 SecRandomRef
SecRandomCreate(CFIndex randomAlg
, CFIndex seedLength
,
209 SecRandomRef result
= (SecRandomRef
)malloc(sizeof(struct __SecRandom
));
210 CC_SHA1_Init(&result
->sha1
);
211 memset(result
->block
+ 20, 0, 44);
212 result
->bytesLeft
= 0;
215 /* Digest the seed and put it into output. */
216 CC_SHA1(seed
, seedLength
, result
->block
);
218 /* Seed 20 bytes from "/dev/srandom". */
219 int fd
= open("/dev/srandom", O_RDONLY
);
223 if (read(fd
, result
->block
, 20) != 20)
229 CC_SHA1_Update(&result
->sha1
, result
->block
, 64);
238 void SecRandomCopyBytes(SecRandomRef randomref
, CFIndex numBytes
,
240 while (numBytes
> 0) {
241 if (!randomref
->bytesLeft
) {
242 CC_SHA1_Update(&randomref
->sha1
, randomref
->block
, 64);
243 OSWriteBigInt32(randomref
->block
, 0, randomref
->sha1
.h0
);
244 OSWriteBigInt32(randomref
->block
, 4, randomref
->sha1
.h1
);
245 OSWriteBigInt32(randomref
->block
, 8, randomref
->sha1
.h2
);
246 OSWriteBigInt32(randomref
->block
, 12, randomref
->sha1
.h3
);
247 OSWriteBigInt32(randomref
->block
, 16, randomref
->sha1
.h4
);
248 randomref
->bytesLeft
= 20;
250 CFIndex outLength
= (numBytes
> randomref
->bytesLeft
?
251 randomref
->bytesLeft
: numBytes
);
252 memcpy(outBytes
, randomref
->block
+ 20 - randomref
->bytesLeft
,
254 randomref
->bytesLeft
-= outLength
;
255 outBytes
+= outLength
;
256 numBytes
-= outLength
;