--- /dev/null
+/*
+ * Copyright (c) 2004,2011-2014 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ *
+ * SecWrappedKeys.cpp - SecExportRep and SecImportRep methods dealing with
+ * wrapped private keys (other than PKCS8 format).
+ */
+
+#include "SecExternalRep.h"
+#include "SecImportExportUtils.h"
+#include "SecImportExportPem.h"
+#include "SecImportExportCrypto.h"
+#include <Security/cssmtype.h>
+#include <Security/cssmapi.h>
+#include <Security/SecKeyPriv.h>
+#include <security_asn1/SecNssCoder.h>
+#include <security_cdsa_utils/cuCdsaUtils.h>
+#include <security_utilities/devrandom.h>
+
+#include <assert.h>
+
+using namespace Security;
+using namespace KeychainCore;
+
+static int hexToDigit(
+ char digit,
+ uint8 *rtn) // RETURNED
+{
+ if((digit >= '0') && (digit <= '9')) {
+ *rtn = digit - '0';
+ return 0;
+ }
+ if((digit >= 'a') && (digit <= 'f')) {
+ *rtn = digit - 'a' + 10;
+ return 0;
+ }
+ if((digit >= 'A') && (digit <= 'F')) {
+ *rtn = digit - 'A' + 10;
+ return 0;
+ }
+ return -1;
+}
+
+/*
+ * Convert two ascii characters starting at cp to an unsigned char.
+ * Returns nonzero on error.
+ */
+static int hexToUchar(
+ const char *cp,
+ uint8 *rtn) // RETURNED
+{
+ uint8 rtnc = 0;
+ uint8 c;
+ if(hexToDigit(*cp++, &c)) {
+ return -1;
+ }
+ rtnc = c << 4;
+ if(hexToDigit(*cp, &c)) {
+ return -1;
+ }
+ rtnc |= c;
+ *rtn = rtnc;
+ return 0;
+}
+
+/*
+ * Given an array of PEM parameter lines, infer parameters for key derivation and
+ * encryption.
+ */
+static OSStatus opensslPbeParams(
+ CFArrayRef paramLines, // elements are CFStrings
+ SecNssCoder &coder, // IV allocd with this
+ /* remaining arguments RETURNED */
+ CSSM_ALGORITHMS &pbeAlg,
+ CSSM_ALGORITHMS &keyAlg,
+ CSSM_ALGORITHMS &encrAlg,
+ CSSM_ENCRYPT_MODE &encrMode,
+ CSSM_PADDING &encrPad,
+ uint32 &keySizeInBits,
+ unsigned &blockSizeInBytes,
+ CSSM_DATA &iv)
+{
+ /*
+ * This format requires PEM parameter lines. We could have gotten here
+ * without them if caller specified wrong format.
+ */
+ if(paramLines == NULL) {
+ SecImpExpDbg("importWrappedKeyOpenssl: no PEM parameter lines");
+ return errSecUnknownFormat;
+ }
+ CFStringRef dekInfo = NULL;
+ CFIndex numLines = CFArrayGetCount(paramLines);
+ for(CFIndex dex=0; dex<numLines; dex++) {
+ CFStringRef str = (CFStringRef)CFArrayGetValueAtIndex(paramLines, dex);
+ CFRange range;
+ range = CFStringFind(str, CFSTR("DEK-Info: "), 0);
+ if(range.length != 0) {
+ dekInfo = str;
+ break;
+ }
+ }
+ if(dekInfo == NULL) {
+ SecImpExpDbg("importWrappedKeyOpenssl: no DEK-Info lines");
+ return errSecUnknownFormat;
+ }
+
+ /* drop down to C strings for low level grunging */
+ char cstr[1024];
+ if(!CFStringGetCString(dekInfo, cstr, sizeof(cstr), kCFStringEncodingASCII)) {
+ SecImpExpDbg("importWrappedKeyOpenssl: bad DEK-Info line (1)");
+ return errSecUnknownFormat;
+ }
+
+ /*
+ * This line looks like this:
+ * DEK-Info: DES-CBC,A22977A0A6A6F696
+ *
+ * Now parse, getting the cipher spec and the IV.
+ */
+ char *cp = strchr(cstr, ':');
+ if(cp == NULL) {
+ SecImpExpDbg("importWrappedKeyOpenssl: bad DEK-Info line (2)");
+ return errSecUnknownFormat;
+ }
+ if((cp[1] == ' ') && (cp[2] != '\0')) {
+ /* as it normally does... */
+ cp += 2;
+ }
+
+ /* We only support DES and 3DES here */
+ if(!strncmp(cp, "DES-EDE3-CBC", 12)) {
+ keyAlg = CSSM_ALGID_3DES_3KEY;
+ encrAlg = CSSM_ALGID_3DES_3KEY_EDE;
+ keySizeInBits = 64 * 3;
+ blockSizeInBytes = 8;
+ }
+ else if(!strncmp(cp, "DES-CBC", 7)) {
+ keyAlg = CSSM_ALGID_DES;
+ encrAlg = CSSM_ALGID_DES;
+ keySizeInBits = 64;
+ blockSizeInBytes = 8;
+ }
+ else {
+ SecImpExpDbg("importWrappedKeyOpenssl: unrecognized wrap alg (%s)",
+ cp);
+ return errSecUnknownFormat;
+ }
+
+ /* these are more or less fixed */
+ pbeAlg = CSSM_ALGID_PBE_OPENSSL_MD5;
+ encrMode = CSSM_ALGMODE_CBCPadIV8;
+ encrPad = CSSM_PADDING_PKCS7;
+
+ /* now get the ASCII hex version of the IV */
+ cp = strchr(cp, ',');
+ if(cp == NULL) {
+ SecImpExpDbg("importWrappedKeyOpenssl: No IV in DEK-Info line");
+ return errSecUnknownFormat;
+ }
+ if(cp[1] != '\0') {
+ cp++;
+ }
+
+ /* remainder should be just the IV */
+ if(strlen(cp) != (blockSizeInBytes * 2)) {
+ SecImpExpDbg("importWrappedKeyOpenssl: bad IV in DEK-Info line (1)");
+ return errSecUnknownFormat;
+ }
+
+ coder.allocItem(iv, blockSizeInBytes);
+ for(unsigned dex=0; dex<blockSizeInBytes; dex++) {
+ if(hexToUchar(cp + (dex * 2), &iv.Data[dex])) {
+ SecImpExpDbg("importWrappedKeyOpenssl: bad IV in DEK-Info line (2)");
+ return errSecUnknownFormat;
+ }
+ }
+ return errSecSuccess;
+}
+
+/*
+ * Common code to derive an openssl-wrap style wrap/unwrap key.
+ */
+static OSStatus deriveKeyOpensslWrap(
+ const SecKeyImportExportParameters *keyParams, // required
+ CSSM_CSP_HANDLE cspHand, // required
+ impExpVerifyPhrase vp, // import/export
+ CSSM_ALGORITHMS pbeAlg,
+ CSSM_ALGORITHMS keyAlg,
+ uint32 keySizeInBits,
+ const CSSM_DATA &salt,
+ CSSM_KEY_PTR derivedKey)
+{
+ CFDataRef cfPhrase = NULL;
+ CSSM_KEY *passKey = NULL;
+ OSStatus ortn;
+
+ /* passphrase or passkey? */
+ ortn = impExpPassphraseCommon(keyParams, cspHand, SPF_Data, vp,
+ (CFTypeRef *)&cfPhrase, &passKey);
+ if(ortn) {
+ return ortn;
+ }
+ /* subsequent errors to errOut: */
+
+ CSSM_CRYPTO_DATA seed;
+ CSSM_CC_HANDLE ccHand = 0;
+ CSSM_ACCESS_CREDENTIALS creds;
+ SecNssCoder coder;
+ CSSM_DATA param = {0, NULL};
+ CSSM_DATA dummyLabel;
+
+ memset(&seed, 0, sizeof(seed));
+ if(cfPhrase != NULL) {
+ size_t len = CFDataGetLength(cfPhrase);
+ coder.allocItem(seed.Param, len);
+ memmove(seed.Param.Data, CFDataGetBytePtr(cfPhrase), len);
+ CFRelease(cfPhrase);
+ }
+
+ memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS));
+ ortn = CSSM_CSP_CreateDeriveKeyContext(cspHand,
+ pbeAlg,
+ keyAlg,
+ keySizeInBits,
+ &creds,
+ passKey, // BaseKey
+ 1, // iterCount - yup, this is what openssl does
+ &salt,
+ &seed,
+ &ccHand);
+ if(ortn) {
+ SecImpExpDbg("deriveKeyOpensslWrap: CSSM_CSP_CreateDeriveKeyContext error");
+ goto errOut;
+ }
+
+ memset(derivedKey, 0, sizeof(CSSM_KEY));
+
+ dummyLabel.Data = (uint8 *)"temp unwrap key";
+ dummyLabel.Length = strlen((char *)dummyLabel.Data);
+
+ ortn = CSSM_DeriveKey(ccHand,
+ ¶m, // i.e., derived IV - don't want one
+ CSSM_KEYUSE_ANY,
+ /* not extractable even for the short time this key lives */
+ CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_SENSITIVE,
+ &dummyLabel,
+ NULL, // cred and acl
+ derivedKey);
+ if(ortn) {
+ SecImpExpDbg("importWrappedKeyOpenssl: PKCS5 v1.5 CSSM_DeriveKey failure");
+ }
+
+errOut:
+ if(ccHand != 0) {
+ CSSM_DeleteContext(ccHand);
+ }
+ if(passKey != NULL) {
+ CSSM_FreeKey(cspHand, NULL, passKey, CSSM_FALSE);
+ free(passKey);
+ }
+ return ortn;
+}
+
+OSStatus SecImportRep::importWrappedKeyOpenssl(
+ SecKeychainRef importKeychain, // optional
+ CSSM_CSP_HANDLE cspHand, // required
+ SecItemImportExportFlags flags,
+ const SecKeyImportExportParameters *keyParams, // optional
+ CFMutableArrayRef outArray) // optional, append here
+{
+ assert(mExternFormat == kSecFormatWrappedOpenSSL);
+
+ /* I think this is an assert - only private keys are wrapped in opensssl format */
+ assert(mExternType == kSecItemTypePrivateKey);
+ assert(cspHand != 0);
+
+ if(keyParams == NULL) {
+ return errSecParam;
+ }
+
+ OSStatus ortn;
+ SecNssCoder coder;
+ impExpKeyUnwrapParams unwrapParams;
+ CSSM_ALGORITHMS pbeAlg = CSSM_ALGID_NONE;
+ CSSM_ALGORITHMS keyAlg = CSSM_ALGID_NONE;
+ uint32 keySizeInBits;
+ unsigned blockSizeInBytes;
+
+ memset(&unwrapParams, 0, sizeof(unwrapParams));
+
+ /* parse PEM header lines */
+ ortn = opensslPbeParams(mPemParamLines, coder,
+ pbeAlg, keyAlg,
+ unwrapParams.encrAlg,
+ unwrapParams.encrMode,
+ unwrapParams.encrPad,
+ keySizeInBits,
+ blockSizeInBytes,
+ unwrapParams.iv);
+ if(ortn) {
+ return ortn;
+ }
+
+ /* derive unwrapping key */
+ CSSM_KEY unwrappingKey;
+
+ ortn = deriveKeyOpensslWrap(keyParams, cspHand, VP_Import, pbeAlg, keyAlg,
+ keySizeInBits,
+ unwrapParams.iv, /* salt = IV for these algs */
+ &unwrappingKey);
+ if(ortn) {
+ return ortn;
+ }
+
+ /* set up key to unwrap */
+ CSSM_KEY wrappedKey;
+ CSSM_KEYHEADER &hdr = wrappedKey.KeyHeader;
+ memset(&wrappedKey, 0, sizeof(CSSM_KEY));
+ hdr.HeaderVersion = CSSM_KEYHEADER_VERSION;
+ /* CspId : don't care */
+ hdr.BlobType = CSSM_KEYBLOB_WRAPPED;
+ hdr.Format = CSSM_KEYBLOB_WRAPPED_FORMAT_OPENSSL;
+ hdr.AlgorithmId = mKeyAlg;
+ hdr.KeyClass = CSSM_KEYCLASS_PRIVATE_KEY;
+ /* LogicalKeySizeInBits : calculated by CSP during unwrap */
+ hdr.KeyAttr = CSSM_KEYATTR_EXTRACTABLE;
+ hdr.KeyUsage = CSSM_KEYUSE_ANY;
+
+ wrappedKey.KeyData.Data = (uint8 *)CFDataGetBytePtr(mExternal);
+ wrappedKey.KeyData.Length = CFDataGetLength(mExternal);
+
+ unwrapParams.unwrappingKey = &unwrappingKey;
+
+ /* GO */
+ ortn = impExpImportKeyCommon(&wrappedKey, importKeychain, cspHand,
+ flags, keyParams, &unwrapParams, NULL, outArray);
+
+ if(unwrappingKey.KeyData.Data != NULL) {
+ CSSM_FreeKey(cspHand, NULL, &unwrappingKey, CSSM_FALSE);
+ }
+ return ortn;
+}
+
+/*
+ * Hard coded parameters for export, we only do one flavor.
+ */
+#define OPENSSL_WRAP_KEY_ALG CSSM_ALGID_3DES_3KEY
+#define OPENSSL_WRAP_PBE_ALG CSSM_ALGID_PBE_OPENSSL_MD5
+#define OPENSSL_WRAP_KEY_SIZE (64 * 3)
+#define OPENSSL_WRAP_ENCR_ALG CSSM_ALGID_3DES_3KEY_EDE
+#define OPENSSL_WRAP_ENCR_MODE CSSM_ALGMODE_CBCPadIV8
+#define OPENSSL_WRAP_ENCR_PAD CSSM_PADDING_PKCS7
+
+OSStatus impExpWrappedKeyOpenSslExport(
+ SecKeyRef secKey,
+ SecItemImportExportFlags flags,
+ const SecKeyImportExportParameters *keyParams, // optional
+ CFMutableDataRef outData, // output appended here
+ const char **pemHeader, // RETURNED
+ CFArrayRef *pemParamLines) // RETURNED
+{
+ DevRandomGenerator rng;
+ SecNssCoder coder;
+ CSSM_CSP_HANDLE cspHand = 0;
+ OSStatus ortn;
+ bool releaseCspHand = false;
+ CFMutableArrayRef paramLines;
+ CFStringRef cfStr;
+ char dekStr[100];
+ char ivStr[3];
+
+ if(keyParams == NULL) {
+ return errSecParam;
+ }
+
+ /* we need a CSPDL handle - try to get it from the key */
+ ortn = SecKeyGetCSPHandle(secKey, &cspHand);
+ if(ortn) {
+ cspHand = cuCspStartup(CSSM_FALSE);
+ if(cspHand == 0) {
+ return CSSMERR_CSSM_ADDIN_LOAD_FAILED;
+ }
+ releaseCspHand = true;
+ }
+ /* subsequent errors to errOut: */
+
+ /* 8 bytes of random IV/salt */
+ uint8 saltIv[8];
+ CSSM_DATA saltIvData = { 8, saltIv} ;
+ rng.random(saltIv, 8);
+
+ /* derive wrapping key */
+ CSSM_KEY wrappingKey;
+ wrappingKey.KeyData.Data = NULL;
+ wrappingKey.KeyData.Length = 0;
+ ortn = deriveKeyOpensslWrap(keyParams, cspHand, VP_Export,
+ OPENSSL_WRAP_PBE_ALG, OPENSSL_WRAP_KEY_ALG,
+ OPENSSL_WRAP_KEY_SIZE,
+ saltIvData, // IV == salt for this wrapping alg
+ &wrappingKey);
+ if(ortn) {
+ goto errOut;
+ }
+
+ /* wrap the outgoing key */
+ CSSM_KEY wrappedKey;
+ memset(&wrappedKey, 0, sizeof(CSSM_KEY));
+
+ ortn = impExpExportKeyCommon(cspHand, secKey, &wrappingKey, &wrappedKey,
+ OPENSSL_WRAP_ENCR_ALG, OPENSSL_WRAP_ENCR_MODE, OPENSSL_WRAP_ENCR_PAD,
+ CSSM_KEYBLOB_WRAPPED_FORMAT_OPENSSL,
+ CSSM_ATTRIBUTE_NONE, CSSM_KEYBLOB_RAW_FORMAT_NONE,
+ NULL, &saltIvData);
+ if(ortn) {
+ goto errOut;
+ }
+
+ /*
+ * That wrapped key's KeyData is our output
+ */
+ CFDataAppendBytes(outData, wrappedKey.KeyData.Data, wrappedKey.KeyData.Length);
+
+ /* PEM header depends on key algorithm */
+ switch(wrappedKey.KeyHeader.AlgorithmId) {
+ case CSSM_ALGID_RSA:
+ *pemHeader = PEM_STRING_RSA;
+ break;
+ case CSSM_ALGID_DH:
+ *pemHeader = PEM_STRING_DH_PRIVATE;
+ break;
+ case CSSM_ALGID_DSA:
+ *pemHeader = PEM_STRING_DSA;
+ break;
+ case CSSM_ALGID_ECDSA:
+ *pemHeader = PEM_STRING_ECDSA_PRIVATE;
+ break;
+ default:
+ SecImpExpDbg("impExpWrappedKeyOpenSslExport unknown private key alg "
+ "%lu", (unsigned long)wrappedKey.KeyHeader.AlgorithmId);
+ /* punt though I think something is seriously hosed */
+ *pemHeader = "Private Key";
+ }
+ CSSM_FreeKey(cspHand, NULL, &wrappedKey, CSSM_FALSE);
+
+ /*
+ * Last thing: set up outgoing PEM parameter lines
+ */
+ assert(pemParamLines != NULL);
+ paramLines = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
+ cfStr = CFStringCreateWithCString(NULL,
+ "Proc-Type: 4,ENCRYPTED", kCFStringEncodingASCII);
+ CFArrayAppendValue(paramLines, cfStr);
+ CFRelease(cfStr); // owned by array now */
+ strcpy(dekStr, "DEK-Info: DES-EDE3-CBC,");
+ /* next goes the IV */
+ for(unsigned dex=0; dex<8; dex++) {
+ sprintf(ivStr, "%02X", saltIv[dex]);
+ strcat(dekStr, ivStr);
+ }
+ cfStr = CFStringCreateWithCString(NULL, dekStr, kCFStringEncodingASCII);
+ CFArrayAppendValue(paramLines, cfStr);
+ CFRelease(cfStr); // owned by array now */
+ /* and an empty line */
+ cfStr = CFStringCreateWithCString(NULL, "", kCFStringEncodingASCII);
+ CFArrayAppendValue(paramLines, cfStr);
+ CFRelease(cfStr); // owned by array now */
+ *pemParamLines = paramLines;
+
+errOut:
+ if(wrappingKey.KeyData.Data != NULL) {
+ CSSM_FreeKey(cspHand, NULL, &wrappingKey, CSSM_FALSE);
+ }
+ return ortn;
+
+}
+
projects / apple / security.git / blobdiff