+++ /dev/null
-/*
- * Copyright (c) 2000-2001,2011-2012,2014 Apple Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-/*
- * CryptKitDER.h - snacc-based routines to create and parse DER-encoded FEE
- * keys and signatures
- *
- */
-
-#include "ckconfig.h"
-
-#if CRYPTKIT_DER_ENABLE
-
-#include <security_cryptkit/CryptKitDER.h>
-#include <security_cryptkit/falloc.h>
-#include <security_cryptkit/feeDebug.h>
-#include <security_cryptkit/feeFunctions.h>
-#include "CryptKitAsn1.h"
-#include <security_asn1/SecNssCoder.h>
-#include <security_asn1/nssUtils.h>
-#include <Security/keyTemplates.h>
-#include <Security/oidsalg.h>
-#include <Security/oidsattr.h>
-
-#define PRINT_SIG_GIANTS 0
-#define PRINT_CURVE_PARAMS 0
-#define PRINT_SIZES 0
-#if PRINT_SIZES
-#define szprint(s) printf s
-#else
-#define szprint(s)
-#endif
-
-/*
- * Trivial exception class associated with a feeReturn.
- */
-class feeException
-{
-protected:
- feeException(feeReturn frtn, const char *op);
-public:
- ~feeException() throw() {}
- feeReturn frtn() const throw() { return mFrtn; }
- static void throwMe(feeReturn frtn, const char *op = NULL) __attribute__((noreturn));
-private:
- feeReturn mFrtn;
-};
-
-feeException::feeException(
- feeReturn frtn,
- const char *op)
- : mFrtn(frtn)
-{
- if(op) {
- dbgLog(("%s: %s\n", op, feeReturnString(frtn)));
- }
-}
-
-void feeException::throwMe(feeReturn frtn, const char *op /*= NULL*/) { throw feeException(frtn, op); }
-
-/*
- * ASN1 encoding rules specify that an integer's sign is indicated by the MSB
- * of the first (MS) content byte. For a non-negative number, if the MSB of
- * the MS byte (of the unencoded number) is one, then the encoding starts with
- * a byte of zeroes to indicate positive sign. For a negative number, the first
- * nine bits can not be all 1 - if they are (in the undecoded number), leading
- * bytes of 0xff are trimmed off until the first nine bits are something other
- * than one. Also, the first nine bits of the encoded number can not all be
- * zero.
- *
- * CryptKit giants express their sign as part of the giantstruct.sign field.
- * The giantDigit array (giantstruct.n[]) is stored l.s. digit first.
- *
- * These routines are independent of platform, endianness, and giatn digit size.
- */
-
-/* routines to guess maximum size of DER-encoded objects */
-static unsigned feeSizeOfSnaccGiant(
- giant g)
-{
- unsigned rtn = abs(g->sign) * GIANT_BYTES_PER_DIGIT;
- szprint(("feeSizeOfSnaccGiant: sign %d size %d\n", g->sign, rtn + 4));
- return rtn + 4;
-}
-
-/* PUBLIC... */
-unsigned feeSizeOfDERSig(
- giant g1,
- giant g2)
-{
- unsigned rtn = feeSizeOfSnaccGiant(g1);
- rtn += feeSizeOfSnaccGiant(g2);
- szprint(("feeSizeOfDERSig: size %d\n", rtn + 4));
- return rtn + 4;
-}
-
-/* perform 2's complement of byte array, expressed MS byte first */
-static void twosComplement(
- unsigned char *bytePtr, // points to MS byte
- unsigned numBytes)
-{
- unsigned char *outp = bytePtr + numBytes - 1;
- unsigned char carry = 1; // first time thru, carry = 1 to add one to 1's comp
- for(unsigned byteDex=0; byteDex<numBytes; byteDex++) {
- /* first complement, then add carry */
- *outp = ~*outp + carry;
- if(carry && (*outp == 0)) {
- /* overflow/carry */
- carry = 1;
- }
- else {
- carry = 0;
- }
- outp--;
- }
-}
-
-/*
- * CSSM_DATA --> unsigned int
- */
-static unsigned cssmDataToInt(
- const CSSM_DATA &cdata)
-{
- if((cdata.Length == 0) || (cdata.Data == NULL)) {
- return 0;
- }
- unsigned len = (unsigned)cdata.Length;
- if(len > sizeof(int)) {
- feeException::throwMe(FR_BadKeyBlob, "cssmDataToInt");
- }
-
- unsigned rtn = 0;
- uint8 *cp = cdata.Data;
- for(unsigned i=0; i<len; i++) {
- rtn = (rtn << 8) | *cp++;
- }
- return rtn;
-}
-
-/*
- * unsigned int --> CSSM_DATA, mallocing from an SecNssCoder
- */
-static void intToCssmData(
- unsigned num,
- CSSM_DATA &cdata,
- SecNssCoder &coder)
-{
- unsigned len = 0;
-
- if(num < 0x100) {
- len = 1;
- }
- else if(num < 0x10000) {
- len = 2;
- }
- else if(num < 0x1000000) {
- len = 3;
- }
- else {
- len = 4;
- }
- cdata.Data = (uint8 *)coder.malloc(len);
- cdata.Length = len;
- uint8 *cp = &cdata.Data[len - 1];
- for(unsigned i=0; i<len; i++) {
- *cp-- = num & 0xff;
- num >>= 8;
- }
-}
-
-/*
- * Convert a decoded ASN integer, as a CSSM_DATA, to a (mallocd) giant.
- * Only known exception is a feeException.
- */
-static giant cssmDataToGiant(
- const CSSM_DATA &cdata)
-{
- char *rawOcts = (char *)cdata.Data;
- unsigned numBytes = (unsigned)cdata.Length;
- unsigned numGiantDigits;
- int sign = 1;
- giant grtn;
- feeReturn frtn = FR_Success;
- unsigned char *inp = NULL;
- unsigned digitDex; // index into g->giantDigit[]
-
- /* handle degenerate case (value of zero) */
- if((numBytes == 0) || ((numBytes == 1) && rawOcts[0] == 0)) {
- grtn = newGiant(1);
- if(grtn == NULL) {
- feeException::throwMe(FR_Memory, "newGiant(1)");
- }
- int_to_giant(0, grtn);
- return grtn;
- }
-
- /* make a copy of raw octets if we have to do two's complement */
- unsigned char *byteArray = NULL;
- bool didMalloc = false;
- if(rawOcts[0] & 0x80) {
- sign = -1;
- numBytes++;
- byteArray = (unsigned char *)fmalloc(numBytes);
- didMalloc = true;
- byteArray[0] = 0xff;
- memmove(byteArray + 1, rawOcts, numBytes-1);
- twosComplement(byteArray, numBytes);
- }
- else {
- /* no copy */
- char *foo = rawOcts;
- byteArray = (unsigned char *)foo;
- }
-
- /* cook up a new giant */
- numGiantDigits = (numBytes + GIANT_BYTES_PER_DIGIT - 1) /
- GIANT_BYTES_PER_DIGIT;
- grtn = newGiant(numGiantDigits);
- if(grtn == NULL) {
- frtn = FR_Memory;
- goto abort;
- }
-
- /*
- * Convert byteArray to array of giantDigits
- * inp - raw input bytes, LSB last
- * grtn->n[] - output array of giantDigits, LSD first
- * Start at LS byte and LD digit
- */
- digitDex = 0; // index into g->giantDigit[]
- giantDigit thisDigit;
- inp = byteArray + numBytes - 1;
- unsigned dex; // total byte counter
- unsigned byteDex; // index into one giantDigit
- unsigned shiftCount;
- for(dex=0; dex<numBytes; ) { // increment dex inside
- thisDigit = 0;
- shiftCount = 0;
- for(byteDex=0; byteDex<GIANT_BYTES_PER_DIGIT; byteDex++) {
- thisDigit |= ((giantDigit)(*inp--) << shiftCount);
- shiftCount += 8;
- if(++dex == numBytes) {
- /* must be partial giantDigit */
- break;
- }
- }
- CKASSERT(digitDex < numGiantDigits);
- grtn->n[digitDex++] = thisDigit;
- }
- grtn->sign = (int)numGiantDigits * sign;
-
- /* trim leading (MS) zeroes */
- gtrimSign(grtn);
-abort:
- if(didMalloc) {
- ffree(byteArray);
- }
- if(frtn) {
- feeException::throwMe(frtn, "bigIntStrToGiant");
- }
- return grtn;
-}
-
-/*
- * Convert a giant to an CSSM_DATA, mallocing using specified coder.
- * Only known exception is a feeException.
- */
- static void giantToCssmData(
- giant g,
- CSSM_DATA &cdata,
- SecNssCoder &coder)
-{
- unsigned char doPrepend = 0;
- unsigned numGiantDigits = abs(g->sign);
- unsigned numBytes = numGiantDigits * GIANT_BYTES_PER_DIGIT;
- giantDigit msGiantBit = 0;
- if(isZero(g)) {
- /* special degenerate case */
- intToCssmData(0, cdata, coder);
- return;
- }
- else {
- msGiantBit = g->n[numGiantDigits - 1] >> (GIANT_BITS_PER_DIGIT - 1);
- }
-
- /* prepend a byte of zero if necessary */
- if((g->sign < 0) || // negative - to handle 2's complement
- ((g->sign > 0) && msGiantBit)) { // ensure MS byte is zero
- doPrepend = 1;
- numBytes++;
- }
-
- unsigned char *rawBytes = (unsigned char *)fmalloc(numBytes);
- if(rawBytes == NULL) {
- feeException::throwMe(FR_Memory, "giantToBigIntStr fmalloc(rawBytes)");
- }
- unsigned char *outp = rawBytes;
- if(doPrepend) {
- *outp++ = 0;
- }
-
- /*
- * Convert array of giantDigits to bytes.
- * outp point to MS output byte.
- */
- int digitDex; // index into g->giantDigit[]
- unsigned byteDex; // byte index into a giantDigit
- for(digitDex=numGiantDigits-1; digitDex>=0; digitDex--) {
- /* one loop per giantDigit, starting at MS end */
- giantDigit thisDigit = g->n[digitDex];
- unsigned char *bp = outp + GIANT_BYTES_PER_DIGIT - 1;
- for(byteDex=0; byteDex<GIANT_BYTES_PER_DIGIT; byteDex++) {
- /* one loop per byte within the digit, starting at LS end */
- *bp-- = (unsigned char)(thisDigit) & 0xff;
- thisDigit >>= 8;
- }
- outp += GIANT_BYTES_PER_DIGIT;
- }
-
- /* do two's complement for negative giants */
- if(g->sign < 0) {
- twosComplement(rawBytes, numBytes);
- }
-
- /* strip off redundant leading bits (nine zeroes or nine ones) */
- outp = rawBytes;
- unsigned char *endp = outp + numBytes - 1;
- while((*outp == 0) && // m.s. byte zero
- (outp < endp) && // more bytes exist
- (!(outp[1] & 0x80))) { // 9th bit is 0
- outp++;
- numBytes--;
- }
- while((*outp == 0xff) && // m.s. byte all ones
- (outp < endp) && // more bytes exist
- (outp[1] & 0x80)) { // 9th bit is 1
- outp++;
- numBytes--;
- }
- cdata.Data = (uint8 *)coder.malloc(numBytes);
- memmove(cdata.Data, outp, numBytes);
- cdata.Length = numBytes;
- ffree(rawBytes);
- return;
-}
-
-/* curveParams : CryptKit <--> FEECurveParametersASN1 */
-/* Only known exception is a feeException */
-static void feeCurveParamsToASN1(
- const curveParams *cp,
- FEECurveParametersASN1 &asnCp,
- SecNssCoder &coder)
-{
- #if PRINT_CURVE_PARAMS
- printf("===encoding curveParams; cp:\n"); printCurveParams(cp);
- #endif
- memset(&asnCp, 0, sizeof(asnCp));
- try {
- intToCssmData(cp->primeType, asnCp.primeType, coder);
- intToCssmData(cp->curveType, asnCp.curveType, coder);
- intToCssmData(cp->q, asnCp.q, coder);
- intToCssmData(cp->k, asnCp.k, coder);
- intToCssmData(cp->m, asnCp.m, coder);
- giantToCssmData(cp->a, asnCp.a, coder);
- giantToCssmData(cp->b, asnCp.b_, coder);
- giantToCssmData(cp->c, asnCp.c, coder);
- giantToCssmData(cp->x1Plus, asnCp.x1Plus, coder);
- giantToCssmData(cp->x1Minus, asnCp.x1Minus, coder);
- giantToCssmData(cp->cOrderPlus, asnCp.cOrderPlus, coder);
- giantToCssmData(cp->cOrderMinus, asnCp.cOrderMinus, coder);
- giantToCssmData(cp->x1OrderPlus, asnCp.x1OrderPlus, coder);
- giantToCssmData(cp->x1OrderMinus, asnCp.x1OrderMinus, coder);
- if(cp->primeType == FPT_General) {
- giantToCssmData(cp->basePrime, asnCp.basePrime, coder);
- }
- }
- catch(const feeException &ferr) {
- throw;
- }
- catch(...) {
- feeException::throwMe(FR_Memory, "feeCurveParamsToSnacc catchall"); // ???
- }
-}
-
-static curveParams *feeCurveParamsFromAsn1(
- const FEECurveParametersASN1 &asnCp)
-{
- curveParams *cp = newCurveParams();
- if(cp == NULL) {
- feeException::throwMe(FR_Memory, "feeCurveParamsFromSnacc alloc cp");
- }
- cp->primeType = (feePrimeType)cssmDataToInt(asnCp.primeType);
- cp->curveType = (feeCurveType)cssmDataToInt(asnCp.curveType);
- cp->q = cssmDataToInt(asnCp.q);
- cp->k = cssmDataToInt(asnCp.k);
- cp->m = cssmDataToInt(asnCp.m);
- cp->a = cssmDataToGiant(asnCp.a);
- cp->b = cssmDataToGiant(asnCp.b_);
- cp->c = cssmDataToGiant(asnCp.c);
- cp->x1Plus = cssmDataToGiant(asnCp.x1Plus);
- cp->x1Minus = cssmDataToGiant(asnCp.x1Minus);
- cp->cOrderPlus = cssmDataToGiant(asnCp.cOrderPlus);
- cp->cOrderMinus = cssmDataToGiant(asnCp.cOrderMinus);
- cp->x1OrderPlus = cssmDataToGiant(asnCp.x1OrderPlus);
- cp->x1OrderMinus = cssmDataToGiant(asnCp.x1OrderMinus);
- if(asnCp.basePrime.Data != NULL) {
- cp->basePrime = cssmDataToGiant(asnCp.basePrime);
- }
-
- /* remaining fields inferred */
- curveParamsInferFields(cp);
- allocRecipGiants(cp);
- #if PRINT_CURVE_PARAMS
- printf("===decoding curveParams; cp:\n"); printCurveParams(cp);
- #endif
- return cp;
-}
-
-/***
- *** Public routines. These are usable from C code; they never throw.
- ***/
-
-/*
- * Encode/decode the two FEE signature types. We malloc returned data via
- * fmalloc(); caller must free via ffree().
- */
-feeReturn feeDEREncodeElGamalSignature(
- giant u,
- giant PmX,
- unsigned char **encodedSig, // fmallocd and RETURNED
- unsigned *encodedSigLen) // RETURNED
-{
- /* convert to FEEElGamalSignatureASN1 */
- FEEElGamalSignatureASN1 asnSig;
- SecNssCoder coder;
-
- try {
- giantToCssmData(u, asnSig.u, coder);
- giantToCssmData(PmX, asnSig.pmX, coder);
- }
- catch(const feeException &ferr) {
- return ferr.frtn();
- }
-
- /* DER encode */
- PRErrorCode perr;
- CSSM_DATA encBlob; // mallocd by coder
- perr = coder.encodeItem(&asnSig, FEEElGamalSignatureASN1Template, encBlob);
- if(perr) {
- return FR_Memory;
- }
-
- /* copy out to caller */
- *encodedSig = (unsigned char *)fmalloc((unsigned)encBlob.Length);
- *encodedSigLen = (unsigned)encBlob.Length;
- memmove(*encodedSig, encBlob.Data, encBlob.Length);
-
- #if PRINT_SIG_GIANTS
- printf("feeEncodeElGamalSignature:\n");
- printf(" u : "); printGiantHex(u);
- printf(" PmX : "); printGiantHex(PmX);
- #endif
-
- return FR_Success;
-}
-
-feeReturn feeDEREncodeECDSASignature(
- giant c,
- giant d,
- unsigned char **encodedSig, // fmallocd and RETURNED
- unsigned *encodedSigLen) // RETURNED
-{
- /* convert to FEEECDSASignatureASN1 */
- FEEECDSASignatureASN1 asnSig;
- SecNssCoder coder;
-
- try {
- giantToCssmData(c, asnSig.c, coder);
- giantToCssmData(d, asnSig.d, coder);
- }
- catch(const feeException &ferr) {
- return ferr.frtn();
- }
-
- /* DER encode */
- PRErrorCode perr;
- CSSM_DATA encBlob; // mallocd by coder
- perr = coder.encodeItem(&asnSig, FEEECDSASignatureASN1Template, encBlob);
- if(perr) {
- return FR_Memory;
- }
-
- /* copy out to caller */
- *encodedSig = (unsigned char *)fmalloc((unsigned)encBlob.Length);
- *encodedSigLen = (unsigned)encBlob.Length;
- memmove(*encodedSig, encBlob.Data, encBlob.Length);
-
- #if PRINT_SIG_GIANTS
- printf("feeEncodeECDSASignature:\n");
- printf(" c : "); printGiantHex(*c);
- printf(" d : "); printGiantHex(*d);
- #endif
- return FR_Success;
-
-}
-
-feeReturn feeDERDecodeElGamalSignature(
- const unsigned char *encodedSig,
- size_t encodedSigLen,
- giant *u, // newGiant'd and RETURNED
- giant *PmX) // newGiant'd and RETURNED
-{
- FEEElGamalSignatureASN1 asnSig;
- SecNssCoder coder;
-
- memset(&asnSig, 0, sizeof(asnSig));
- PRErrorCode perr = coder.decode(encodedSig, encodedSigLen,
- FEEElGamalSignatureASN1Template, &asnSig);
- if(perr) {
- return FR_BadSignatureFormat;
- }
-
- try {
- *u = cssmDataToGiant(asnSig.u);
- *PmX = cssmDataToGiant(asnSig.pmX);
- }
- catch(const feeException &ferr) {
- return ferr.frtn();
- }
- catch(...) {
- /* FIXME - bad sig? memory? */
- return FR_Memory;
- }
- #if PRINT_SIG_GIANTS
- printf("feeDecodeElGamalSignature:\n");
- printf(" u : "); printGiantHex(*u);
- printf(" PmX : "); printGiantHex(*PmX);
- #endif
- return FR_Success;
-}
-
-feeReturn feeDERDecodeECDSASignature(
- const unsigned char *encodedSig,
- size_t encodedSigLen,
- giant *c, // newGiant'd and RETURNED
- giant *d) // newGiant'd and RETURNED
-{
- FEEECDSASignatureASN1 asnSig;
- SecNssCoder coder;
-
- memset(&asnSig, 0, sizeof(asnSig));
- PRErrorCode perr = coder.decode(encodedSig, encodedSigLen,
- FEEECDSASignatureASN1Template, &asnSig);
- if(perr) {
- return FR_BadSignatureFormat;
- }
-
- try {
- *c = cssmDataToGiant(asnSig.c);
- *d = cssmDataToGiant(asnSig.d);
- }
- catch(const feeException &ferr) {
- return ferr.frtn();
- }
- catch(...) {
- /* FIXME - bad sig? memory? */
- return FR_Memory;
- }
- #if PRINT_SIG_GIANTS
- printf("feeDERDecodeECDSASignature:\n");
- printf(" u : "); printGiantHex(*u);
- printf(" PmX : "); printGiantHex(*PmX);
- #endif
- return FR_Success;
-}
-
-/*
- * Encode/decode the FEE private and public keys. We malloc returned data via
- * falloc(); caller must free via ffree(). Public C functions which never throw.
- */
-feeReturn feeDEREncodePublicKey(
- int version,
- const curveParams *cp,
- giant plusX,
- giant minusX,
- giant plusY, // may be NULL
- unsigned char **keyBlob, // fmallocd and RETURNED
- unsigned *keyBlobLen) // RETURNED
-{
- FEEPublicKeyASN1 asnKey;
- SecNssCoder coder;
-
- memset(&asnKey, 0, sizeof(asnKey));
- intToCssmData(version, asnKey.version, coder);
-
- try {
- feeCurveParamsToASN1(cp, asnKey.curveParams, coder);
- giantToCssmData(plusX, asnKey.plusX, coder);
- giantToCssmData(minusX, asnKey.minusX, coder);
- if(plusY != NULL) {
- giantToCssmData(plusY, asnKey.plusY, coder);
- }
- }
- catch(const feeException &ferr) {
- return ferr.frtn();
- }
-
- /* DER encode */
- PRErrorCode perr;
- CSSM_DATA encBlob; // mallocd by coder
- perr = coder.encodeItem(&asnKey, FEEPublicKeyASN1Template, encBlob);
- if(perr) {
- return FR_Memory;
- }
-
- /* copy out */
- *keyBlob = (unsigned char *)fmalloc((unsigned)encBlob.Length);
- *keyBlobLen = (unsigned)encBlob.Length;
- memmove(*keyBlob, encBlob.Data, encBlob.Length);
- return FR_Success;
-}
-
-feeReturn feeDEREncodePrivateKey(
- int version,
- const curveParams *cp,
- const giant privData,
- unsigned char **keyBlob, // fmallocd and RETURNED
- unsigned *keyBlobLen) // RETURNED
-{
- FEEPrivateKeyASN1 asnKey;
- SecNssCoder coder;
-
- memset(&asnKey, 0, sizeof(asnKey));
- intToCssmData(version, asnKey.version, coder);
-
- try {
- feeCurveParamsToASN1(cp, asnKey.curveParams, coder);
- giantToCssmData(privData, asnKey.privData, coder);
- }
- catch(const feeException &ferr) {
- return ferr.frtn();
- }
-
- /* DER encode */
- PRErrorCode perr;
- CSSM_DATA encBlob; // mallocd by coder
- perr = coder.encodeItem(&asnKey, FEEPrivateKeyASN1Template, encBlob);
- if(perr) {
- return FR_Memory;
- }
-
- /* copy out */
- *keyBlob = (unsigned char *)fmalloc((unsigned)encBlob.Length);
- *keyBlobLen = (unsigned)encBlob.Length;
- memmove(*keyBlob, encBlob.Data, encBlob.Length);
- return FR_Success;
-}
-
-feeReturn feeDERDecodePublicKey(
- const unsigned char *keyBlob,
- unsigned keyBlobLen,
- int *version, // this and remainder RETURNED
- curveParams **cp,
- giant *plusX,
- giant *minusX,
- giant *plusY) // may be NULL
-{
- FEEPublicKeyASN1 asnKey;
- SecNssCoder coder;
-
- memset(&asnKey, 0, sizeof(asnKey));
- PRErrorCode perr = coder.decode(keyBlob, keyBlobLen,
- FEEPublicKeyASN1Template, &asnKey);
- if(perr) {
- return FR_BadKeyBlob;
- }
-
- try {
- *version = cssmDataToInt(asnKey.version);
- *cp = feeCurveParamsFromAsn1(asnKey.curveParams);
- *plusX = cssmDataToGiant(asnKey.plusX);
- *minusX = cssmDataToGiant(asnKey.minusX);
- if(asnKey.plusY.Data != NULL) {
- /* optional */
- *plusY = cssmDataToGiant(asnKey.plusY);
- }
- else {
- *plusY = newGiant(1);
- int_to_giant(0, *plusY);
- }
- }
- catch(const feeException &ferr) {
- return ferr.frtn();
- }
- catch(...) {
- /* FIXME - bad sig? memory? */
- return FR_Memory;
- }
- return FR_Success;
-}
-
-feeReturn feeDERDecodePrivateKey(
- const unsigned char *keyBlob,
- unsigned keyBlobLen,
- int *version, // this and remainder RETURNED
- curveParams **cp,
- giant *privData) // RETURNED
-{
- FEEPrivateKeyASN1 asnKey;
- SecNssCoder coder;
-
- memset(&asnKey, 0, sizeof(asnKey));
- PRErrorCode perr = coder.decode(keyBlob, keyBlobLen,
- FEEPrivateKeyASN1Template, &asnKey);
- if(perr) {
- return FR_BadKeyBlob;
- }
-
- try {
- *version = cssmDataToInt(asnKey.version);
- *cp = feeCurveParamsFromAsn1(asnKey.curveParams);
- *privData = cssmDataToGiant(asnKey.privData);
- }
- catch(const feeException &ferr) {
- return ferr.frtn();
- }
- catch(...) {
- /* FIXME - bad sig? memory? */
- return FR_Memory;
- }
- return FR_Success;
-}
-
-#pragma mark --- ECDSA support ---
-
-/* convert between feeDepth and curve OIDs */
-static const CSSM_OID *depthToOid(
- feeDepth depth)
-{
- switch(depth) {
- case FEE_DEPTH_secp192r1:
- return &CSSMOID_secp192r1;
- case FEE_DEPTH_secp256r1:
- return &CSSMOID_secp256r1;
- case FEE_DEPTH_secp384r1:
- return &CSSMOID_secp384r1;
- case FEE_DEPTH_secp521r1:
- return &CSSMOID_secp521r1;
- default:
- dbgLog(("depthToOid needs work\n"));
- return NULL;
- }
-}
-
-static feeReturn curveOidToFeeDepth(
- const CSSM_OID *curveOid,
- feeDepth *depth) /* RETURNED */
-{
- if(nssCompareCssmData(curveOid, &CSSMOID_secp192r1)) {
- *depth = FEE_DEPTH_secp192r1;
- }
- else if(nssCompareCssmData(curveOid, &CSSMOID_secp256r1)) {
- *depth = FEE_DEPTH_secp256r1;
- }
- else if(nssCompareCssmData(curveOid, &CSSMOID_secp384r1)) {
- *depth = FEE_DEPTH_secp384r1;
- }
- else if(nssCompareCssmData(curveOid, &CSSMOID_secp521r1)) {
- *depth = FEE_DEPTH_secp521r1;
- }
- else {
- dbgLog(("curveOidToFeeDepth: unknown curve OID\n"));
- return FR_BadKeyBlob;
- }
- return FR_Success;
-}
-
-
-/*
- * Validate a decoded CSSM_X509_ALGORITHM_IDENTIFIER and infer
- * depth from its algorith.parameter
- */
-static feeReturn feeAlgIdToDepth(
- const CSSM_X509_ALGORITHM_IDENTIFIER *algId,
- feeDepth *depth)
-{
- const CSSM_OID *oid = &algId->algorithm;
- /* FIXME what's the value here for a private key!? */
- if(!nssCompareCssmData(oid, &CSSMOID_ecPublicKey)) {
- dbgLog(("feeAlgIdToDepth: bad OID"));
- return FR_BadKeyBlob;
- }
-
- /*
- * AlgId.params is curve OID, still encoded since it's an ASN_ANY.
- * First two bytes of encoded OID are (06, length)
- */
- const CSSM_DATA *param = &algId->parameters;
- if((param->Length <= 2) || (param->Data[0] != BER_TAG_OID)) {
- dbgLog(("feeAlgIdToDepth: no curve params\n"));
- return FR_BadKeyBlob;
- }
-
- CSSM_OID decOid = {param->Length-2, algId->parameters.Data+2};
- return curveOidToFeeDepth(&decOid, depth);
-}
-
-/*
- * Prepare an CSSM_X509_ALGORITHM_IDENTIFIER for encoding.
- */
-static feeReturn feeSetupAlgId(
- feeDepth depth,
- SecNssCoder &coder,
- CSSM_X509_ALGORITHM_IDENTIFIER &algId)
-{
- algId.algorithm = CSSMOID_ecPublicKey;
- const CSSM_OID *curveOid = depthToOid(depth);
- if(curveOid == NULL) {
- return FR_IllegalDepth;
- }
-
- /* quick & dirty encode of the parameter OID; it's an ASN_ANY in the template */
- coder.allocItem(algId.parameters, curveOid->Length + 2);
- algId.parameters.Data[0] = BER_TAG_OID;
- algId.parameters.Data[1] = curveOid->Length;
- memmove(algId.parameters.Data+2, curveOid->Data, curveOid->Length);
- return FR_Success;
-}
-
-#pragma mark --- ECDSA public key, X.509 format ---
-
-/*
- * Encode/decode public key in X.509 format.
- */
-feeReturn feeDEREncodeX509PublicKey(
- const unsigned char *pubBlob, /* x and y octet string */
- unsigned pubBlobLen,
- curveParams *cp,
- unsigned char **x509Blob, /* fmallocd and RETURNED */
- unsigned *x509BlobLen) /* RETURNED */
-{
- SecNssCoder coder;
- CSSM_X509_SUBJECT_PUBLIC_KEY_INFO nssPubKeyInfo;
-
- memset(&nssPubKeyInfo, 0, sizeof(nssPubKeyInfo));
-
- /* The x/y string, to be encoded in a bit string */
- nssPubKeyInfo.subjectPublicKey.Data = (uint8 *)pubBlob;
- nssPubKeyInfo.subjectPublicKey.Length = pubBlobLen * 8;
-
- feeDepth depth;
- feeReturn frtn = curveParamsDepth(cp, &depth);
- if(frtn) {
- dbgLog(("feeDEREncodePKCS8PrivateKey: curveParamsDepth error\n"));
- return frtn;
- }
-
- CSSM_X509_ALGORITHM_IDENTIFIER &algId = nssPubKeyInfo.algorithm;
- frtn = feeSetupAlgId(depth, coder, algId);
- if(frtn) {
- return frtn;
- }
-
- /* DER encode */
- CSSM_DATA encBlob; // mallocd by coder
- PRErrorCode perr = coder.encodeItem(&nssPubKeyInfo, kSecAsn1SubjectPublicKeyInfoTemplate, encBlob);
- if(perr) {
- return FR_Memory;
- }
-
- /* copy out */
- *x509Blob = (unsigned char *)fmalloc((unsigned)encBlob.Length);
- *x509BlobLen = (unsigned)encBlob.Length;
- memmove(*x509Blob, encBlob.Data, encBlob.Length);
- return FR_Success;
-}
-
-feeReturn feeDERDecodeX509PublicKey(
- const unsigned char *x509Blob,
- unsigned x509BlobLen,
- feeDepth *depth, /* RETURNED */
- unsigned char **pubBlob, /* x and y octet string RETURNED */
- unsigned *pubBlobLen) /* RETURNED */
-{
- SecNssCoder coder;
- CSSM_X509_SUBJECT_PUBLIC_KEY_INFO nssPubKeyInfo;
- PRErrorCode perr;
-
- memset(&nssPubKeyInfo, 0, sizeof(nssPubKeyInfo));
- perr = coder.decode(x509Blob, x509BlobLen, kSecAsn1SubjectPublicKeyInfoTemplate,
- &nssPubKeyInfo);
- if(perr) {
- dbgLog(("decode(SubjectPublicKeyInfo) error"));
- return FR_BadKeyBlob;
- }
-
- /* verify alg identifier & depth */
- feeReturn frtn = feeAlgIdToDepth(&nssPubKeyInfo.algorithm, depth);
- if(frtn) {
- return frtn;
- }
-
- /* copy public key string - it's in bits here */
- CSSM_DATA *pubKey = &nssPubKeyInfo.subjectPublicKey;
- unsigned keyLen =(unsigned) (pubKey->Length + 7) / 8;
- *pubBlob = (unsigned char *)fmalloc(keyLen);
- if(*pubBlob == NULL) {
- return FR_Memory;
- }
- memmove(*pubBlob, pubKey->Data, keyLen);
- *pubBlobLen = keyLen;
- return FR_Success;
-}
-
-#pragma mark --- ECDSA keys, OpenSSL format ---
-
-/*
- * Encode private, and decode private or public key, in unencrypted OpenSSL format.
- */
-feeReturn feeDEREncodeOpenSSLPrivateKey(
- const unsigned char *privBlob, /* private data octet string */
- unsigned privBlobLen,
- const unsigned char *pubBlob, /* public key, optional */
- unsigned pubBlobLen,
- curveParams *cp,
- unsigned char **openBlob, /* fmallocd and RETURNED */
- unsigned *openBlobLen) /* RETURNED */
-{
- feeDepth depth;
- const CSSM_OID *curveOid;
- SecNssCoder coder;
-
- NSS_ECDSA_PrivateKey ecdsaPrivKey;
- memset(&ecdsaPrivKey, 0, sizeof(ecdsaPrivKey));
- uint8 vers = 1;
- ecdsaPrivKey.version.Data = &vers;
- ecdsaPrivKey.version.Length = 1;
- ecdsaPrivKey.privateKey.Data = (uint8 *)privBlob;
- ecdsaPrivKey.privateKey.Length = privBlobLen;
-
- /* Params - ASN_ANY - actually the curve OID */
- if(curveParamsDepth(cp, &depth)) {
- dbgLog(("feeDEREncodeOpenSSLPrivateKey: bad depth"));
- return FR_BadKeyBlob;
- }
- curveOid = depthToOid(depth);
- if(curveOid == NULL) {
- return FR_BadKeyBlob;
- }
-
- /* quickie DER-encode of the curve OID */
- try {
- coder.allocItem(ecdsaPrivKey.params, curveOid->Length + 2);
- }
- catch(...) {
- return FR_Memory;
- }
- ecdsaPrivKey.params.Data[0] = BER_TAG_OID;
- ecdsaPrivKey.params.Data[1] = curveOid->Length;
- memmove(ecdsaPrivKey.params.Data+2, curveOid->Data, curveOid->Length);
-
- /* public key - optional - bit string, length in bits */
- if(pubBlob) {
- ecdsaPrivKey.pubKey.Data = (uint8 *)pubBlob;
- ecdsaPrivKey.pubKey.Length = pubBlobLen * 8;
- }
-
- CSSM_DATA encPriv = {0, NULL};
- PRErrorCode perr = coder.encodeItem(&ecdsaPrivKey, kSecAsn1ECDSAPrivateKeyInfoTemplate, encPriv);
- if(perr) {
- return FR_Memory;
- }
-
- /* copy out */
- *openBlob = (unsigned char *)fmalloc((unsigned)encPriv.Length);
- *openBlobLen = (unsigned)encPriv.Length;
- memmove(*openBlob, encPriv.Data, encPriv.Length);
- return FR_Success;
-}
-
-feeReturn feeDERDecodeOpenSSLKey(
- const unsigned char *osBlob,
- unsigned osBlobLen,
- feeDepth *depth, /* RETURNED */
- unsigned char **privBlob, /* private data octet string RETURNED */
- unsigned *privBlobLen, /* RETURNED */
- unsigned char **pubBlob, /* public data octet string optionally RETURNED */
- unsigned *pubBlobLen)
-{
- SecNssCoder coder;
- NSS_ECDSA_PrivateKey ecdsaPrivKey;
- memset(&ecdsaPrivKey, 0, sizeof(ecdsaPrivKey));
- if(coder.decode(osBlob, osBlobLen,
- kSecAsn1ECDSAPrivateKeyInfoTemplate, &ecdsaPrivKey)) {
- dbgLog(("Error decoding openssl priv key\n"));
- return FR_BadKeyBlob;
- }
-
- unsigned keyLen = (unsigned)ecdsaPrivKey.privateKey.Length;
- if(keyLen == 0) {
- dbgLog(("NULL priv key data in PKCS8\n"));
- }
- *privBlob = (unsigned char *)fmalloc(keyLen);
- if(*privBlob == NULL) {
- return FR_Memory;
- }
- *privBlobLen = keyLen;
- memmove(*privBlob, ecdsaPrivKey.privateKey.Data, keyLen);
-
- /* curve OID --> depth */
- if(ecdsaPrivKey.params.Data != NULL) {
- /* quickie decode */
- const CSSM_DATA *param = &ecdsaPrivKey.params;
- if((param->Data[0] != BER_TAG_OID) || (param->Length <= 2)) {
- dbgLog(("feeDERDecodeOpenSSLKey: bad curve params\n"));
- return FR_BadKeyBlob;
- }
- CSSM_OID decOid = {param->Length-2, param->Data+2};
- if(curveOidToFeeDepth(&decOid, depth)) {
- return FR_BadKeyBlob;
- }
- }
-
- /* Public key, if it's there and caller wants it */
- if((ecdsaPrivKey.pubKey.Length != 0) && (pubBlob != NULL)) {
- *pubBlobLen = (unsigned)(ecdsaPrivKey.pubKey.Length + 7) / 8;
- *pubBlob = (unsigned char *)fmalloc(*pubBlobLen);
- memmove(*pubBlob, ecdsaPrivKey.pubKey.Data, *pubBlobLen);
- }
- return FR_Success;
-}
-
-#pragma mark --- ECDSA public key, PKCS8 format ---
-
-/*
- * Encode/decode private key in unencrypted PKCS8 format.
- */
-feeReturn feeDEREncodePKCS8PrivateKey(
- const unsigned char *privBlob, /* private data octet string */
- unsigned privBlobLen,
- const unsigned char *pubBlob, /* public blob, optional */
- unsigned pubBlobLen,
- curveParams *cp,
- unsigned char **pkcs8Blob, /* fmallocd and RETURNED */
- unsigned *pkcs8BlobLen) /* RETURNED */
-{
- /* First encode a NSS_ECDSA_PrivateKey */
- unsigned char *encPriv = NULL;
- unsigned encPrivLen = 0;
- feeReturn frtn = feeDEREncodeOpenSSLPrivateKey(privBlob, privBlobLen,
- pubBlob, pubBlobLen, cp, &encPriv, &encPrivLen);
- if(frtn) {
- return frtn;
- }
-
- /* That encoding goes into NSS_PrivateKeyInfo.private key */
- SecNssCoder coder;
- NSS_PrivateKeyInfo nssPrivKeyInfo;
- CSSM_X509_ALGORITHM_IDENTIFIER &algId = nssPrivKeyInfo.algorithm;
- memset(&nssPrivKeyInfo, 0, sizeof(nssPrivKeyInfo));
- nssPrivKeyInfo.privateKey.Data = (uint8 *)encPriv;
- nssPrivKeyInfo.privateKey.Length = encPrivLen;
- uint8 vers = 0;
-
- feeDepth depth;
- frtn = curveParamsDepth(cp, &depth);
- if(frtn) {
- dbgLog(("feeDEREncodePKCS8PrivateKey: curveParamsDepth error\n"));
- goto errOut;
- }
- frtn = feeSetupAlgId(depth, coder, algId);
- if(frtn) {
- goto errOut;
- }
-
- nssPrivKeyInfo.version.Data = &vers;
- nssPrivKeyInfo.version.Length = 1;
-
- /* DER encode */
- CSSM_DATA encPrivInfo; // mallocd by coder
- if(coder.encodeItem(&nssPrivKeyInfo, kSecAsn1PrivateKeyInfoTemplate, encPrivInfo)) {
- frtn = FR_Memory;
- goto errOut;
- }
-
- /* copy out */
- *pkcs8Blob = (unsigned char *)fmalloc((unsigned)encPrivInfo.Length);
- *pkcs8BlobLen = (unsigned)encPrivInfo.Length;
- memmove(*pkcs8Blob, encPrivInfo.Data, encPrivInfo.Length);
-errOut:
- if(encPriv) {
- ffree(encPriv);
- }
- return frtn;
-}
-
-feeReturn feeDERDecodePKCS8PrivateKey(
- const unsigned char *pkcs8Blob,
- unsigned pkcs8BlobLen,
- feeDepth *depth, /* RETURNED */
- unsigned char **privBlob, /* private data octet string RETURNED */
- unsigned *privBlobLen, /* RETURNED */
- unsigned char **pubBlob, /* optionally returned, if it's there */
- unsigned *pubBlobLen)
-{
- NSS_PrivateKeyInfo nssPrivKeyInfo;
- PRErrorCode perr;
- SecNssCoder coder;
-
- memset(&nssPrivKeyInfo, 0, sizeof(nssPrivKeyInfo));
- perr = coder.decode(pkcs8Blob, pkcs8BlobLen, kSecAsn1PrivateKeyInfoTemplate, &nssPrivKeyInfo);
- if(perr) {
- dbgLog(("Error decoding top level PKCS8\n"));
- return FR_BadKeyBlob;
- }
-
- /* verify alg identifier & depth */
- feeReturn frtn = feeAlgIdToDepth(&nssPrivKeyInfo.algorithm, depth);
- if(frtn) {
- return frtn;
- }
-
- /*
- * nssPrivKeyInfo.privateKey is an octet string containing an encoded
- * NSS_ECDSA_PrivateKey.
- */
- frtn = feeDERDecodeOpenSSLKey((const unsigned char *)nssPrivKeyInfo.privateKey.Data,
- (unsigned)nssPrivKeyInfo.privateKey.Length, depth,
- privBlob, privBlobLen,
- pubBlob, pubBlobLen);
-
- return frtn;
-}
-
-#endif /* CRYPTKIT_DER_ENABLE */
projects / apple / security.git / blobdiff