+++ /dev/null
-/*
- * Copyright (c) 2003-2004,2011-2014 Apple Inc. All Rights Reserved.
- *
- * @APPLE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_LICENSE_HEADER_END@
- */
-
-/*
- * pkcs12Coder.cpp - Public P12Coder coder functions.
- */
-
-#include "pkcs12Coder.h"
-#include "pkcs12Debug.h"
-#include "pkcs12Utils.h"
-#include <Security/cssmerr.h>
-#include <security_cdsa_utils/cuCdsaUtils.h>
-#include <Security/oidsalg.h>
-#include <Security/SecBase.h>
-/*
- * Default encryption parameters
- */
-#define P12_ENCR_ITER_COUNT 2048
-#define P12_MAC_ITER_COUNT 1
-#define P12_WEAK_ENCR_ALG CSSMOID_PKCS12_pbewithSHAAnd40BitRC2CBC
-#define P12_STRONG_ENCR_ALG CSSMOID_PKCS12_pbeWithSHAAnd3Key3DESCBC
-
-/*
- * Default import flags.
- */
-#define P12_KC_IMPORT_DEFAULT (kSecImportCertificates | \
- kSecImportCRLs | \
- kSecImportKeys)
-
-P12Coder::P12Coder()
-{
- init();
-}
-
-/* one-time init from all constructors */
-void P12Coder::init()
-{
- mPrivacyMode = kSecPkcs12ModePassword;
- mIntegrityMode = kSecPkcs12ModePassword;
- mMacPassphrase = NULL;
- mEncrPassPhrase = NULL;
- mMacPassData.Data = NULL;
- mMacPassData.Length = 0;
- mEncrPassData.Data = NULL;
- mEncrPassData.Length = 0;
- mMacPassKey = NULL;
- mEncrPassKey = NULL;
- mKeychain = NULL;
- mCspHand = 0;
- mDlDbHand.DLHandle = 0;
- mDlDbHand.DBHandle = 0;
- mPrivKeyImportState = PKIS_NoLimit;
- mWeakEncrAlg = P12_WEAK_ENCR_ALG;
- mStrongEncrAlg = P12_STRONG_ENCR_ALG;
- mWeakEncrIterCount = P12_ENCR_ITER_COUNT;
- mStrongEncrIterCount = P12_ENCR_ITER_COUNT;
- mMacIterCount = P12_MAC_ITER_COUNT;
- mImportFlags = P12_KC_IMPORT_DEFAULT;
- mRawCspHand = 0;
- mClHand = 0;
- mAccess = NULL;
- mNoAcl = false;
- mKeyUsage = CSSM_KEYUSE_ANY; /* default */
- /* default key attrs; we add CSSM_KEYATTR_PERMANENT if importing to
- * a keychain */
- mKeyAttrs = CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_EXTRACTABLE |
- CSSM_KEYATTR_SENSITIVE;
-}
-
-/*
- * FIXME - can't we get vector's destructor to do this?
- */
-#define deleteVect(v) \
-{ \
- while(v.size()) { \
- delete v[0]; \
- v.erase(v.begin()); \
- } \
- v.clear(); \
-}
-
-P12Coder::~P12Coder()
-{
- if(mMacPassphrase) {
- CFRelease(mMacPassphrase);
- }
- if(mEncrPassPhrase) {
- CFRelease(mEncrPassPhrase);
- }
- if(mAccess) {
- CFRelease(mAccess);
- }
- deleteVect(mCerts);
- deleteVect(mCrls);
- deleteVect(mKeys);
- deleteVect(mOpaques);
-
- if(mKeychain) {
- CFRelease(mKeychain);
- }
- if(mRawCspHand) {
- cuCspDetachUnload(mRawCspHand, CSSM_TRUE);
- }
- if(mClHand) {
- cuClDetachUnload(mClHand);
- }
-}
-
-void P12Coder::setKeychain(
- SecKeychainRef keychain)
-{
- OSStatus ortn = SecKeychainGetCSPHandle(keychain, &mCspHand);
- if(ortn) {
- MacOSError::throwMe(ortn);
- }
- ortn = SecKeychainGetDLDBHandle(keychain, &mDlDbHand);
- if(ortn) {
- MacOSError::throwMe(ortn);
- }
- CFRetain(keychain);
- mKeychain = keychain;
-}
-
-void P12Coder::setAccess(
- SecAccessRef access)
-{
- if(mAccess) {
- CFRelease(mAccess);
- }
- mAccess = access;
- if(mAccess) {
- CFRetain(mAccess);
- }
- else {
- /* NULL ==> no ACL */
- mNoAcl = true;
- }
-}
-
-#define SEC_KEYATTR_RETURN_MASK \
- (CSSM_KEYATTR_RETURN_DATA | CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_RETURN_NONE)
-
-void P12Coder::setKeyAttrs(
- CSSM_KEYATTR_FLAGS keyAttrs)
-{
- /* ensure we're generating a ref key no matter what caller asks for */
- mKeyAttrs = keyAttrs;
- mKeyAttrs &= ~SEC_KEYATTR_RETURN_MASK;
- mKeyAttrs |= CSSM_KEYATTR_RETURN_REF;
-}
-
-/*
- * Private methods for obtaining passprases in CSSM_DATA form.
- */
-const CSSM_DATA *P12Coder::getMacPassPhrase()
-{
- if(mMacPassData.Data != NULL) {
- return &mMacPassData;
- }
- else if (mMacPassphrase) {
- p12ImportPassPhrase(mMacPassphrase, mCoder, mMacPassData);
- return &mMacPassData;
- }
- else {
- return NULL;
- }
-}
-
-const CSSM_DATA *P12Coder::getEncrPassPhrase()
-{
- if(mEncrPassData.Data != NULL) {
- return &mEncrPassData;
- }
- else if (mEncrPassPhrase) {
- p12ImportPassPhrase(mEncrPassPhrase, mCoder, mEncrPassData);
- return &mEncrPassData;
- }
- /* no separate passphrase found, use MAC passphrase */
- return getMacPassPhrase();
-}
-
-/*
- * These return a CSSM_KEY_PTR is the app had specified
- * PassKeys, else they return NULL.
- */
-const CSSM_KEY *P12Coder::getMacPassKey()
-{
- return mMacPassKey;
-}
-
-const CSSM_KEY *P12Coder::getEncrPassKey()
-{
- if(mEncrPassKey != NULL) {
- return mEncrPassKey;
- }
- else {
- return getMacPassKey();
- }
-}
-
-/*
- * Lazy evaluation of module handles.
- */
-CSSM_CSP_HANDLE P12Coder::rawCspHand()
-{
- if(mRawCspHand != 0) {
- return mRawCspHand;
- }
- mRawCspHand = cuCspStartup(CSSM_TRUE);
- if(mRawCspHand == 0) {
- CssmError::throwMe(CSSMERR_CL_INTERNAL_ERROR);
- }
- return mRawCspHand;
-}
-
-CSSM_CL_HANDLE P12Coder::clHand()
-{
- if(mClHand != 0) {
- return mClHand;
- }
- mClHand = cuClStartup();
- if(mClHand == 0) {
- CssmError::throwMe(CSSMERR_CL_INTERNAL_ERROR);
- }
- return mClHand;
-}
-
-/*
- * These public functions more or less correspond to
- * the public functions in SecPkcs12.h.
- */
-void P12Coder::setMacPassPhrase(
- CFStringRef passphrase)
-{
- CFRetain(passphrase);
- mMacPassphrase = passphrase;
-}
-
-void P12Coder::setEncrPassPhrase(
- CFStringRef passphrase)
-{
- CFRetain(passphrase);
- mEncrPassPhrase = passphrase;
-}
-
-void P12Coder::setMacPassKey(
- const CSSM_KEY *passKey)
-{
- mMacPassKey = passKey;
-}
-
-void P12Coder::setEncrPassKey(
- const CSSM_KEY *passKey)
-{
- mEncrPassKey = passKey;
-}
-
-/* getters */
-unsigned P12Coder::numCerts()
-{
- return (unsigned)mCerts.size();
-}
-
-unsigned P12Coder::numCrls()
-{
- return (unsigned)mCrls.size();
-}
-
-unsigned P12Coder::numKeys()
-{
- return (unsigned)mKeys.size();
-}
-
-unsigned P12Coder::numOpaqueBlobs()
-{
- return (unsigned)mOpaques.size();
-}
-
-P12CertBag *P12Coder::getCert(
- unsigned dex)
-{
- if(mCerts.size() < (dex + 1)) {
- MacOSError::throwMe(errSecParam);
- }
- return mCerts[dex];
-}
-
-P12CrlBag *P12Coder::getCrl(
- unsigned dex)
-{
- if(mCrls.size() < (dex + 1)) {
- MacOSError::throwMe(errSecParam);
- }
- return mCrls[dex];
-}
-
-P12KeyBag *P12Coder::getKey(
- unsigned dex)
-{
- if(mKeys.size() < (dex + 1)) {
- MacOSError::throwMe(errSecParam);
- }
- return mKeys[dex];
-}
-
-P12OpaqueBag *P12Coder::getOpaque(
- unsigned dex)
-{
- if(mOpaques.size() < (dex + 1)) {
- MacOSError::throwMe(errSecParam);
- }
- return mOpaques[dex];
-}
-
-/*
- * These four "add" functions are invoked by the app prior to encoding
- * and by our decoder while decoding.
- */
-void P12Coder::addCert(
- P12CertBag *cert)
-{
- mCerts.push_back(cert);
-}
-
-void P12Coder::addCrl(
- P12CrlBag *crl)
-{
- mCrls.push_back(crl);
-}
-
-void P12Coder::addKey(
- P12KeyBag *key)
-{
- mKeys.push_back(key);
-}
-
-void P12Coder::addOpaque(
- P12OpaqueBag *opaque)
-{
- mOpaques.push_back(opaque);
-}
-
-
-/* little known, but public, functions */
-void P12Coder::integrityMode(
- SecPkcs12Mode mode)
-{
- if(mode != kSecPkcs12ModePassword) {
- MacOSError::throwMe(errSecParam);
- }
- mIntegrityMode = mode;
-}
-
-void P12Coder::privacyMode(
- SecPkcs12Mode mode)
-{
- if(mode != kSecPkcs12ModePassword) {
- MacOSError::throwMe(errSecParam);
- }
- mPrivacyMode = mode;
-}
-
-CFDataRef P12Coder::weakEncrAlg()
-{
- return p12CssmDataToCf(mWeakEncrAlg);
-}
-
-CFDataRef P12Coder::strongEncrAlg()
-{
- return p12CssmDataToCf(mStrongEncrAlg);
-}
-
-void P12Coder::weakEncrAlg(
- CFDataRef alg)
-{
- p12CfDataToCssm(alg, mWeakEncrAlg, mCoder);
-}
-
-void P12Coder::strongEncrAlg(
- CFDataRef alg)
-{
- p12CfDataToCssm(alg, mStrongEncrAlg, mCoder);
-}
-
-void P12Coder::limitPrivKeyImport(
- bool foundOneKey)
-{
- if(foundOneKey) {
- mPrivKeyImportState = PKIS_NoMore;
- }
- else {
- mPrivKeyImportState = PKIS_AllowOne;
- }
-}
projects / apple / security.git / blobdiff