+++ /dev/null
-/*
- * Copyright (c) 2003-2004,2011,2014 Apple Inc. All Rights Reserved.
- *
- * @APPLE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_LICENSE_HEADER_END@
- */
-
-/*
- * pkc12Crypto.cpp - PKCS12-specific cyptrographic routines
- */
-
-#include "pkcs12Crypto.h"
-#include "pkcs12Utils.h"
-#include "pkcs12Debug.h"
-#include <security_cdsa_utils/cuCdsaUtils.h>
-#include <security_cdsa_utilities/cssmacl.h>
-#include <security_keychain/Access.h>
-
-/*
- * Given appropriate P12-style parameters, cook up a CSSM_KEY.
- * Caller MUST CSSM_FreeKey() when it's done with the key.
- */
-#define KEY_LABEL "p12 key"
-
-CSSM_RETURN p12KeyGen(
- CSSM_CSP_HANDLE cspHand,
- CSSM_KEY &key,
- bool isForEncr, // true: en/decrypt false: MAC
- CSSM_ALGORITHMS keyAlg,
- CSSM_ALGORITHMS pbeHashAlg, // actually must be SHA1 for now
- uint32 keySizeInBits,
- uint32 iterCount,
- const CSSM_DATA &salt,
- /* exactly one of the following two must be valid */
- const CSSM_DATA *pwd, // unicode external representation
- const CSSM_KEY *passKey,
- CSSM_DATA &iv) // referent is optional
-{
- CSSM_RETURN crtn;
- CSSM_CC_HANDLE ccHand;
- CSSM_DATA dummyLabel;
- CSSM_ACCESS_CREDENTIALS creds;
-
- memset(&key, 0, sizeof(CSSM_KEY));
- memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS));
-
- /* infer key derivation algorithm */
- CSSM_ALGORITHMS deriveAlg = CSSM_ALGID_NONE;
- if(pbeHashAlg != CSSM_ALGID_SHA1) {
- return CSSMERR_CSP_INVALID_ALGORITHM;
- }
- if(isForEncr) {
- /*
- * FIXME - if this key is going to be used to wrap/unwrap a
- * shrouded key bag, its usage will change accordingly...
- */
- deriveAlg = CSSM_ALGID_PKCS12_PBE_ENCR;
- }
- else {
- deriveAlg = CSSM_ALGID_PKCS12_PBE_MAC;
- }
- CSSM_CRYPTO_DATA seed;
- if(pwd) {
- seed.Param = *pwd;
- }
- else {
- seed.Param.Data = NULL;
- seed.Param.Length = 0;
- }
- seed.Callback = NULL;
- seed.CallerCtx = NULL;
-
- crtn = CSSM_CSP_CreateDeriveKeyContext(cspHand,
- deriveAlg,
- keyAlg,
- keySizeInBits,
- &creds,
- passKey, // BaseKey
- iterCount,
- &salt,
- &seed, // seed
- &ccHand);
- if(crtn) {
- p12LogCssmError("CSSM_CSP_CreateDeriveKeyContext", crtn);
- return crtn;
- }
-
- dummyLabel.Length = strlen(KEY_LABEL);
- dummyLabel.Data = (uint8 *)KEY_LABEL;
-
- /* KEYUSE_ANY - this is just an ephemeral session key */
- crtn = CSSM_DeriveKey(ccHand,
- &iv,
- CSSM_KEYUSE_ANY,
- CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_SENSITIVE,
- &dummyLabel,
- NULL, // cred and acl
- &key);
- CSSM_DeleteContext(ccHand);
- if(crtn) {
- p12LogCssmError("CSSM_DeriveKey", crtn);
- }
- return crtn;
-}
-
-/*
- * Decrypt (typically, an encrypted P7 ContentInfo contents)
- */
-CSSM_RETURN p12Decrypt(
- CSSM_CSP_HANDLE cspHand,
- const CSSM_DATA &cipherText,
- CSSM_ALGORITHMS keyAlg,
- CSSM_ALGORITHMS encrAlg,
- CSSM_ALGORITHMS pbeHashAlg, // SHA1, MD5 only
- uint32 keySizeInBits,
- uint32 blockSizeInBytes, // for IV
- CSSM_PADDING padding, // CSSM_PADDING_PKCS7, etc.
- CSSM_ENCRYPT_MODE mode, // CSSM_ALGMODE_CBCPadIV8, etc.
- uint32 iterCount,
- const CSSM_DATA &salt,
- /* exactly one of the following two must be valid */
- const CSSM_DATA *pwd, // unicode external representation
- const CSSM_KEY *passKey,
- SecNssCoder &coder, // for mallocing plainText
- CSSM_DATA &plainText)
-{
- CSSM_RETURN crtn;
- CSSM_KEY ckey;
- CSSM_CC_HANDLE ccHand = 0;
- CSSM_DATA ourPtext = {0, NULL};
- CSSM_DATA remData = {0, NULL};
-
- /* P12 style IV derivation, optional */
- CSSM_DATA iv = {0, NULL};
- CSSM_DATA_PTR ivPtr = NULL;
- if(blockSizeInBytes) {
- coder.allocItem(iv, blockSizeInBytes);
- ivPtr = &iv;
- }
-
- /* P12 style key derivation */
- crtn = p12KeyGen(cspHand, ckey, true, keyAlg, pbeHashAlg,
- keySizeInBits, iterCount, salt, pwd, passKey, iv);
- if(crtn) {
- return crtn;
- }
- /* subsequent errors to errOut: */
-
- /* CSSM context */
- crtn = CSSM_CSP_CreateSymmetricContext(cspHand,
- encrAlg,
- mode,
- NULL, // access cred
- &ckey,
- ivPtr, // InitVector, optional
- padding,
- NULL, // Params
- &ccHand);
- if(crtn) {
- cuPrintError("CSSM_CSP_CreateSymmetricContext", crtn);
- goto errOut;
- }
-
- /* go - CSP mallocs ptext and rem data */
- CSSM_SIZE bytesDecrypted;
- crtn = CSSM_DecryptData(ccHand,
- &cipherText,
- 1,
- &ourPtext,
- 1,
- &bytesDecrypted,
- &remData);
- if(crtn) {
- cuPrintError("CSSM_DecryptData", crtn);
- }
- else {
- coder.allocCopyItem(ourPtext, plainText);
- plainText.Length = bytesDecrypted;
-
- /* plaintext copied into coder space; free the memory allocated
- * by the CSP */
- freeCssmMemory(cspHand, ourPtext.Data);
- }
- /* an artifact of CSPFullPLuginSession - this never contains
- * valid data but sometimes gets mallocds */
- if(remData.Data) {
- freeCssmMemory(cspHand, remData.Data);
- }
-errOut:
- if(ccHand) {
- CSSM_DeleteContext(ccHand);
- }
- CSSM_FreeKey(cspHand, NULL, &ckey, CSSM_FALSE);
- return crtn;
-}
-
-/*
- * Decrypt (typically, an encrypted P7 ContentInfo contents)
- */
-CSSM_RETURN p12Encrypt(
- CSSM_CSP_HANDLE cspHand,
- const CSSM_DATA &plainText,
- CSSM_ALGORITHMS keyAlg,
- CSSM_ALGORITHMS encrAlg,
- CSSM_ALGORITHMS pbeHashAlg, // SHA1, MD5 only
- uint32 keySizeInBits,
- uint32 blockSizeInBytes, // for IV
- CSSM_PADDING padding, // CSSM_PADDING_PKCS7, etc.
- CSSM_ENCRYPT_MODE mode, // CSSM_ALGMODE_CBCPadIV8, etc.
- uint32 iterCount,
- const CSSM_DATA &salt,
- /* exactly one of the following two must be valid */
- const CSSM_DATA *pwd, // unicode external representation
- const CSSM_KEY *passKey,
- SecNssCoder &coder, // for mallocing cipherText
- CSSM_DATA &cipherText)
-{
- CSSM_RETURN crtn;
- CSSM_KEY ckey;
- CSSM_CC_HANDLE ccHand = 0;
- CSSM_DATA ourCtext = {0, NULL};
- CSSM_DATA remData = {0, NULL};
-
- /* P12 style IV derivation, optional */
- CSSM_DATA iv = {0, NULL};
- CSSM_DATA_PTR ivPtr = NULL;
- if(blockSizeInBytes) {
- coder.allocItem(iv, blockSizeInBytes);
- ivPtr = &iv;
- }
-
- /* P12 style key derivation */
- crtn = p12KeyGen(cspHand, ckey, true, keyAlg, pbeHashAlg,
- keySizeInBits, iterCount, salt, pwd, passKey, iv);
- if(crtn) {
- return crtn;
- }
- /* subsequent errors to errOut: */
-
- /* CSSM context */
- crtn = CSSM_CSP_CreateSymmetricContext(cspHand,
- encrAlg,
- mode,
- NULL, // access cred
- &ckey,
- ivPtr, // InitVector, optional
- padding,
- NULL, // Params
- &ccHand);
- if(crtn) {
- cuPrintError("CSSM_CSP_CreateSymmetricContext", crtn);
- goto errOut;
- }
-
- /* go - CSP mallocs ctext and rem data */
- CSSM_SIZE bytesEncrypted;
- crtn = CSSM_EncryptData(ccHand,
- &plainText,
- 1,
- &ourCtext,
- 1,
- &bytesEncrypted,
- &remData);
- if(crtn) {
- cuPrintError("CSSM_DecryptData", crtn);
- }
- else {
- coder.allocCopyItem(ourCtext, cipherText);
- cipherText.Length = bytesEncrypted;
-
- /* plaintext copied into coder space; free the memory allocated
- * by the CSP */
- freeCssmMemory(cspHand, ourCtext.Data);
- }
- /* an artifact of CSPFUllPLuginSession - this never contains
- * valid data but sometimes gets mallocds */
- if(remData.Data) {
- freeCssmMemory(cspHand, remData.Data);
- }
-errOut:
- if(ccHand) {
- CSSM_DeleteContext(ccHand);
- }
- CSSM_FreeKey(cspHand, NULL, &ckey, CSSM_FALSE);
- return crtn;
-}
-
-/*
- * Calculate the MAC for a PFX. Caller is either going compare
- * the result against an existing PFX's MAC or drop the result into
- * a newly created PFX.
- */
-CSSM_RETURN p12GenMac(
- CSSM_CSP_HANDLE cspHand,
- const CSSM_DATA &ptext, // e.g., NSS_P12_DecodedPFX.derAuthSaafe
- CSSM_ALGORITHMS alg, // better be SHA1!
- unsigned iterCount,
- const CSSM_DATA &salt,
- /* exactly one of the following two must be valid */
- const CSSM_DATA *pwd, // unicode external representation
- const CSSM_KEY *passKey,
- SecNssCoder &coder, // for mallocing macData
- CSSM_DATA &macData) // RETURNED
-{
- CSSM_RETURN crtn;
- CSSM_CC_HANDLE ccHand = 0;
-
- /* P12 style key derivation */
- unsigned keySizeInBits;
- CSSM_ALGORITHMS hmacAlg;
- switch(alg) {
- case CSSM_ALGID_SHA1:
- keySizeInBits = 160;
- hmacAlg = CSSM_ALGID_SHA1HMAC;
- break;
- case CSSM_ALGID_MD5:
- /* not even sure if this is legal in p12 world... */
- keySizeInBits = 128;
- hmacAlg = CSSM_ALGID_MD5HMAC;
- break;
- default:
- return CSSMERR_CSP_INVALID_ALGORITHM;
- }
- CSSM_KEY macKey;
- CSSM_DATA iv = {0, NULL};
- crtn = p12KeyGen(cspHand, macKey, false, hmacAlg, alg,
- keySizeInBits, iterCount, salt, pwd, passKey, iv);
- if(crtn) {
- return crtn;
- }
- /* subsequent errors to errOut: */
-
- /* prealloc the mac data */
- coder.allocItem(macData, keySizeInBits / 8);
- crtn = CSSM_CSP_CreateMacContext(cspHand, hmacAlg, &macKey, &ccHand);
- if(crtn) {
- cuPrintError("CSSM_CSP_CreateMacContext", crtn);
- goto errOut;
- }
-
- crtn = CSSM_GenerateMac (ccHand, &ptext, 1, &macData);
- if(crtn) {
- cuPrintError("CSSM_GenerateMac", crtn);
- }
-errOut:
- if(ccHand) {
- CSSM_DeleteContext(ccHand);
- }
- CSSM_FreeKey(cspHand, NULL, &macKey, CSSM_FALSE);
- return crtn;
-}
-
-/*
- * Unwrap a shrouded key.
- */
-CSSM_RETURN p12UnwrapKey(
- CSSM_CSP_HANDLE cspHand,
- CSSM_DL_DB_HANDLE_PTR dlDbHand, // optional
- int keyIsPermanent, // nonzero - store in DB
- const CSSM_DATA &shroudedKeyBits,
- CSSM_ALGORITHMS keyAlg, // of the unwrapping key
- CSSM_ALGORITHMS encrAlg,
- CSSM_ALGORITHMS pbeHashAlg, // SHA1, MD5 only
- uint32 keySizeInBits,
- uint32 blockSizeInBytes, // for IV
- CSSM_PADDING padding, // CSSM_PADDING_PKCS7, etc.
- CSSM_ENCRYPT_MODE mode, // CSSM_ALGMODE_CBCPadIV8, etc.
- uint32 iterCount,
- const CSSM_DATA &salt,
- const CSSM_DATA *pwd, // unicode external representation
- const CSSM_KEY *passKey,
- SecNssCoder &coder, // for mallocing privKey
- const CSSM_DATA &labelData,
- SecAccessRef access, // optional
- bool noAcl,
- CSSM_KEYUSE keyUsage,
- CSSM_KEYATTR_FLAGS keyAttrs,
-
- /*
- * Result: a private key, reference format, optionaly stored
- * in dlDbHand
- */
- CSSM_KEY_PTR &privKey)
-{
- CSSM_RETURN crtn;
- CSSM_KEY ckey;
- CSSM_CC_HANDLE ccHand = 0;
- CSSM_KEY wrappedKey;
- CSSM_KEY unwrappedKey;
- CSSM_KEYHEADER &hdr = wrappedKey.KeyHeader;
- CSSM_DATA descrData = {0, NULL}; // not used for PKCS8 wrap
- CSSM_KEYATTR_FLAGS reqAttr = keyAttrs;
-
- ResourceControlContext rcc;
- ResourceControlContext *rccPtr = NULL;
- Security::KeychainCore::Access::Maker maker;
-
- /* P12 style IV derivation, optional */
- CSSM_DATA iv = {0, NULL};
- CSSM_DATA_PTR ivPtr = NULL;
- if(blockSizeInBytes) {
- coder.allocItem(iv, blockSizeInBytes);
- ivPtr = &iv;
- }
-
- /* P12 style key derivation */
- crtn = p12KeyGen(cspHand, ckey, true, keyAlg, pbeHashAlg,
- keySizeInBits, iterCount, salt, pwd, passKey, iv);
- if(crtn) {
- return crtn;
- }
- /* subsequent errors to errOut: */
-
- /* CSSM context */
- crtn = CSSM_CSP_CreateSymmetricContext(cspHand,
- encrAlg,
- mode,
- NULL, // access cred
- &ckey,
- ivPtr, // InitVector, optional
- padding,
- NULL, // Params
- &ccHand);
- if(crtn) {
- p12LogCssmError("CSSM_CSP_CreateSymmetricContext", crtn);
- goto errOut;
- }
- if(dlDbHand) {
- crtn = p12AddContextAttribute(ccHand,
- CSSM_ATTRIBUTE_DL_DB_HANDLE,
- sizeof(CSSM_ATTRIBUTE_DL_DB_HANDLE),
- dlDbHand);
- if(crtn) {
- p12LogCssmError("AddContextAttribute", crtn);
- goto errOut;
- }
- }
-
- /*
- * Cook up minimal WrappedKey header fields
- */
- memset(&wrappedKey, 0, sizeof(CSSM_KEY));
- memset(&unwrappedKey, 0, sizeof(CSSM_KEY));
-
- hdr.HeaderVersion = CSSM_KEYHEADER_VERSION;
- hdr.BlobType = CSSM_KEYBLOB_WRAPPED;
- hdr.Format = CSSM_KEYBLOB_WRAPPED_FORMAT_PKCS8;
-
- /*
- * This one we do not know. The CSP will figure out the format
- * of the unwrapped key after it decrypts the raw key material.
- */
- hdr.AlgorithmId = CSSM_ALGID_NONE;
- hdr.KeyClass = CSSM_KEYCLASS_PRIVATE_KEY;
-
- /* also inferred by CSP */
- hdr.LogicalKeySizeInBits = 0;
- hdr.KeyAttr = CSSM_KEYATTR_SENSITIVE | CSSM_KEYATTR_EXTRACTABLE;
- hdr.KeyUsage = CSSM_KEYUSE_ANY;
- hdr.WrapAlgorithmId = encrAlg;
- hdr.WrapMode = mode;
-
- if(dlDbHand && keyIsPermanent) {
- reqAttr |= CSSM_KEYATTR_PERMANENT;
- }
-
- wrappedKey.KeyData = shroudedKeyBits;
-
- if(!noAcl) {
- // Create a Access::Maker for the initial owner of the private key.
- memset(&rcc, 0, sizeof(rcc));
- maker.initialOwner(rcc);
- rccPtr = &rcc;
- }
-
- crtn = CSSM_UnwrapKey(ccHand,
- NULL, // PublicKey
- &wrappedKey,
- keyUsage,
- reqAttr,
- &labelData,
- rccPtr, // CredAndAclEntry
- privKey,
- &descrData); // required
- if(crtn) {
- p12LogCssmError("CSSM_UnwrapKey", crtn);
- if(crtn == CSSMERR_DL_INVALID_UNIQUE_INDEX_DATA) {
- /* report in a keychain-friendly way */
- crtn = errSecDuplicateItem;
- }
- }
-
- // Finally fix the acl and owner of the private key to the
- // specified access control settings.
- if((crtn == CSSM_OK) && !noAcl) {
- try {
- CssmClient::KeyAclBearer bearer(
- cspHand, *privKey, Allocator::standard());
- SecPointer<KeychainCore::Access> initialAccess(access ?
- KeychainCore::Access::required(access) : /* caller-supplied */
- new KeychainCore::Access("privateKey")); /* default */
- initialAccess->setAccess(bearer, maker);
- }
- catch (const CssmError &e) {
- /* not implemented means we're talking to the CSP which does
- * not implement ACLs */
- if(e.error != CSSMERR_CSP_FUNCTION_NOT_IMPLEMENTED) {
- crtn = e.error;
- }
- }
- catch(...) {
- p12ErrorLog("p12 exception on setAccess\n");
- crtn = errSecAuthFailed; /* ??? */
- }
- }
-
-errOut:
- if(ccHand) {
- CSSM_DeleteContext(ccHand);
- }
- CSSM_FreeKey(cspHand, NULL, &ckey, CSSM_FALSE);
- return crtn;
-}
-
-/*
- * Wrap a private key, yielding shrouded key bits.
- */
-CSSM_RETURN p12WrapKey(
- CSSM_CSP_HANDLE cspHand,
- CSSM_KEY_PTR privKey,
- const CSSM_ACCESS_CREDENTIALS *privKeyCreds,
- CSSM_ALGORITHMS keyAlg, // of the unwrapping key
- CSSM_ALGORITHMS encrAlg,
- CSSM_ALGORITHMS pbeHashAlg, // SHA1, MD5 only
- uint32 keySizeInBits,
- uint32 blockSizeInBytes, // for IV
- CSSM_PADDING padding, // CSSM_PADDING_PKCS7, etc.
- CSSM_ENCRYPT_MODE mode, // CSSM_ALGMODE_CBCPadIV8, etc.
- uint32 iterCount,
- const CSSM_DATA &salt,
- const CSSM_DATA *pwd, // unicode external representation
- const CSSM_KEY *passKey,
- SecNssCoder &coder, // for mallocing keyBits
- CSSM_DATA &shroudedKeyBits) // RETURNED
-{
- CSSM_RETURN crtn;
- CSSM_KEY ckey;
- CSSM_CC_HANDLE ccHand = 0;
- CSSM_KEY wrappedKey;
- CSSM_CONTEXT_ATTRIBUTE attr;
- CSSM_DATA descrData = {0, NULL};
- CSSM_ACCESS_CREDENTIALS creds;
-
- /* key must be extractable */
- if (!(privKey->KeyHeader.KeyAttr & CSSM_KEYATTR_EXTRACTABLE)) {
- return errSecDataNotAvailable;
- }
-
- if(privKeyCreds == NULL) {
- /* i.e., key is from the bare CSP with no ACL support */
- memset(&creds, 0, sizeof(creds));
- privKeyCreds = &creds;
- }
-
- /* P12 style IV derivation, optional */
- CSSM_DATA iv = {0, NULL};
- CSSM_DATA_PTR ivPtr = NULL;
- if(blockSizeInBytes) {
- coder.allocItem(iv, blockSizeInBytes);
- ivPtr = &iv;
- }
-
- /* P12 style key derivation */
- crtn = p12KeyGen(cspHand, ckey, true, keyAlg, pbeHashAlg,
- keySizeInBits, iterCount, salt, pwd, passKey, iv);
- if(crtn) {
- return crtn;
- }
- /* subsequent errors to errOut: */
-
- /* CSSM context */
- crtn = CSSM_CSP_CreateSymmetricContext(cspHand,
- encrAlg,
- mode,
- NULL, // access cred
- &ckey,
- ivPtr, // InitVector, optional
- padding,
- NULL, // Params
- &ccHand);
- if(crtn) {
- p12LogCssmError("CSSM_CSP_CreateSymmetricContext", crtn);
- goto errOut;
- }
-
- memset(&wrappedKey, 0, sizeof(CSSM_KEY));
-
- /* specify PKCS8 wrap format */
- attr.AttributeType = CSSM_ATTRIBUTE_WRAPPED_KEY_FORMAT;
- attr.AttributeLength = sizeof(uint32);
- attr.Attribute.Uint32 = CSSM_KEYBLOB_WRAPPED_FORMAT_PKCS8;
- crtn = CSSM_UpdateContextAttributes(
- ccHand,
- 1,
- &attr);
- if(crtn) {
- p12LogCssmError("CSSM_UpdateContextAttributes", crtn);
- goto errOut;
- }
-
- crtn = CSSM_WrapKey(ccHand,
- privKeyCreds,
- privKey,
- &descrData, // DescriptiveData
- &wrappedKey);
- if(crtn) {
- p12LogCssmError("CSSM_WrapKey", crtn);
- }
- else {
- coder.allocCopyItem(wrappedKey.KeyData, shroudedKeyBits);
-
- /* this was mallocd by CSP */
- freeCssmMemory(cspHand, wrappedKey.KeyData.Data);
- }
-errOut:
- if(ccHand) {
- CSSM_DeleteContext(ccHand);
- }
- CSSM_FreeKey(cspHand, NULL, &ckey, CSSM_FALSE);
- return crtn;
-}
projects / apple / security.git / blobdiff