--- /dev/null
+/*
+ * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+/*
+ File: sslDigests.cpp
+
+ Contains: interface between SSL and SHA, MD5 digest implementations
+
+ Written by: Doug Mitchell
+
+ Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved.
+
+*/
+
+#include "sslContext.h"
+#include "cryptType.h"
+#include "sslMemory.h"
+#include "sslDigests.h"
+#include "sslDebug.h"
+#include "appleCdsa.h"
+#include <Security/cssm.h>
+#include <string.h>
+
+#define DIGEST_PRINT 0
+#if DIGEST_PRINT
+#define dgprintf(s) printf s
+#else
+#define dgprintf(s)
+#endif
+
+/*
+ * Common digest context. The SSLBuffer.data pointer in a "digest state" argument
+ * casts to one of these.
+ */
+typedef struct {
+ CSSM_CC_HANDLE hashHand;
+} cdsaHashContext;
+
+const UInt8 SSLMACPad1[MAX_MAC_PADDING] =
+{
+ 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
+ 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
+ 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
+ 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
+ 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
+ 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36
+};
+
+const UInt8 SSLMACPad2[MAX_MAC_PADDING] =
+{
+ 0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,
+ 0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,
+ 0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,
+ 0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,
+ 0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,
+ 0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C
+};
+
+/*
+ * Public general hash functions
+ */
+
+/*
+ * A convenience wrapper for HashReference.clone, which has the added benefit of
+ * allocating the state buffer for the caller.
+ */
+OSStatus
+CloneHashState(
+ const HashReference &ref,
+ const SSLBuffer &state,
+ SSLBuffer &newState,
+ SSLContext *ctx)
+{
+ OSStatus err;
+ if ((err = SSLAllocBuffer(newState, ref.contextSize, ctx)) != 0)
+ return err;
+ return ref.clone(state, newState);
+}
+
+/*
+ * Wrapper for HashReference.init.
+ */
+OSStatus
+ReadyHash(const HashReference &ref, SSLBuffer &state, SSLContext *ctx)
+{
+ OSStatus err;
+ if ((err = SSLAllocBuffer(state, ref.contextSize, ctx)) != 0)
+ return err;
+ return ref.init(state, ctx);
+}
+
+/*
+ * Wrapper for HashReference.clone. Tolerates NULL digestCtx and frees it if it's
+ * there.
+ */
+OSStatus CloseHash(const HashReference &ref, SSLBuffer &state, SSLContext *ctx)
+{
+ OSStatus serr;
+
+ if(state.data == NULL) {
+ return noErr;
+ }
+ serr = ref.close(state, ctx);
+ if(serr) {
+ return serr;
+ }
+ return SSLFreeBuffer(state, ctx);
+}
+
+static OSStatus HashNullInit(SSLBuffer &digestCtx, SSLContext *sslCtx);
+static OSStatus HashNullUpdate(SSLBuffer &digestCtx, const SSLBuffer &data);
+static OSStatus HashNullFinal(SSLBuffer &digestCtx, SSLBuffer &digest);
+static OSStatus HashNullClose(SSLBuffer &digestCtx, SSLContext *sslCtx);
+static OSStatus HashNullClone(const SSLBuffer &src, SSLBuffer &dst);
+
+static OSStatus HashMD5Init(SSLBuffer &digestCtx, SSLContext *sslCtx);
+static OSStatus HashSHA1Init(SSLBuffer &digestCtx, SSLContext *sslCtx);
+static OSStatus cdsaHashInit(SSLBuffer &digestCtx, SSLContext *sslCtx,
+ CSSM_ALGORITHMS digestAlg);
+static OSStatus cdsaHashUpdate(SSLBuffer &digestCtx, const SSLBuffer &data);
+static OSStatus cdsaHashFinal(SSLBuffer &digestCtx, SSLBuffer &digest);
+static OSStatus cdsaHashClose(SSLBuffer &digestCtx, SSLContext *sslCtx);
+static OSStatus cdsaHashClone(const SSLBuffer &src, SSLBuffer &dest);
+
+/*
+ * These are the handles by which the bulk of digesting work
+ * is done.
+ */
+const HashReference SSLHashNull =
+ {
+ 0,
+ 0,
+ 0,
+ HashNullInit,
+ HashNullUpdate,
+ HashNullFinal,
+ HashNullClose,
+ HashNullClone
+ };
+
+const HashReference SSLHashMD5 =
+ {
+ sizeof(cdsaHashContext),
+ 16,
+ 48,
+ HashMD5Init,
+ cdsaHashUpdate,
+ cdsaHashFinal,
+ cdsaHashClose,
+ cdsaHashClone
+ };
+
+const HashReference SSLHashSHA1 =
+ {
+ sizeof(cdsaHashContext),
+ 20,
+ 40,
+ HashSHA1Init,
+ cdsaHashUpdate,
+ cdsaHashFinal,
+ cdsaHashClose,
+ cdsaHashClone
+ };
+
+/*** NULL ***/
+static OSStatus HashNullInit(SSLBuffer &digestCtx, SSLContext *sslCtx) {
+ return noErr;
+}
+
+static OSStatus HashNullUpdate(SSLBuffer &digestCtx, const SSLBuffer &data) {
+ return noErr;
+}
+
+static OSStatus HashNullFinal(SSLBuffer &digestCtx, SSLBuffer &digest) {
+ return noErr;
+}
+static OSStatus HashNullClose(SSLBuffer &digestCtx, SSLContext *sslCtx) {
+ return noErr;
+}
+static OSStatus HashNullClone(const SSLBuffer &src, SSLBuffer &dest) {
+ return noErr;
+}
+
+static OSStatus HashMD5Init(SSLBuffer &digestCtx, SSLContext *sslCtx)
+{
+ assert(digestCtx.length >= sizeof(cdsaHashContext));
+ return cdsaHashInit(digestCtx, sslCtx, CSSM_ALGID_MD5);
+}
+
+static OSStatus HashSHA1Init(SSLBuffer &digestCtx, SSLContext *sslCtx)
+{
+ assert(digestCtx.length >= sizeof(cdsaHashContext));
+ return cdsaHashInit(digestCtx, sslCtx, CSSM_ALGID_SHA1);
+}
+
+/* common digest functions via CDSA */
+static OSStatus cdsaHashInit(SSLBuffer &digestCtx,
+ SSLContext *sslCtx,
+ CSSM_ALGORITHMS digestAlg)
+{
+ OSStatus serr;
+ cdsaHashContext *cdsaCtx;
+ CSSM_CC_HANDLE hashHand = 0;
+ CSSM_RETURN crtn;
+
+ assert(digestCtx.length >= sizeof(cdsaHashContext));
+ serr = attachToCsp(sslCtx); // should be a nop
+ if(serr) {
+ return serr;
+ }
+ cdsaCtx = (cdsaHashContext *)digestCtx.data;
+ cdsaCtx->hashHand = 0;
+ dgprintf(("###cdsaHashInit cdsaCtx %p\n", cdsaCtx));
+
+ /* cook up a digest context, initialize it */
+ crtn = CSSM_CSP_CreateDigestContext(sslCtx->cspHand,
+ digestAlg,
+ &hashHand);
+ if(crtn) {
+ sslErrorLog("CSSM_CSP_CreateDigestContext failure\n");
+ return errSSLCrypto;
+ }
+ crtn = CSSM_DigestDataInit(hashHand);
+ if(crtn) {
+ CSSM_DeleteContext(hashHand);
+ sslErrorLog("CSSM_DigestDataInit failure\n");
+ return errSSLCrypto;
+ }
+ cdsaCtx->hashHand = hashHand;
+ return noErr;
+}
+
+static OSStatus cdsaHashUpdate(SSLBuffer &digestCtx, const SSLBuffer &data)
+{
+ cdsaHashContext *cdsaCtx;
+ CSSM_RETURN crtn;
+ CSSM_DATA cdata;
+
+ assert(digestCtx.length >= sizeof(cdsaHashContext));
+ cdsaCtx = (cdsaHashContext *)digestCtx.data;
+ //dgprintf(("###cdsaHashUpdate cdsaCtx %p\n", cdsaCtx));
+
+ SSLBUF_TO_CSSM(&data, &cdata);
+ crtn = CSSM_DigestDataUpdate(cdsaCtx->hashHand, &cdata, 1);
+ if(crtn) {
+ sslErrorLog("CSSM_DigestDataUpdate failure\n");
+ return errSSLCrypto;
+ }
+ else {
+ return noErr;
+ }
+}
+
+static OSStatus cdsaHashFinal(SSLBuffer &digestCtx, SSLBuffer &digest)
+{
+ cdsaHashContext *cdsaCtx;
+ CSSM_RETURN crtn;
+ CSSM_DATA cdata;
+ OSStatus srtn = noErr;
+
+ assert(digestCtx.length >= sizeof(cdsaHashContext));
+ cdsaCtx = (cdsaHashContext *)digestCtx.data;
+ dgprintf(("###cdsaHashFinal cdsaCtx %p\n", cdsaCtx));
+ SSLBUF_TO_CSSM(&digest, &cdata);
+ crtn = CSSM_DigestDataFinal(cdsaCtx->hashHand, &cdata);
+ if(crtn) {
+ sslErrorLog("CSSM_DigestDataFinal failure\n");
+ srtn = errSSLCrypto;
+ }
+ else {
+ digest.length = cdata.Length;
+ }
+ CSSM_DeleteContext(cdsaCtx->hashHand);
+ cdsaCtx->hashHand = 0;
+ return srtn;
+}
+
+static OSStatus cdsaHashClose(SSLBuffer &digestCtx, SSLContext *sslCtx)
+{
+ cdsaHashContext *cdsaCtx;
+
+ assert(digestCtx.length >= sizeof(cdsaHashContext));
+ cdsaCtx = (cdsaHashContext *)digestCtx.data;
+ dgprintf(("###cdsaHashClose cdsaCtx %p\n", cdsaCtx));
+ if(cdsaCtx->hashHand != 0) {
+ CSSM_DeleteContext(cdsaCtx->hashHand);
+ cdsaCtx->hashHand = 0;
+ }
+ return noErr;
+}
+
+static OSStatus cdsaHashClone(const SSLBuffer &src, SSLBuffer &dst)
+{
+ cdsaHashContext *srcCtx;
+ cdsaHashContext *dstCtx;
+ CSSM_RETURN crtn;
+
+ assert(src.length >= sizeof(cdsaHashContext));
+ assert(dst.length >= sizeof(cdsaHashContext));
+ srcCtx = (cdsaHashContext *)src.data;
+ dstCtx = (cdsaHashContext *)dst.data;
+ dgprintf(("###cdsaHashClone srcCtx %p dstCtx %p\n", srcCtx, dstCtx));
+
+ crtn = CSSM_DigestDataClone(srcCtx->hashHand, &dstCtx->hashHand);
+ if(crtn) {
+ sslErrorLog("CSSM_DigestDataClone failure\n");
+ return errSSLCrypto;
+ }
+ else {
+ return noErr;
+ }
+}
+
projects / apple / security.git / blobdiff