--- /dev/null
+/*
+ * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+//
+// AppleCSPContext.cpp - CSP-wide contexts
+//
+
+#include "AppleCSPContext.h"
+#include "AppleCSPSession.h"
+#include "AppleCSPUtils.h"
+
+/*
+ * Empty destructor (just to avoid out-of-line copies)
+ */
+AppleCSPContext::~AppleCSPContext()
+{ }
+
+/*
+ * get symmetric key bits - context.key can be either ref or raw.
+ * A convenience routine typically used by subclass's init().
+ */
+void AppleCSPContext::symmetricKeyBits(
+ const Context &context,
+ AppleCSPSession &session,
+ CSSM_ALGORITHMS requiredAlg, // throws if this doesn't match key alg
+ CSSM_KEYUSE intendedUse, // throws if key usage doesn't match this
+ uint8 *&keyBits, // RETURNED (not mallocd or copied)
+ CSSM_SIZE &keyLen) // RETURNED
+{
+ /* key must be present and it must be a session key matching caller's spec */
+ CssmKey &key =
+ context.get<CssmKey>(CSSM_ATTRIBUTE_KEY, CSSMERR_CSP_MISSING_ATTR_KEY);
+ if(key.keyClass() != CSSM_KEYCLASS_SESSION_KEY) {
+ CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS);
+ }
+ if(key.algorithm() != requiredAlg) {
+ CssmError::throwMe(CSSMERR_CSP_ALGID_MISMATCH);
+ }
+ cspValidateIntendedKeyUsage(&key.KeyHeader, intendedUse);
+ cspVerifyKeyTimes(key.KeyHeader);
+
+ /* extract raw bits one way or the other */
+ switch(key.blobType()) {
+ case CSSM_KEYBLOB_RAW:
+ /* easy case, the bits are right there in the CssmKey */
+ if(key.blobFormat() != CSSM_KEYBLOB_RAW_FORMAT_OCTET_STRING) {
+ CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_FORMAT);
+ }
+ keyLen = key.length();
+ keyBits = key.KeyData.Data;
+ break;
+
+ case CSSM_KEYBLOB_REFERENCE:
+ {
+ /* do a lookup to get a binary key */
+ BinaryKey &binKey = session.lookupRefKey(key);
+ /* fails if this is not a SymmetricBinaryKey */
+ SymmetricBinaryKey *symBinKey =
+ dynamic_cast<SymmetricBinaryKey *>(&binKey);
+ if(symBinKey == NULL) {
+ CssmError::throwMe(CSSMERR_CSP_INVALID_KEY);
+ }
+ keyLen = symBinKey->mKeyData.Length;
+ keyBits = symBinKey->mKeyData.Data;
+ break;
+ }
+ default:
+ CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_FORMAT);
+ }
+ return;
+}
+
+AppleKeyPairGenContext::~AppleKeyPairGenContext()
+{ /* virtual */ }
+
+// Called from subclass after it allocates its BinaryKeys.
+// Caller frees BinaryKeys if we throw any exception.
+void AppleKeyPairGenContext::generate(
+ const Context &context,
+ AppleCSPSession &session,
+ CssmKey &pubKey,
+ BinaryKey *pubBinKey,
+ CssmKey &privKey,
+ BinaryKey *privBinKey)
+{
+ uint32 keySize;
+ cspKeyStorage privStorage;
+ cspKeyStorage pubStorage;
+ CssmKey::Header &pubHdr = pubKey.header();
+ CssmKey::Header &privHdr = privKey.header();
+
+ // validate context and key header args
+ pubStorage = cspParseKeyAttr(CKT_Public, pubHdr.KeyAttr);
+ privStorage = cspParseKeyAttr(CKT_Private, privHdr.KeyAttr);
+ cspValidateKeyUsageBits(CKT_Public, pubHdr.KeyUsage);
+ cspValidateKeyUsageBits(CKT_Private, privHdr.KeyUsage);
+
+ // have subclass generate the key pairs in the form of
+ // its native BinaryKeys
+ generate(context, *pubBinKey, *privBinKey, keySize);
+
+ // FIXME - Any other header setup?
+ pubHdr.LogicalKeySizeInBits =
+ privHdr.LogicalKeySizeInBits = keySize;
+ pubHdr.KeyAttr &= ~KEY_ATTR_RETURN_MASK;
+ privHdr.KeyAttr &= ~KEY_ATTR_RETURN_MASK;
+
+ // Handle key formatting. Delete the BinaryKeys if
+ // we're not creating ref keys, after safe completion of
+ // generateKeyBlob (which may throw, in which case the binary keys
+ // get deleted by our caller).
+ CSSM_KEYATTR_FLAGS attrFlags = 0;
+ switch(pubStorage) {
+ case CKS_Ref:
+ session.addRefKey(*pubBinKey, pubKey);
+ break;
+ case CKS_Data:
+ pubHdr.Format = requestedKeyFormat(context, pubKey);
+ pubBinKey->mKeyHeader = pubHdr;
+ pubBinKey->generateKeyBlob(
+ session.normAlloc(), // alloc in user space
+ CssmData::overlay(pubKey.KeyData),
+ pubHdr.Format,
+ session,
+ NULL, // no paramKey here!
+ attrFlags);
+ break;
+ case CKS_None:
+ break;
+ }
+ switch(privStorage) {
+ case CKS_Ref:
+ session.addRefKey(*privBinKey, privKey);
+ break;
+ case CKS_Data:
+ privHdr.Format = requestedKeyFormat(context, privKey);
+ privBinKey->mKeyHeader = privHdr;
+ privBinKey->generateKeyBlob(
+ session.normAlloc(), // alloc in user space
+ CssmData::overlay(privKey.KeyData),
+ privHdr.Format,
+ session,
+ NULL,
+ attrFlags);
+ break;
+ case CKS_None:
+ break;
+ }
+ if(pubStorage != CKS_Ref) {
+ delete pubBinKey;
+ }
+ if(privStorage != CKS_Ref) {
+ delete privBinKey;
+ }
+}
+
+/*
+ * Called from subclass's generate method. Subclass is also a
+ * AppleCSPContext.
+ */
+void AppleSymmKeyGenContext::generateSymKey(
+ const Context &context,
+ AppleCSPSession &session, // for ref keys
+ CssmKey &cssmKey) // RETURNED
+{
+ /* there really is no legal way this should throw... */
+ uint32 reqKeySize = context.getInt(
+ CSSM_ATTRIBUTE_KEY_LENGTH,
+ CSSMERR_CSP_MISSING_ATTR_KEY_LENGTH);
+ if((reqKeySize < minSizeInBits) ||
+ (reqKeySize > maxSizeInBits)) {
+ CssmError::throwMe(CSSMERR_CSP_UNSUPPORTED_KEY_SIZE);
+ }
+ if(mustBeByteSized) {
+ if((reqKeySize & 0x7) != 0) {
+ CssmError::throwMe(CSSMERR_CSP_UNSUPPORTED_KEY_SIZE);
+ }
+ }
+
+ // validate KeyAtrr and KeyUsage already present in header
+ cspKeyStorage keyStorage;
+ CssmKey::Header &hdr = cssmKey.header();
+
+ keyStorage = cspParseKeyAttr(CKT_Session, hdr.KeyAttr);
+ cspValidateKeyUsageBits(CKT_Session, hdr.KeyUsage);
+ hdr.KeyAttr &= ~KEY_ATTR_RETURN_MASK;
+
+ hdr.LogicalKeySizeInBits = reqKeySize;
+ uint32 keySizeInBytes = (reqKeySize + 7) / 8;
+ SymmetricBinaryKey *binKey = NULL;
+ CssmData *keyData = NULL;
+
+ switch(keyStorage) {
+ case CKS_None:
+ /* no way */
+ CssmError::throwMe(CSSMERR_CSP_INVALID_KEYATTR_MASK);
+ case CKS_Ref:
+ /* cook up a symmetric binary key */
+ binKey = new SymmetricBinaryKey(reqKeySize);
+ keyData = &binKey->mKeyData;
+ break;
+ case CKS_Data:
+ /* key bytes --> caller's cssmKey */
+ keyData = &(CssmData::overlay(cssmKey.KeyData));
+ setUpCssmData(*keyData, keySizeInBytes,
+ session.normAlloc());
+ break;
+ }
+
+ // in any case, fill key bytes with random data
+ session.getRandomBytes(keySizeInBytes, keyData->Data);
+
+ if(keyStorage == CKS_Ref) {
+ session.addRefKey(*binKey, cssmKey);
+ }
+ else {
+ /* Raw data */
+ hdr.BlobType = CSSM_KEYBLOB_RAW;
+ hdr.Format = CSSM_KEYBLOB_RAW_FORMAT_OCTET_STRING;
+ }
+
+ // FIXME - any other header fields?
+}
+
+//
+// Symmetric Binary Key support
+//
+SymmetricBinaryKey::SymmetricBinaryKey(
+ unsigned keySizeInBits) :
+ mAllocator(Allocator::standard(Allocator::sensitive))
+{
+ setUpCssmData(mKeyData, (keySizeInBits + 7) / 8, mAllocator);
+}
+
+SymmetricBinaryKey::~SymmetricBinaryKey()
+{
+ freeCssmData(mKeyData, mAllocator);
+}
+
+void SymmetricBinaryKey::generateKeyBlob(
+ Allocator &allocator,
+ CssmData &blob,
+ CSSM_KEYBLOB_FORMAT &format, // CSSM_KEYBLOB_RAW_FORMAT_PKCS1, etc.
+ AppleCSPSession &session,
+ const CssmKey *paramKey, /* optional, unused here */
+ CSSM_KEYATTR_FLAGS &attrFlags) /* IN/OUT */
+{
+ switch(format) {
+ case CSSM_KEYBLOB_RAW_FORMAT_NONE: // default
+ case CSSM_KEYBLOB_RAW_FORMAT_OCTET_STRING: // the one we can do
+ case CSSM_KEYBLOB_RAW_FORMAT_DIGEST: // same thing
+ break;
+ default:
+ CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_SYMMETRIC_KEY_FORMAT);
+ }
+ copyCssmData(mKeyData, blob, allocator);
+ format = CSSM_KEYBLOB_RAW_FORMAT_OCTET_STRING;
+}
+
projects / apple / security.git / blobdiff