--- /dev/null
+/*
+ * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+/*
+ * DH_utils.cpp
+ */
+
+#include "DH_utils.h"
+#include "DH_keys.h"
+#include <opensslUtils/opensslAsn1.h>
+#include <security_utilities/logging.h>
+#include <security_utilities/debugging.h>
+#include <opensslUtils/opensslUtils.h>
+#include <openssl/bn.h>
+#include <openssl/dh.h>
+#include <openssl/err.h>
+
+#define dhMiscDebug(args...) secdebug("dhMisc", ## args)
+
+/*
+ * Given a Context:
+ * -- obtain CSSM key with specified attr (there must only be one)
+ * -- validate keyClass per caller's specification
+ * -- validate keyUsage
+ * -- convert to DH *, allocating the DH key if necessary
+ */
+DH *contextToDhKey(
+ const Context &context,
+ AppleCSPSession &session,
+ CSSM_ATTRIBUTE_TYPE attr, // CSSM_ATTRIBUTE_KEY for private key
+ // CSSM_ATTRIBUTE_PUBLIC_KEY for public key
+ CSSM_KEYCLASS keyClass, // CSSM_KEYCLASS_{PUBLIC,PRIVATE}_KEY
+ CSSM_KEYUSE usage, // CSSM_KEYUSE_ENCRYPT, CSSM_KEYUSE_SIGN, etc.
+ bool &mallocdKey) // RETURNED
+{
+ CssmKey *cssmKey = context.get<CssmKey>(attr);
+ if(cssmKey == NULL) {
+ return NULL;
+ }
+ const CSSM_KEYHEADER &hdr = cssmKey->KeyHeader;
+ if(hdr.AlgorithmId != CSSM_ALGID_DH) {
+ CssmError::throwMe(CSSMERR_CSP_ALGID_MISMATCH);
+ }
+ if(hdr.KeyClass != keyClass) {
+ CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS);
+ }
+ cspValidateIntendedKeyUsage(&hdr, usage);
+ cspVerifyKeyTimes(hdr);
+ return cssmKeyToDh(*cssmKey, session, mallocdKey);
+}
+
+/*
+ * Convert a CssmKey to an DH * key. May result in the
+ * creation of a new DH (when cssmKey is a raw key); allocdKey is true
+ * in that case in which case the caller generally has to free the allocd key).
+ */
+DH *cssmKeyToDh(
+ const CssmKey &cssmKey,
+ AppleCSPSession &session,
+ bool &allocdKey) // RETURNED
+{
+ DH *dhKey = NULL;
+ allocdKey = false;
+
+ const CSSM_KEYHEADER *hdr = &cssmKey.KeyHeader;
+ if(hdr->AlgorithmId != CSSM_ALGID_DH) {
+ // someone else's key (should never happen)
+ CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
+ }
+ switch(hdr->BlobType) {
+ case CSSM_KEYBLOB_RAW:
+ dhKey = rawCssmKeyToDh(cssmKey);
+ cspDhDebug("cssmKeyToDh, raw, dhKey %p", dhKey);
+ allocdKey = true;
+ break;
+ case CSSM_KEYBLOB_REFERENCE:
+ {
+ BinaryKey &binKey = session.lookupRefKey(cssmKey);
+ DHBinaryKey *dhBinKey = dynamic_cast<DHBinaryKey *>(&binKey);
+ /* this cast failing means that this is some other
+ * kind of binary key */
+ if(dhBinKey == NULL) {
+ CssmError::throwMe(CSSMERR_CSP_INVALID_KEY);
+ }
+ assert(dhBinKey->mDhKey != NULL);
+ dhKey = dhBinKey->mDhKey;
+ cspDhDebug("cssmKeyToDh, ref, dhKey %p", dhKey);
+ break;
+ }
+ default:
+ CssmError::throwMe(CSSMERR_CSP_KEY_BLOB_TYPE_INCORRECT);
+ }
+ return dhKey;
+}
+
+/*
+ * Convert a raw CssmKey to a newly alloc'd DH key.
+ */
+DH *rawCssmKeyToDh(
+ const CssmKey &cssmKey)
+{
+ const CSSM_KEYHEADER *hdr = &cssmKey.KeyHeader;
+ bool isPub = false;
+
+ if(hdr->AlgorithmId != CSSM_ALGID_DH) {
+ // someone else's key (should never happen)
+ CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
+ }
+ assert(hdr->BlobType == CSSM_KEYBLOB_RAW);
+ /* validate and figure out what we're dealing with */
+ switch(hdr->KeyClass) {
+ case CSSM_KEYCLASS_PUBLIC_KEY:
+ switch(hdr->Format) {
+ case CSSM_KEYBLOB_RAW_FORMAT_PKCS3:
+ case CSSM_KEYBLOB_RAW_FORMAT_X509:
+ break;
+ /* openssh real soon now */
+ case CSSM_KEYBLOB_RAW_FORMAT_OPENSSH:
+ default:
+ CssmError::throwMe(
+ CSSMERR_CSP_INVALID_ATTR_PUBLIC_KEY_FORMAT);
+ }
+ isPub = true;
+ break;
+ case CSSM_KEYCLASS_PRIVATE_KEY:
+ switch(hdr->Format) {
+ case CSSM_KEYBLOB_RAW_FORMAT_PKCS3: // default
+ case CSSM_KEYBLOB_RAW_FORMAT_PKCS8: // SMIME style
+ break;
+ /* openssh real soon now */
+ case CSSM_KEYBLOB_RAW_FORMAT_OPENSSH:
+ default:
+ CssmError::throwMe(
+ CSSMERR_CSP_INVALID_ATTR_PRIVATE_KEY_FORMAT);
+ }
+ isPub = false;
+ break;
+ default:
+ CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS);
+ }
+
+ CSSM_RETURN crtn;
+
+ DH *dhKey = DH_new();
+ if(dhKey == NULL) {
+ crtn = CSSMERR_CSP_MEMORY_ERROR;
+ }
+ else
+ {
+ if(isPub) {
+ crtn = DHPublicKeyDecode(dhKey, hdr->Format,
+ cssmKey.KeyData.Data, cssmKey.KeyData.Length);
+ }
+ else {
+ crtn = DHPrivateKeyDecode(dhKey, hdr->Format,
+ cssmKey.KeyData.Data, cssmKey.KeyData.Length);
+ }
+ }
+
+ if(crtn) {
+ if (dhKey != NULL) {
+ DH_free(dhKey);
+ }
+
+ CssmError::throwMe(crtn);
+ }
+ cspDhDebug("rawCssmKeyToDh, dhKey %p", dhKey);
+ return dhKey;
+}
+
projects / apple / security.git / blobdiff