Security-55163.44.tar.gz

[apple/security.git] / libsecurity_apple_csp / lib / MacContext.cpp

diff --git a/libsecurity_apple_csp/lib/MacContext.cpp b/libsecurity_apple_csp/lib/MacContext.cpp
new file mode 100644 (file)
index 0000000..91353fd
--- /dev/null
+++ b/libsecurity_apple_csp/lib/MacContext.cpp
@@ -0,0 +1,176 @@
+/*
+ * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ * 
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ * 
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+/*
+ * MacContext.cpp - AppleCSPContext for HMACSHA1
+ */
+
+#include "MacContext.h"
+#include <HMACSHA1.h>
+#include <Security/cssmerr.h>
+#include <CommonCrypto/CommonDigest.h> /* for digest sizes */
+#ifdef CRYPTKIT_CSP_ENABLE
+#include <security_cryptkit/HmacSha1Legacy.h>
+#endif /* CRYPTKIT_CSP_ENABLE */
+
+MacContext::~MacContext()
+{
+       memset(&hmacCtx, 0, sizeof(hmacCtx));
+}
+       
+/* called out from CSPFullPluginSession....
+ * both generate and verify */
+void MacContext::init(const Context &context, bool isSigning)
+{
+       CCHmacAlgorithm ccAlg;
+       
+       /* obtain key from context */
+       CSSM_SIZE       keyLen;
+       uint8           *keyData        = NULL;
+       
+       symmetricKeyBits(context, session(), mAlg, 
+               isSigning ? CSSM_KEYUSE_SIGN : CSSM_KEYUSE_VERIFY,
+               keyData, keyLen);
+       uint32 minKey = 0;
+       switch(mAlg) {
+               case CSSM_ALGID_SHA1HMAC:
+                       minKey = HMAC_SHA_MIN_KEY_SIZE;
+                       mDigestSize = CC_SHA1_DIGEST_LENGTH;
+                       ccAlg = kCCHmacAlgSHA1;
+                       break;
+               case CSSM_ALGID_MD5HMAC:
+                       minKey = HMAC_MD5_MIN_KEY_SIZE;
+                       mDigestSize = CC_MD5_DIGEST_LENGTH;
+                       ccAlg = kCCHmacAlgMD5;
+                       break;
+               default:
+                       assert(0);                      // factory should not have called us
+                       CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
+       }
+       if((keyLen < minKey) || (keyLen > HMAC_MAX_KEY_SIZE)) {
+               CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_KEY);
+       }
+       CCHmacInit(&hmacCtx, ccAlg, keyData, keyLen);
+}
+
+void MacContext::update(const CssmData &data)
+{
+       CCHmacUpdate(&hmacCtx, data.data(), data.length());
+}
+
+/* generate only */
+void MacContext::final(CssmData &out)
+{
+       if(out.length() < mDigestSize) {
+               CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR);
+       }
+       CCHmacFinal(&hmacCtx, out.data());
+       out.Length = mDigestSize;
+}
+
+/* verify only */
+#define MAX_DIGEST_SIZE                CC_SHA1_DIGEST_LENGTH
+
+void MacContext::final(const CssmData &in)
+{
+       unsigned char mac[MAX_DIGEST_SIZE];
+       
+       CCHmacFinal(&hmacCtx, mac);
+       if(memcmp(mac, in.data(), mDigestSize)) {
+               CssmError::throwMe(CSSMERR_CSP_VERIFY_FAILED);
+       }
+}
+
+size_t MacContext::outputSize(bool final, size_t inSize)
+{
+       return mDigestSize;
+}
+
+#ifdef         CRYPTKIT_CSP_ENABLE
+
+MacLegacyContext::~MacLegacyContext()
+{
+       if(mHmac) {
+               hmacLegacyFree(mHmac);
+               mHmac = NULL;
+       }
+}
+       
+/* called out from CSPFullPluginSession....
+ * both generate and verify: */
+void MacLegacyContext::init(const Context &context, bool isSigning)
+{
+       if(mHmac == NULL) {
+               mHmac = hmacLegacyAlloc();
+               if(mHmac == NULL) {
+                       CssmError::throwMe(CSSMERR_CSP_MEMORY_ERROR);
+               }
+       }
+       
+       /* obtain key from context */
+       CSSM_SIZE       keyLen;
+       uint8           *keyData        = NULL;
+       
+       /* FIXME - this may require a different key alg */
+       symmetricKeyBits(context, session(), CSSM_ALGID_SHA1HMAC, 
+               isSigning ? CSSM_KEYUSE_SIGN : CSSM_KEYUSE_VERIFY,
+               keyData, keyLen);
+       if((keyLen < HMAC_SHA_MIN_KEY_SIZE) || (keyLen > HMAC_MAX_KEY_SIZE)) {
+               CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_KEY);
+       }
+       
+       OSStatus ortn = hmacLegacyInit(mHmac, keyData, keyLen);
+       if(ortn) {
+               MacOSError::throwMe(ortn);
+       }
+}
+
+void MacLegacyContext::update(const CssmData &data)
+{
+       OSStatus ortn = hmacLegacyUpdate(mHmac,
+               data.data(),
+               data.length());
+       if(ortn) {
+               MacOSError::throwMe(ortn);
+       }
+}
+
+/* generate only */
+void MacLegacyContext::final(CssmData &out)
+{
+       if(out.length() < kHMACSHA1DigestSize) {
+               CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR);
+       }
+       hmacLegacyFinal(mHmac, out.data());
+}
+
+/* verify only */
+void MacLegacyContext::final(const CssmData &in)
+{
+       unsigned char mac[kHMACSHA1DigestSize];
+       hmacLegacyFinal(mHmac, mac);
+       if(memcmp(mac, in.data(), kHMACSHA1DigestSize)) {
+               CssmError::throwMe(CSSMERR_CSP_VERIFY_FAILED);
+       }
+}
+
+size_t MacLegacyContext::outputSize(bool final, size_t inSize)
+{
+       return kHMACSHA1DigestSize;
+}
+
+#endif /* CRYPTKIT_CSP_ENABLE */