--- /dev/null
+/*
+ * Copyright (c) 2003-2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please
+ * obtain a copy of the License at http://www.apple.com/publicsource and
+ * read it before using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ */
+
+/*
+ * p12Crypto.cpp - PKCS12 Crypto routines. App space reference version.
+ *
+ * Created 2/28/03 by Doug Mitchell.
+ */
+
+#include "p12Crypto.h"
+#include "p12pbe.h"
+#include <security_pkcs12/pkcs12Utils.h>
+#include <security_cdsa_utils/cuCdsaUtils.h>
+#include <Security/cssmapple.h>
+
+/*
+ * Free memory via specified plugin's app-level allocator
+ */
+static void appFreeCssmMemory(
+ CSSM_HANDLE hand,
+ void *p)
+{
+ CSSM_API_MEMORY_FUNCS memFuncs;
+ CSSM_RETURN crtn = CSSM_GetAPIMemoryFunctions(hand, &memFuncs);
+ if(crtn) {
+ cssmPerror("CSSM_GetAPIMemoryFunctions", crtn);
+ /* oh well, leak and continue */
+ return;
+ }
+ memFuncs.free_func(p, memFuncs.AllocRef);
+}
+
+/*
+ * Given appropriate P12-style parameters, cook up a CSSM_KEY.
+ * Eventually this will use DeriveKey; for now we do it ourself.
+ */
+CSSM_RETURN p12KeyGen_app(
+ CSSM_CSP_HANDLE cspHand,
+ CSSM_KEY &key,
+ bool isForEncr, // true: en/decrypt false: MAC
+ CSSM_ALGORITHMS keyAlg,
+ CSSM_ALGORITHMS pbeHashAlg, // SHA1, MD5 only
+ uint32 keySizeInBits,
+ uint32 iterCount,
+ const CSSM_DATA &salt,
+ const CSSM_DATA &pwd, // unicode, double null terminated
+ CSSM_DATA &iv, // referent is optional
+ SecNssCoder &coder) // for mallocing KeyData
+{
+ memset(&key, 0, sizeof(CSSM_KEY));
+ unsigned keyBytes = (keySizeInBits + 7) / 8;
+ coder.allocItem(key.KeyData, keyBytes);
+ CSSM_RETURN crtn = p12PbeGen_app(pwd,
+ salt.Data, salt.Length,
+ iterCount,
+ isForEncr ? PBE_ID_Key : PBE_ID_Mac,
+ pbeHashAlg,
+ cspHand,
+ (unsigned char *)key.KeyData.Data,
+ key.KeyData.Length);
+ if(crtn) {
+ cuPrintError("p12PbeGen(key)", crtn);
+ return crtn;
+ }
+
+ /* fill in the blanks */
+ CSSM_KEYHEADER &hdr = key.KeyHeader;
+ hdr.HeaderVersion = CSSM_KEYHEADER_VERSION;
+ /* CspId blank */
+ hdr.BlobType = CSSM_KEYBLOB_RAW;
+ hdr.AlgorithmId = keyAlg;
+ hdr.Format = CSSM_KEYBLOB_RAW_FORMAT_OCTET_STRING;
+ hdr.KeyClass = CSSM_KEYCLASS_SESSION_KEY;
+ hdr.KeyUsage = CSSM_KEYUSE_ANY;
+ /* start/end date unknown, leave zero */
+ hdr.WrapAlgorithmId = CSSM_ALGID_NONE;
+ hdr.WrapMode = CSSM_ALGMODE_NONE;
+ hdr.LogicalKeySizeInBits = keySizeInBits;
+
+ /* P12 style IV derivation, optional */
+ if(iv.Data != NULL) {
+ crtn = p12PbeGen_app(pwd,
+ salt.Data, salt.Length,
+ iterCount,
+ PBE_ID_IV,
+ pbeHashAlg,
+ cspHand,
+ iv.Data, iv.Length);
+ if(crtn) {
+ cuPrintError("p12PbeGen (IV)", crtn);
+ return crtn;
+ }
+ }
+
+ return CSSM_OK;
+}
+
+/*
+ * Decrypt (typically, an encrypted P7 ContentInfo contents or
+ * a P12 ShroudedKeyBag).
+ */
+CSSM_RETURN p12Decrypt_app(
+ CSSM_CSP_HANDLE cspHand,
+ const CSSM_DATA &cipherText,
+ CSSM_ALGORITHMS keyAlg,
+ CSSM_ALGORITHMS encrAlg,
+ CSSM_ALGORITHMS pbeHashAlg, // SHA1, MD5 only
+ uint32 keySizeInBits,
+ uint32 blockSizeInBytes, // for IV
+ CSSM_PADDING padding, // CSSM_PADDING_PKCS7, etc.
+ CSSM_ENCRYPT_MODE mode, // CSSM_ALGMODE_CBCPadIV8, etc.
+ uint32 iterCount,
+ const CSSM_DATA &salt,
+ const CSSM_DATA &pwd, // unicode, double null terminated
+ SecNssCoder &coder, // for mallocing KeyData and plainText
+ CSSM_DATA &plainText)
+{
+ CSSM_RETURN crtn;
+ CSSM_KEY ckey;
+ CSSM_CC_HANDLE ccHand = 0;
+
+ /* P12 style IV derivation, optional */
+ CSSM_DATA iv = {0, NULL};
+ CSSM_DATA_PTR ivPtr = NULL;
+ if(blockSizeInBytes) {
+ coder.allocItem(iv, blockSizeInBytes);
+ ivPtr = &iv;
+ }
+
+ /* P12 style key derivation */
+ crtn = p12KeyGen_app(cspHand, ckey, true, keyAlg, pbeHashAlg,
+ keySizeInBits, iterCount, salt, pwd, iv, coder);
+ if(crtn) {
+ return crtn;
+ }
+
+ /* CSSM context */
+ crtn = CSSM_CSP_CreateSymmetricContext(cspHand,
+ encrAlg,
+ mode,
+ NULL, // access cred
+ &ckey,
+ ivPtr, // InitVector, optional
+ padding,
+ NULL, // Params
+ &ccHand);
+ if(crtn) {
+ cuPrintError("CSSM_CSP_CreateSymmetricContext", crtn);
+ return crtn;
+ }
+
+ /* go - CSP mallocs ptext and rem data */
+ CSSM_DATA ourPtext = {0, NULL};
+ CSSM_DATA remData = {0, NULL};
+ uint32 bytesDecrypted;
+ crtn = CSSM_DecryptData(ccHand,
+ &cipherText,
+ 1,
+ &ourPtext,
+ 1,
+ &bytesDecrypted,
+ &remData);
+ if(crtn) {
+ cuPrintError("CSSM_EncryptData", crtn);
+ }
+ else {
+ coder.allocCopyItem(ourPtext, plainText);
+ plainText.Length = bytesDecrypted;
+
+ /* plaintext copied into coder space; free the memory allocated
+ * by the CSP */
+ appFreeCssmMemory(cspHand, ourPtext.Data);
+ }
+ /* an artifact of CSPFUllPLuginSession - this never contains
+ * valid data but sometimes gets mallocds */
+ if(remData.Data) {
+ appFreeCssmMemory(cspHand, remData.Data);
+ }
+ CSSM_DeleteContext(ccHand);
+ return crtn;
+}
+
+/*
+ * Calculate the MAC for a PFX. Caller is either going compare
+ * the result against an existing PFX's MAC or drop the result into
+ * a newly created PFX.
+ */
+CSSM_RETURN p12GenMac_app(
+ CSSM_CSP_HANDLE cspHand,
+ const CSSM_DATA &ptext, // e.g., NSS_P12_DecodedPFX.derAuthSaafe
+ CSSM_ALGORITHMS alg, // better be SHA1!
+ unsigned iterCount,
+ const CSSM_DATA &salt,
+ const CSSM_DATA &pwd, // unicode, double null terminated
+ SecNssCoder &coder, // for mallocing macData
+ CSSM_DATA &macData) // RETURNED
+{
+ CSSM_RETURN crtn;
+
+ /* P12 style key derivation */
+ unsigned keySizeInBits;
+ CSSM_ALGORITHMS hmacAlg;
+ switch(alg) {
+ case CSSM_ALGID_SHA1:
+ keySizeInBits = 160;
+ hmacAlg = CSSM_ALGID_SHA1HMAC;
+ break;
+ case CSSM_ALGID_MD5:
+ /* not even sure if this is legal in p12 world... */
+ keySizeInBits = 128;
+ hmacAlg = CSSM_ALGID_MD5HMAC;
+ break;
+ default:
+ return CSSMERR_CSP_INVALID_ALGORITHM;
+ }
+ CSSM_KEY macKey;
+ CSSM_DATA iv = {0, NULL};
+ crtn = p12KeyGen_app(cspHand, macKey, false, hmacAlg, alg,
+ keySizeInBits, iterCount, salt, pwd, iv, coder);
+ if(crtn) {
+ return crtn;
+ }
+
+ /* prealloc the mac data */
+ coder.allocItem(macData, keySizeInBits / 8);
+ CSSM_CC_HANDLE ccHand = 0;
+ crtn = CSSM_CSP_CreateMacContext(cspHand, hmacAlg, &macKey, &ccHand);
+ if(crtn) {
+ cuPrintError("CSSM_CSP_CreateMacContext", crtn);
+ return crtn;
+ }
+
+ crtn = CSSM_GenerateMac (ccHand, &ptext, 1, &macData);
+ if(crtn) {
+ cuPrintError("CSSM_GenerateMac", crtn);
+ }
+ CSSM_DeleteContext(ccHand);
+ return crtn;
+}
+
+/*
+ * Verify MAC on an existing PFX.
+ */
+CSSM_RETURN p12VerifyMac_app(
+ const NSS_P12_DecodedPFX &pfx,
+ CSSM_CSP_HANDLE cspHand,
+ const CSSM_DATA &pwd, // unicode, double null terminated
+ SecNssCoder &coder) // for temp mallocs
+{
+ if(pfx.macData == NULL) {
+ return CSSMERR_CSP_INVALID_SIGNATURE;
+ }
+ NSS_P12_MacData &macData = *pfx.macData;
+ NSS_P7_DigestInfo &digestInfo = macData.mac;
+ CSSM_OID &algOid = digestInfo.digestAlgorithm.algorithm;
+ CSSM_ALGORITHMS macAlg;
+ if(!cssmOidToAlg(&algOid, &macAlg)) {
+ return CSSMERR_CSP_INVALID_ALGORITHM;
+ }
+ uint32 iterCount = 0;
+ CSSM_DATA &citer = macData.iterations;
+ if(!p12DataToInt(citer, iterCount)) {
+ return CSSMERR_CSP_INVALID_ATTR_ROUNDS;
+ }
+ if(iterCount == 0) {
+ /* optional, default 1 */
+ iterCount = 1;
+ }
+
+ /*
+ * In classic fashion, the PKCS12 spec now says:
+ *
+ * When password integrity mode is used to secure a PFX PDU,
+ * an SHA-1 HMAC is computed on the BER-encoding of the contents
+ * of the content field of the authSafe field in the PFX PDU.
+ *
+ * So here we go.
+ */
+ CSSM_DATA genMac;
+ CSSM_RETURN crtn = p12GenMac_app(cspHand, *pfx.authSafe.content.data,
+ macAlg, iterCount, macData.macSalt, pwd, coder, genMac);
+ if(crtn) {
+ return crtn;
+ }
+ if(nssCompareCssmData(&genMac, &digestInfo.digest)) {
+ return CSSM_OK;
+ }
+ else {
+ return CSSMERR_CSP_VERIFY_FAILED;
+ }
+}
+
projects / apple / security.git / blobdiff