--- /dev/null
+//
+// SecOTRDHKey.c
+// libsecurity_libSecOTR
+//
+// Created by Mitch Adler on 3/2/11.
+// Copyright 2011 Apple Inc. All rights reserved.
+//
+#include "SecOTRDHKey.h"
+#include <utilities/SecCFWrappers.h>
+
+#include "SecOTRMath.h"
+#include "SecOTRPacketData.h"
+
+#include <corecrypto/ccn.h>
+#include <corecrypto/ccsha1.h>
+#include <corecrypto/ccec_priv.h>
+#include <corecrypto/ccec.h>
+
+#include <CommonCrypto/CommonRandomSPI.h>
+
+#ifdef USECOMMONCRYPTO
+#include <CommonCrypto/CommonDigest.h>
+#endif
+
+#define kECKeySize 256
+
+struct _SecOTRFullDHKey {
+ CFRuntimeBase _base;
+
+ ccec_full_ctx_decl(ccn_sizeof(kECKeySize), _key);
+ uint8_t keyHash[CCSHA1_OUTPUT_SIZE];
+
+};
+
+CFGiblisFor(SecOTRFullDHKey);
+
+static size_t AppendECPublicKeyAsDATA(CFMutableDataRef data, ccec_pub_ctx_t public_key)
+{
+ size_t size = ccec_export_pub_size(public_key);
+
+ AppendLong(data, (uint32_t)size); /* cast: no overflow, pub size always fit in 32 bits */
+ ccec_export_pub(public_key, CFDataIncreaseLengthAndGetMutableBytes(data, (CFIndex)size));
+
+ return size;
+}
+
+
+static CF_RETURNS_RETAINED CFStringRef SecOTRFullDHKeyCopyDescription(CFTypeRef cf)
+{
+ SecOTRFullDHKeyRef session = (SecOTRFullDHKeyRef)cf;
+ return CFStringCreateWithFormat(kCFAllocatorDefault,NULL,CFSTR("<SecOTRFullDHKeyRef: %p>"), session);
+}
+
+static void SecOTRFullDHKeyDestroy(CFTypeRef cf)
+{
+ SecOTRFullDHKeyRef fullKey = (SecOTRFullDHKeyRef)cf;
+
+ bzero(fullKey->_key, sizeof(fullKey->_key));
+}
+
+SecOTRFullDHKeyRef SecOTRFullDHKCreate(CFAllocatorRef allocator)
+{
+ SecOTRFullDHKeyRef newFDHK = CFTypeAllocate(SecOTRFullDHKey, struct _SecOTRFullDHKey, allocator);
+
+ SecFDHKNewKey(newFDHK);
+
+ return newFDHK;
+}
+
+SecOTRFullDHKeyRef SecOTRFullDHKCreateFromBytes(CFAllocatorRef allocator, const uint8_t**bytes, size_t*size)
+{
+ SecOTRFullDHKeyRef newFDHK = CFTypeAllocate(SecOTRFullDHKey, struct _SecOTRFullDHKey, allocator);
+
+ ccec_ctx_init(ccec_cp_256(), newFDHK->_key);
+
+ uint32_t publicKeySize;
+ require_noerr(ReadLong(bytes, size, &publicKeySize), fail);
+
+ require(publicKeySize <= *size, fail);
+ require_noerr(ccec_import_pub(ccec_cp_256(), publicKeySize, *bytes, newFDHK->_key), fail);
+ ccdigest(ccsha1_di(), publicKeySize, *bytes, newFDHK->keyHash);
+
+ *size -= publicKeySize;
+ *bytes += publicKeySize;
+
+ require_noerr(ReadMPI(bytes, size, ccec_ctx_n(newFDHK->_key), ccec_ctx_k(newFDHK->_key)), fail);
+
+ return newFDHK;
+
+fail:
+ CFReleaseNull(newFDHK);
+ return NULL;
+}
+
+void SecFDHKNewKey(SecOTRFullDHKeyRef fullKey)
+{
+ struct ccrng_state *rng=ccDRBGGetRngState();
+
+#if defined(CCECDH_AVAILABLE)
+ ccecdh_generate_key(ccec_cp_256(), rng, fullKey->_key);
+#else
+ ccec_generate_key(ccec_cp_256(), rng, fullKey->_key);
+#endif
+
+ size_t size = ccec_export_pub_size(fullKey->_key);
+ uint8_t publicKey[size];
+
+ ccec_export_pub(fullKey->_key, publicKey);
+ ccdigest(ccsha1_di(), size, publicKey, fullKey->keyHash);
+}
+
+void SecFDHKAppendSerialization(SecOTRFullDHKeyRef fullKey, CFMutableDataRef appendTo)
+{
+ AppendECPublicKeyAsDATA(appendTo, fullKey->_key);
+ AppendMPI(appendTo, ccec_ctx_n(fullKey->_key), ccec_ctx_k(fullKey->_key));
+}
+
+
+void SecFDHKAppendPublicSerialization(SecOTRFullDHKeyRef fullKey, CFMutableDataRef appendTo)
+{
+ if(ccec_ctx_bitlen(fullKey->_key) != kECKeySize) return;
+ AppendECPublicKeyAsDATA(appendTo, fullKey->_key);
+}
+
+
+uint8_t* SecFDHKGetHash(SecOTRFullDHKeyRef fullKey)
+{
+ return fullKey->keyHash;
+}
+
+
+
+
+//
+//
+//
+struct _SecOTRPublicDHKey {
+ CFRuntimeBase _base;
+
+ ccec_pub_ctx_decl(ccn_sizeof(kECKeySize), _key);
+ uint8_t keyHash[CCSHA1_OUTPUT_SIZE];
+
+};
+
+CFGiblisFor(SecOTRPublicDHKey);
+
+static CF_RETURNS_RETAINED CFStringRef SecOTRPublicDHKeyCopyDescription(CFTypeRef cf) {
+ SecOTRPublicDHKeyRef session = (SecOTRPublicDHKeyRef)cf;
+ return CFStringCreateWithFormat(kCFAllocatorDefault,NULL,CFSTR("<SecOTRPublicDHKeyRef: %p>"), session);
+}
+
+static void SecOTRPublicDHKeyDestroy(CFTypeRef cf) {
+ SecOTRPublicDHKeyRef pubKey = (SecOTRPublicDHKeyRef)cf;
+ (void) pubKey;
+}
+
+static void ccec_copy_public(ccec_pub_ctx_t source, ccec_pub_ctx_t dest)
+{
+ ccec_ctx_cp(dest) = ccec_ctx_cp(source);
+ // TODO: +1?!
+ ccn_set(3*ccec_ctx_n(source), (cc_unit*) ccec_ctx_point(dest)._p, (cc_unit*) ccec_ctx_point(source)._p);
+}
+
+SecOTRPublicDHKeyRef SecOTRPublicDHKCreateFromFullKey(CFAllocatorRef allocator, SecOTRFullDHKeyRef full)
+{
+ SecOTRPublicDHKeyRef newPDHK = CFTypeAllocate(SecOTRPublicDHKey, struct _SecOTRPublicDHKey, allocator);
+
+ ccec_copy_public(full->_key, newPDHK->_key);
+ memcpy(newPDHK->keyHash, full->keyHash, CCSHA1_OUTPUT_SIZE);
+
+ return newPDHK;
+}
+
+SecOTRPublicDHKeyRef SecOTRPublicDHKCreateFromSerialization(CFAllocatorRef allocator, const uint8_t** bytes, size_t *size)
+{
+ SecOTRPublicDHKeyRef newPDHK = CFTypeAllocate(SecOTRPublicDHKey, struct _SecOTRPublicDHKey, allocator);
+
+ uint32_t publicKeySize;
+ require_noerr(ReadLong(bytes, size, &publicKeySize), fail);
+
+ require(publicKeySize <= *size, fail);
+
+ require_noerr(ccec_import_pub(ccec_cp_256(), publicKeySize, *bytes, newPDHK->_key), fail);
+ ccdigest(ccsha1_di(), publicKeySize, *bytes, newPDHK->keyHash);
+
+ *size -= publicKeySize;
+ *bytes += publicKeySize;
+
+ return newPDHK;
+fail:
+ CFReleaseNull(newPDHK);
+ return NULL;
+}
+
+SecOTRPublicDHKeyRef SecOTRPublicDHKCreateFromBytes(CFAllocatorRef allocator, const uint8_t** bytes, size_t *size)
+{
+ SecOTRPublicDHKeyRef newPDHK = CFTypeAllocate(SecOTRPublicDHKey, struct _SecOTRPublicDHKey, allocator);
+
+ require_noerr(ccec_import_pub(ccec_cp_256(), *size, *bytes, newPDHK->_key), fail);
+ ccdigest(ccsha1_di(), *size, *bytes, newPDHK->keyHash);
+
+ return newPDHK;
+fail:
+ CFReleaseNull(newPDHK);
+ return NULL;
+}
+
+void SecPDHKAppendSerialization(SecOTRPublicDHKeyRef pubKey, CFMutableDataRef appendTo)
+{
+ AppendECPublicKeyAsDATA(appendTo, pubKey->_key);
+}
+
+
+uint8_t* SecPDHKGetHash(SecOTRPublicDHKeyRef pubKey)
+{
+ return pubKey->keyHash;
+}
+
+
+void SecPDHKeyGenerateS(SecOTRFullDHKeyRef myKey, SecOTRPublicDHKeyRef theirKey, cc_unit* s)
+{
+ ccn_zero(kExponentiationUnits, s);
+
+ size_t keyLen = ccn_sizeof_n(kExponentiationUnits);
+ ccec_compute_key(myKey->_key, theirKey->_key, &keyLen, (uint8_t*)s);
+}
+
+static int ccec_cmp(ccec_pub_ctx_t l, ccec_pub_ctx_t r)
+{
+ size_t lsize = ccec_export_pub_size(l);
+ size_t rsize = ccec_export_pub_size(r);
+
+ int result = 0;
+
+ if (lsize == rsize) {
+ uint8_t lpub[lsize];
+ uint8_t rpub[rsize];
+
+ ccec_export_pub(l, lpub);
+ ccec_export_pub(r, rpub);
+
+ result = memcmp(lpub, rpub, lsize);
+ } else {
+ result = rsize < lsize ? -1 : 1;
+ }
+
+ return result;
+}
+
+bool SecDHKIsGreater(SecOTRFullDHKeyRef myKey, SecOTRPublicDHKeyRef theirKey)
+{
+ return ccec_cmp(myKey->_key, theirKey->_key) > 0;
+}
+
+static void DeriveKeys(CFDataRef dataToHash,
+ uint8_t* messageKey,
+ uint8_t* macKey)
+{
+ if (messageKey == NULL && macKey == NULL)
+ return;
+
+ uint8_t hashedSharedKey[CCSHA1_OUTPUT_SIZE];
+
+#ifdef USECOMMONCRYPTO
+ (void) CCDigest(kCCDigestSHA1, CFDataGetBytePtr(dataToHash), (uint32_t)CFDataGetLength(dataToHash), hashedSharedKey);
+#else
+ ccdigest(ccsha1_di(), CFDataGetLength(dataToHash), CFDataGetBytePtr(dataToHash), hashedSharedKey);
+#endif
+
+ if (messageKey)
+ memcpy(messageKey, hashedSharedKey, kOTRMessageKeyBytes);
+
+ if (macKey) {
+#ifdef USECOMMONCRYPTO
+ (void) CCDigest(kCCDigestSHA1, messageKey, kOTRMessageKeyBytes, macKey);
+#else
+ ccdigest(ccsha1_di(), kOTRMessageKeyBytes, messageKey, macKey);
+#endif
+ }
+
+ bzero(hashedSharedKey, sizeof(hashedSharedKey));
+}
+
+void SecOTRDHKGenerateOTRKeys(SecOTRFullDHKeyRef myKey, SecOTRPublicDHKeyRef theirKey,
+ uint8_t* sendMessageKey, uint8_t* sendMacKey,
+ uint8_t* receiveMessageKey, uint8_t* receiveMacKey)
+{
+ CFMutableDataRef dataToHash = CFDataCreateMutable(kCFAllocatorDefault, 0);
+
+ {
+ cc_unit s[kExponentiationUnits];
+
+ SecPDHKeyGenerateS(myKey, theirKey, s);
+ AppendByte(dataToHash, SecDHKIsGreater(myKey, theirKey) ? 0x01 : 0x02);
+ AppendMPI(dataToHash, kExponentiationUnits, s);
+
+ ccn_zero(kExponentiationUnits, s);
+ }
+
+ DeriveKeys(dataToHash, receiveMessageKey, receiveMacKey);
+
+ uint8_t *messageTypeByte = CFDataGetMutableBytePtr(dataToHash);
+
+ *messageTypeByte ^= 0x03; // Invert the bits since it's either 1 or 2.
+
+ DeriveKeys(dataToHash, sendMessageKey, sendMacKey);
+
+ CFReleaseNull(dataToHash);
+}
projects / apple / security.git / blobdiff