--- /dev/null
+/*
+ * SecOTRPublicIdentity.c
+ * libsecurity_libSecOTR
+ *
+ * Created by Mitch Adler on 2/9/11.
+ * Copyright 2011 Apple Inc. All rights reserved.
+ *
+ */
+
+#include "SecOTR.h"
+#include "SecOTRIdentityPriv.h"
+#include <utilities/SecCFWrappers.h>
+
+#include <AssertMacros.h>
+
+#include <CoreFoundation/CFNumber.h>
+#include <CoreFoundation/CFString.h>
+#include <CoreFoundation/CFData.h>
+
+#include <Security/SecKey.h>
+#include <Security/SecKeyPriv.h>
+
+#include <corecrypto/ccn.h>
+#include <corecrypto/ccec.h>
+#include <corecrypto/ccder.h>
+
+#import <sys/syslog.h>
+
+#include "SecOTRErrors.h"
+#include <TargetConditionals.h>
+
+#include <CommonCrypto/CommonDigest.h>
+#include <CommonCrypto/CommonDigestSPI.h>
+
+/*
+ * Support for encoding and decoding DH parameter blocks.
+ * Apple form encodes the reciprocal of the prime p.
+ */
+
+enum {
+ kOTRPIDER_SigningID = 1,
+ kOTRPIDER_SupportsHashes =3,
+};
+
+//
+// SecOTRPublicIdentity implementation
+//
+
+CFGiblisFor(SecOTRPublicIdentity);
+
+static bool sAdvertiseHashes = false;
+
+static CF_RETURNS_RETAINED CFStringRef SecOTRPublicIdentityCopyDescription(CFTypeRef cf) {
+ SecOTRPublicIdentityRef requestor = (SecOTRPublicIdentityRef)cf;
+ return CFStringCreateWithFormat(kCFAllocatorDefault,NULL,CFSTR("<SecOTRPublicIdentity: %p %02x%02x%02x%02x%02x%02x%02x%02x>"),
+ requestor,
+ requestor->hash[0], requestor->hash[1],
+ requestor->hash[2], requestor->hash[3],
+ requestor->hash[4], requestor->hash[5],
+ requestor->hash[6], requestor->hash[7]);
+}
+
+static void SecOTRPublicIdentityDestroy(CFTypeRef cf) {
+ SecOTRPublicIdentityRef requestor = (SecOTRPublicIdentityRef)cf;
+
+ CFReleaseNull(requestor->publicSigningKey);
+}
+
+static bool SecKeyDigestAndVerifyWithError(
+ SecKeyRef key, /* Public key */
+ const SecAsn1AlgId *algId, /* algorithm oid/params */
+ const uint8_t *dataToDigest, /* signature over this data */
+ size_t dataToDigestLen,/* length of dataToDigest */
+ uint8_t *sig, /* signature to verify */
+ size_t sigLen, /* length of sig */
+ CFErrorRef *error) {
+
+ OSStatus status = SecKeyDigestAndVerify(key, algId, dataToDigest, dataToDigestLen, sig, sigLen);
+ require_noerr(status, fail);
+ return true;
+fail:
+ SecOTRCreateError(secOTRErrorOSError, status, CFSTR("Error verifying message. OSStatus in error code."), NULL, error);
+ return false;
+}
+
+static bool SecOTRPICacheHash(SecOTRPublicIdentityRef pubID, CFErrorRef *error)
+{
+ bool result = false;
+
+ CFMutableDataRef stream = CFDataCreateMutable(NULL, 0);
+
+ require(SecOTRPIAppendSerialization(pubID, stream, error), fail);
+
+ CCDigest(kCCDigestSHA1, CFDataGetBytePtr(stream), (CC_LONG)CFDataGetLength(stream), pubID->hash);
+
+ result = true;
+
+fail:
+ CFReleaseSafe(stream);
+ return result;
+}
+
+void SecOTRAdvertiseHashes(bool advertise) {
+ sAdvertiseHashes = advertise;
+}
+
+SecOTRPublicIdentityRef SecOTRPublicIdentityCopyFromPrivate(CFAllocatorRef allocator, SecOTRFullIdentityRef fullID, CFErrorRef *error)
+{
+ SecOTRPublicIdentityRef result = CFTypeAllocate(SecOTRPublicIdentity, struct _SecOTRPublicIdentity, allocator);
+
+ EnsureOTRAlgIDInited();
+
+ result->publicSigningKey = fullID->publicSigningKey;
+ CFRetain(result->publicSigningKey);
+
+ require(SecOTRPICacheHash(result, error), fail);
+
+ return result;
+
+fail:
+ CFReleaseSafe(result);
+ return NULL;
+}
+
+
+SecOTRPublicIdentityRef SecOTRPublicIdentityCreateFromSecKeyRef(CFAllocatorRef allocator, SecKeyRef publicKey,
+ CFErrorRef *error) {
+ // TODO - make sure this is an appropriate key type
+ SecOTRPublicIdentityRef result = CFTypeAllocate(SecOTRPublicIdentity, struct _SecOTRPublicIdentity, allocator);
+ result->publicSigningKey = publicKey;
+ CFRetain(result->publicSigningKey);
+ require(SecOTRPICacheHash(result, error), fail);
+ return result;
+fail:
+ CFRelease(result->publicSigningKey);
+ CFReleaseSafe(result);
+ return NULL;
+}
+
+typedef SecKeyRef (*SecOTRPublicKeyCreateFunction)(CFAllocatorRef allocator, const uint8_t** data, size_t* limit);
+
+static SecKeyRef SecOTRCreatePublicKeyFrom(const uint8_t* keyData, size_t keyDataSize, ccder_tag tagContainingKey, SecOTRPublicKeyCreateFunction createFunction)
+{
+ SecKeyRef createdKey = NULL;
+
+ createdKey = createFunction(kCFAllocatorDefault, &keyData, &keyDataSize);
+
+ require(createdKey != NULL, fail);
+ require(keyDataSize == 0, fail);
+
+ return createdKey;
+
+fail:
+ CFReleaseSafe(createdKey);
+ return NULL;
+}
+
+
+SecOTRPublicIdentityRef SecOTRPublicIdentityCreateFromBytes(CFAllocatorRef allocator, const uint8_t**bytes, size_t* size, CFErrorRef *error)
+{
+ CFErrorRef stackedError = NULL;
+
+ SecOTRPublicIdentityRef newID = CFTypeAllocate(SecOTRPublicIdentity, struct _SecOTRPublicIdentity, allocator);
+
+ EnsureOTRAlgIDInited();
+
+ const uint8_t* fullSequenceEnd = *bytes + *size;
+
+ const uint8_t* keyData = ccder_decode_sequence_tl(&fullSequenceEnd, *bytes, fullSequenceEnd);
+ size_t fullSize = (size_t)(fullSequenceEnd - *bytes);
+
+ size_t keyDataSize;
+ keyData = ccder_decode_tl(CCDER_CONTEXT_SPECIFIC | kOTRPIDER_SigningID, &keyDataSize, keyData, fullSequenceEnd);
+ newID->publicSigningKey = SecOTRCreatePublicKeyFrom(keyData, keyDataSize, kOTRPIDER_SigningID, &CreateECPublicKeyFrom);
+ require(newID->publicSigningKey != NULL, fail);
+ keyData += keyDataSize;
+
+ newID->wantsHashes = (NULL != ccder_decode_tl(CCDER_CONTEXT_SPECIFIC | kOTRPIDER_SupportsHashes, &keyDataSize, keyData, fullSequenceEnd));
+
+ require(SecOTRPICacheHash(newID, &stackedError), fail);
+
+ *bytes += fullSize;
+ *size -= fullSize;
+
+ return newID;
+
+fail:
+ SecOTRCreateError(secOTRErrorLocal, kSecOTRErrorCreatePublicIdentity, CFSTR("Error creating public identity from bytes"), stackedError, error);
+ CFReleaseSafe(newID);
+ return NULL;
+}
+
+SecOTRPublicIdentityRef SecOTRPublicIdentityCreateFromData(CFAllocatorRef allocator, CFDataRef serializedData, CFErrorRef *error)
+{
+ if (serializedData == NULL)
+ return NULL;
+
+ size_t length = (size_t)CFDataGetLength(serializedData);
+ const uint8_t* bytes = CFDataGetBytePtr(serializedData);
+ return SecOTRPublicIdentityCreateFromBytes(allocator, &bytes, &length, error);
+}
+
+bool SecOTRPIEqualToBytes(SecOTRPublicIdentityRef id, const uint8_t*bytes, CFIndex size)
+{
+ CFDataRef dataToMatch = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, bytes, size, kCFAllocatorNull);
+ CFMutableDataRef idStreamed = CFDataCreateMutable(kCFAllocatorDefault, 0);
+
+ SecOTRPIAppendSerialization(id, idStreamed, NULL);
+
+ bool equal = CFEqualSafe(dataToMatch, idStreamed);
+
+ CFReleaseNull(dataToMatch);
+ CFReleaseNull(idStreamed);
+
+ return equal;
+}
+
+bool SecOTRPIEqual(SecOTRPublicIdentityRef left, SecOTRPublicIdentityRef right)
+{
+ if (left == right)
+ return true;
+
+ CFMutableDataRef leftData = CFDataCreateMutable(kCFAllocatorDefault, 0);
+ CFMutableDataRef rightData = CFDataCreateMutable(kCFAllocatorDefault, 0);
+
+ SecOTRPIAppendSerialization(left, leftData, NULL);
+ SecOTRPIAppendSerialization(right, rightData, NULL);
+
+ bool match = CFEqualSafe(leftData, rightData);
+
+ CFReleaseNull(leftData);
+ CFReleaseNull(rightData);
+
+ return match;
+}
+
+size_t SecOTRPISignatureSize(SecOTRPublicIdentityRef publicID)
+{
+ return SecKeyGetSize(publicID->publicSigningKey, kSecKeySignatureSize);
+}
+
+bool SecOTRPIAppendSerialization(SecOTRPublicIdentityRef publicID, CFMutableDataRef serializeInto, CFErrorRef *error)
+{
+ CFIndex start = CFDataGetLength(serializeInto);
+
+ CFMutableDataRef signingKeySerialized = NULL;
+
+ signingKeySerialized = CFDataCreateMutable(kCFAllocatorDefault, 0);
+
+ uint8_t outputBuffer[16384];
+ uint8_t* outputBufferEnd = outputBuffer + sizeof(outputBuffer);
+
+ uint8_t sendHashes[1];
+ sendHashes[0] = 0xFF;
+
+ require_noerr(appendPublicOctetsAndSize(publicID->publicSigningKey, signingKeySerialized), fail);
+
+ uint8_t *result = ccder_encode_constructed_tl(CCDER_CONSTRUCTED_SEQUENCE, outputBufferEnd, outputBuffer,
+ ccder_encode_implicit_raw_octet_string(CCDER_CONTEXT_SPECIFIC | kOTRPIDER_SigningID, (size_t)CFDataGetLength(signingKeySerialized), CFDataGetBytePtr(signingKeySerialized), outputBuffer,
+ sAdvertiseHashes ? ccder_encode_implicit_raw_octet_string(CCDER_CONTEXT_SPECIFIC | kOTRPIDER_SupportsHashes, sizeof(sendHashes), sendHashes, outputBuffer, outputBufferEnd) : outputBufferEnd));
+
+ CFDataAppendBytes(serializeInto, result, outputBufferEnd - result);
+
+ CFReleaseSafe(signingKeySerialized);
+
+ return true;
+
+fail:
+ CFReleaseSafe(signingKeySerialized);
+
+ CFDataSetLength(serializeInto, start);
+
+ SecOTRCreateError(secOTRErrorLocal, kSecOTRErrorCreatePublicBytes, CFSTR("Unable to create public key bytes"), NULL, error);
+ return false;
+}
+
+static const uint8_t *mp_decode_forced_uint(cc_size n, cc_unit *r, const uint8_t *der, const uint8_t *der_end) {
+ size_t len;
+ der = ccder_decode_tl(CCDER_INTEGER, &len, der, der_end);
+ if (der && ccn_read_uint(n, r, len, der) >= 0)
+ return der + len;
+
+ return NULL;
+}
+
+static void SecOTRPIRecreateSignature(const uint8_t *oldSignature, size_t oldSignatureSize, uint8_t **newSignature, size_t *newSignatureSize)
+{
+ cc_unit r[ccec_cp_n(ccec_cp_256())], s[ccec_cp_n(ccec_cp_256())];
+ cc_size n = ccec_cp_n(ccec_cp_256());
+
+ const uint8_t *oldSignatureEnd = oldSignature + oldSignatureSize;
+
+ oldSignature = ccder_decode_sequence_tl(&oldSignatureEnd, oldSignature, oldSignatureEnd);
+ oldSignature = mp_decode_forced_uint(n, r, oldSignature, oldSignatureEnd);
+ oldSignature = mp_decode_forced_uint(n, s, oldSignature, oldSignatureEnd);
+
+ const uint8_t *outputPointer = *newSignature;
+ uint8_t *outputEndPointer = *newSignature + *newSignatureSize;
+
+ *newSignature = ccder_encode_constructed_tl(CCDER_CONSTRUCTED_SEQUENCE, outputEndPointer, outputPointer, ccder_encode_integer(n, r, outputPointer, ccder_encode_integer(n, s, outputPointer, outputEndPointer)));
+ long newSigSize = outputEndPointer - *newSignature;
+ *newSignatureSize = (newSigSize >= 0) ? (size_t)newSigSize : 0;
+}
+
+bool SecOTRPIVerifySignature(SecOTRPublicIdentityRef publicID,
+ const uint8_t *dataToHash, size_t amountToHash,
+ const uint8_t *signatureStart, size_t signatureSize, CFErrorRef *error)
+{
+ require(signatureSize > 0, fail);
+ require(*signatureStart == signatureSize - 1, fail);
+ signatureSize -= 1;
+ signatureStart += 1;
+
+ require(SecKeyDigestAndVerifyWithError(publicID->publicSigningKey, kOTRSignatureAlgIDPtr,
+ dataToHash, amountToHash,
+ (uint8_t*)signatureStart, signatureSize, NULL), fail);
+ return true;
+fail:
+ // Workaround some type of compiler bug that won't recognize uint8_t after a label
+ ;
+
+ uint8_t replacementSignature[signatureSize + 3];
+ size_t replacementSignatureLen = sizeof(replacementSignature);
+ uint8_t *replacementSignaturePtr = replacementSignature;
+
+ SecOTRPIRecreateSignature(signatureStart, signatureSize, &replacementSignaturePtr, &replacementSignatureLen);
+
+ require_action(replacementSignaturePtr, fail2, SecOTRCreateError(secOTRErrorLocal, kSecOTRErrorSignatureDidNotRecreate, CFSTR("Unable to recreate signature blob."), NULL, error));
+
+ require(SecKeyDigestAndVerifyWithError(publicID->publicSigningKey, kOTRSignatureAlgIDPtr,
+ dataToHash, amountToHash,
+ replacementSignaturePtr, replacementSignatureLen, error), fail2);
+ return true;
+
+fail2:
+ return false;
+}
+
+void SecOTRPICopyHash(SecOTRPublicIdentityRef publicID, uint8_t hash[kMPIDHashSize])
+{
+ memcpy(hash, publicID->hash, kMPIDHashSize);
+}
+
+void SecOTRPIAppendHash(SecOTRPublicIdentityRef publicID, CFMutableDataRef appendTo)
+{
+ CFDataAppendBytes(appendTo, publicID->hash, sizeof(publicID->hash));
+}
+
+bool SecOTRPICompareHash(SecOTRPublicIdentityRef publicID, const uint8_t hash[kMPIDHashSize])
+{
+ return 0 == memcmp(hash, publicID->hash, kMPIDHashSize);
+}
projects / apple / security.git / blobdiff