+++ /dev/null
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-/*
- File: symCipher.c
-
- Contains: CDSA-based symmetric cipher module
-
- Written by: Doug Mitchell
-
- Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved.
-
-*/
-
-#include "sslContext.h"
-#include "cryptType.h"
-#include "sslDebug.h"
-#include "sslMemory.h"
-#include "appleCdsa.h"
-#include "symCipher.h"
-
-#include <Security/cssm.h>
-
-#include <string.h>
-
-/* dispose of dynamically allocated resources in a CipherContext */
-static void disposeCipherCtx(
- CipherContext *cipherCtx)
-{
- assert(cipherCtx != NULL);
- if(cipherCtx->symKey != NULL) {
- assert(cipherCtx->cspHand != 0);
- CSSM_FreeKey(cipherCtx->cspHand, NULL, cipherCtx->symKey, CSSM_FALSE);
- sslFree(cipherCtx->symKey);
- cipherCtx->symKey = NULL;
- }
- cipherCtx->cspHand = 0;
- if(cipherCtx->ccHand != 0) {
- CSSM_DeleteContext(cipherCtx->ccHand);
- cipherCtx->ccHand = 0;
- }
-}
-
-OSStatus CDSASymmInit(
- uint8 *key,
- uint8* iv,
- CipherContext *cipherCtx,
- SSLContext *ctx)
-{
- /*
- * Cook up a symmetric key and a CCSM_CC_HANDLE. Assumes:
- * cipherCtx->symCipher.keyAlg
- * ctx->cspHand
- * key (raw key bytes)
- * On successful exit:
- * Resulting CSSM_KEY_PTR --> cipherCtx->symKey
- * Resulting CSSM_CC_HANDLE --> cipherCtx->ccHand
- * (Currently) a copy of ctx->cspHand --> cipherCtx->cspHand
- *
- * FIXME - for now we assume that ctx->cspHand is capable of
- * using the specified algorithm, keysize, and mode. This
- * may need revisiting.
- */
-
- OSStatus serr = errSSLInternal;
- CSSM_RETURN crtn;
- const SSLSymmetricCipher *symCipher;
- CSSM_DATA ivData;
- CSSM_DATA_PTR ivDataPtr = NULL;
- CSSM_KEY_PTR symKey = NULL;
- CSSM_CC_HANDLE ccHand = 0;
- char *op;
-
- assert(cipherCtx != NULL);
- assert(cipherCtx->symCipher != NULL);
- assert(ctx != NULL);
- if(ctx->cspHand == 0) {
- sslErrorLog("CDSASymmInit: NULL cspHand!\n");
- return errSSLInternal;
- }
-
- /* clean up cipherCtx */
- disposeCipherCtx(cipherCtx);
-
- /* cook up a raw key */
- symKey = (CSSM_KEY_PTR)sslMalloc(sizeof(CSSM_KEY));
- if(symKey == NULL) {
- return memFullErr;
- }
- serr = sslSetUpSymmKey(symKey, cipherCtx->symCipher->keyAlg,
- CSSM_KEYUSE_ENCRYPT | CSSM_KEYUSE_DECRYPT, CSSM_TRUE,
- key, cipherCtx->symCipher->keySize);
- if(serr) {
- sslFree(symKey);
- return serr;
- }
-
- cipherCtx->symKey = symKey;
-
- /* now the crypt handle */
- symCipher = cipherCtx->symCipher;
- if(symCipher->ivSize != 0) {
- ivData.Data = iv;
- ivData.Length = symCipher->ivSize;
- ivDataPtr = &ivData;
- }
- crtn = CSSM_CSP_CreateSymmetricContext(ctx->cspHand,
- symCipher->encrAlg,
- symCipher->encrMode,
- NULL,
- symKey,
- ivDataPtr,
- symCipher->encrPad,
- 0, // Params
- &ccHand);
- if(crtn) {
- stPrintCdsaError("CSSM_CSP_CreateSymmetricContext", crtn);
- serr = errSSLCrypto;
- goto errOut;
- }
- cipherCtx->ccHand = ccHand;
-
- /* after this, each en/decrypt is merely an update */
- if(cipherCtx->encrypting) {
- crtn = CSSM_EncryptDataInit(ccHand);
- op = "CSSM_EncryptDataInit";
- }
- else {
- crtn = CSSM_DecryptDataInit(ccHand);
- op = "CSSM_DecryptDataInit";
- }
- if(crtn) {
- stPrintCdsaError("CSSM_CSP_EncryptDataInit", crtn);
- serr = errSSLCrypto;
- goto errOut;
- }
-
- /* success */
- cipherCtx->cspHand = ctx->cspHand;
- serr = noErr;
-
-errOut:
- if(serr) {
- /* dispose of the stuff we created */
- disposeCipherCtx(cipherCtx);
- }
- return serr;
-}
-
-#define REDECRYPT_DATA 0
-
-#define LOG_SYMM_DATA 0
-#if LOG_SYMM_DATA
-static void logSymmData(
- char *field,
- SSLBuffer *data,
- int maxLen)
-{
- int i;
-
- printf("%s: ", field);
- for(i=0; i<data->length; i++) {
- if(i == maxLen) {
- break;
- }
- printf("%02X", data->data[i]);
- if((i % 4) == 3) {
- printf(" ");
- }
- }
- printf("\n");
-}
-#else /* LOG_SYMM_DATA */
-#define logSymmData(f, d, l)
-#endif /* LOG_SYMM_DATA */
-
-#define IS_ALIGNED(count, blockSize) ((count % blockSize) == 0)
-
-OSStatus CDSASymmEncrypt(
- SSLBuffer src,
- SSLBuffer dest,
- CipherContext *cipherCtx,
- SSLContext *ctx)
-{
- CSSM_RETURN crtn;
- CSSM_DATA ptextData;
- CSSM_DATA ctextData;
- uint32 bytesEncrypted;
- OSStatus serr = errSSLInternal;
- uint32 origLen = dest.length;
-
- /*
- * Valid on entry:
- * cipherCtx->ccHand
- * cipherCtx->cspHand
- */
- assert(ctx != NULL);
- assert(cipherCtx != NULL);
- logSymmData("Symm encrypt ptext", &src, 48);
-
- /* this requirement allows us to avoid a malloc and copy */
- assert(dest.length >= src.length);
-
- #if SSL_DEBUG
- {
- unsigned blockSize = cipherCtx->symCipher->blockSize;
- if(blockSize) {
- if(!IS_ALIGNED(src.length, blockSize)) {
- sslErrorLog("CDSASymmEncrypt: unaligned ptext (len %ld bs %d)\n",
- src.length, blockSize);
- return errSSLInternal;
- }
- if(!IS_ALIGNED(dest.length, blockSize)) {
- sslErrorLog("CDSASymmEncrypt: unaligned ctext (len %ld bs %d)\n",
- dest.length, blockSize);
- return errSSLInternal;
- }
- }
- }
- #endif
-
- if((cipherCtx->ccHand == 0) || (cipherCtx->cspHand == 0)) {
- sslErrorLog("CDSASymmEncrypt: null args\n");
- return errSSLInternal;
- }
- SSLBUF_TO_CSSM(&src, &ptextData);
- SSLBUF_TO_CSSM(&dest, &ctextData);
- crtn = CSSM_EncryptDataUpdate(cipherCtx->ccHand,
- &ptextData,
- 1,
- &ctextData,
- 1,
- &bytesEncrypted);
- if(crtn) {
- stPrintCdsaError("CSSM_EncryptDataUpdate", crtn);
- serr = errSSLCrypto;
- goto errOut;
- }
-
- if(bytesEncrypted > origLen) {
- /* should never happen, callers always give us block-aligned
- * plaintext and CSP padding is disabled. */
- sslErrorLog("Symmetric encrypt overflow: bytesEncrypted %ld destLen %ld\n",
- bytesEncrypted, dest.length);
- serr = errSSLCrypto;
- goto errOut;
- }
- dest.length = bytesEncrypted;
- logSymmData("Symm encrypt ctext", &dest, 48);
- serr = noErr;
-
-errOut:
- return serr;
-}
-
-OSStatus CDSASymmDecrypt(
- SSLBuffer src,
- SSLBuffer dest,
- CipherContext *cipherCtx,
- SSLContext *ctx)
-{
- CSSM_RETURN crtn;
- CSSM_DATA ptextData = {0, NULL};
- CSSM_DATA ctextData;
- uint32 bytesDecrypted;
- OSStatus serr = errSSLInternal;
- uint32 origLen = dest.length;
-
- /*
- * Valid on entry:
- * cipherCtx->cspHand
- * cipherCtx->ccHand
- */
- assert(ctx != NULL);
- assert(cipherCtx != NULL);
- if((cipherCtx->ccHand == 0) || (cipherCtx->cspHand == 0)) {
- sslErrorLog("CDSASymmDecrypt: null args\n");
- return errSSLInternal;
- }
- /* this requirement allows us to avoid a malloc and copy */
- assert(dest.length >= src.length);
-
- #if SSL_DEBUG
- {
- unsigned blockSize = cipherCtx->symCipher->blockSize;
- if(blockSize) {
- if(!IS_ALIGNED(src.length, blockSize)) {
- sslErrorLog("CDSASymmDecrypt: unaligned ctext (len %ld bs %d)\n",
- src.length, blockSize);
- return errSSLInternal;
- }
- if(!IS_ALIGNED(dest.length, blockSize)) {
- sslErrorLog("CDSASymmDecrypt: unaligned ptext (len %ld bs %d)\n",
- dest.length, blockSize);
- return errSSLInternal;
- }
- }
- }
- #endif
-
- SSLBUF_TO_CSSM(&src, &ctextData);
- SSLBUF_TO_CSSM(&dest, &ptextData);
- crtn = CSSM_DecryptDataUpdate(cipherCtx->ccHand,
- &ctextData,
- 1,
- &ptextData,
- 1,
- &bytesDecrypted);
- if(crtn) {
- stPrintCdsaError("CSSM_DecryptDataUpdate", crtn);
- serr = errSSLCrypto;
- goto errOut;
- }
-
- if(bytesDecrypted > origLen) {
- /* FIXME - can this happen? Should we remalloc? */
- sslErrorLog("Symmetric decrypt overflow: bytesDecrypted %ld destLen %ld\n",
- bytesDecrypted, dest.length);
- serr = errSSLCrypto;
- goto errOut;
- }
- dest.length = bytesDecrypted;
- serr = noErr;
- logSymmData("Symm decrypt ptext(1)", &dest, 48);
-errOut:
- return serr;
-}
-
-OSStatus CDSASymmFinish(
- CipherContext *cipherCtx,
- SSLContext *ctx)
-{
- /* dispose of cipherCtx->{symKey,cspHand,ccHand} */
- disposeCipherCtx(cipherCtx);
- return noErr;
-}
-
projects / apple / security.git / blobdiff