X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/72a12576750f52947eb043106ba5c12c0d07decf..b1ab9ed8d0e0f1c3b66d7daa8fd5564444c56195:/libsecurity_apple_csp/lib/MacContext.cpp

diff --git a/libsecurity_apple_csp/lib/MacContext.cpp b/libsecurity_apple_csp/lib/MacContext.cpp
new file mode 100644
index 00000000..91353fd7
--- /dev/null
+++ b/libsecurity_apple_csp/lib/MacContext.cpp
@@ -0,0 +1,176 @@
+/*
+ * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ * 
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ * 
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+/*
+ * MacContext.cpp - AppleCSPContext for HMACSHA1
+ */
+
+#include "MacContext.h"
+#include <HMACSHA1.h>
+#include <Security/cssmerr.h>
+#include <CommonCrypto/CommonDigest.h>	/* for digest sizes */
+#ifdef	CRYPTKIT_CSP_ENABLE
+#include <security_cryptkit/HmacSha1Legacy.h>
+#endif	/* CRYPTKIT_CSP_ENABLE */
+
+MacContext::~MacContext()
+{
+	memset(&hmacCtx, 0, sizeof(hmacCtx));
+}
+	
+/* called out from CSPFullPluginSession....
+ * both generate and verify */
+void MacContext::init(const Context &context, bool isSigning)
+{
+	CCHmacAlgorithm ccAlg;
+	
+	/* obtain key from context */
+	CSSM_SIZE	keyLen;
+	uint8 		*keyData 	= NULL;
+	
+	symmetricKeyBits(context, session(), mAlg, 
+		isSigning ? CSSM_KEYUSE_SIGN : CSSM_KEYUSE_VERIFY,
+		keyData, keyLen);
+	uint32 minKey = 0;
+	switch(mAlg) {
+		case CSSM_ALGID_SHA1HMAC:
+			minKey = HMAC_SHA_MIN_KEY_SIZE;
+			mDigestSize = CC_SHA1_DIGEST_LENGTH;
+			ccAlg = kCCHmacAlgSHA1;
+			break;
+		case CSSM_ALGID_MD5HMAC:
+			minKey = HMAC_MD5_MIN_KEY_SIZE;
+			mDigestSize = CC_MD5_DIGEST_LENGTH;
+			ccAlg = kCCHmacAlgMD5;
+			break;
+		default:
+			assert(0);			// factory should not have called us
+			CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
+	}
+	if((keyLen < minKey) || (keyLen > HMAC_MAX_KEY_SIZE)) {
+		CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_KEY);
+	}
+	CCHmacInit(&hmacCtx, ccAlg, keyData, keyLen);
+}
+
+void MacContext::update(const CssmData &data)
+{
+	CCHmacUpdate(&hmacCtx, data.data(), data.length());
+}
+
+/* generate only */
+void MacContext::final(CssmData &out)
+{
+	if(out.length() < mDigestSize) {
+		CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR);
+	}
+	CCHmacFinal(&hmacCtx, out.data());
+	out.Length = mDigestSize;
+}
+
+/* verify only */
+#define MAX_DIGEST_SIZE		CC_SHA1_DIGEST_LENGTH
+
+void MacContext::final(const CssmData &in)
+{
+	unsigned char mac[MAX_DIGEST_SIZE];
+	
+	CCHmacFinal(&hmacCtx, mac);
+	if(memcmp(mac, in.data(), mDigestSize)) {
+		CssmError::throwMe(CSSMERR_CSP_VERIFY_FAILED);
+	}
+}
+
+size_t MacContext::outputSize(bool final, size_t inSize)
+{
+	return mDigestSize;
+}
+
+#ifdef 	CRYPTKIT_CSP_ENABLE
+
+MacLegacyContext::~MacLegacyContext()
+{
+	if(mHmac) {
+		hmacLegacyFree(mHmac);
+		mHmac = NULL;
+	}
+}
+	
+/* called out from CSPFullPluginSession....
+ * both generate and verify: */
+void MacLegacyContext::init(const Context &context, bool isSigning)
+{
+	if(mHmac == NULL) {
+		mHmac = hmacLegacyAlloc();
+		if(mHmac == NULL) {
+			CssmError::throwMe(CSSMERR_CSP_MEMORY_ERROR);
+		}
+	}
+	
+	/* obtain key from context */
+	CSSM_SIZE	keyLen;
+	uint8 		*keyData 	= NULL;
+	
+	/* FIXME - this may require a different key alg */
+	symmetricKeyBits(context, session(), CSSM_ALGID_SHA1HMAC, 
+		isSigning ? CSSM_KEYUSE_SIGN : CSSM_KEYUSE_VERIFY,
+		keyData, keyLen);
+	if((keyLen < HMAC_SHA_MIN_KEY_SIZE) || (keyLen > HMAC_MAX_KEY_SIZE)) {
+		CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_KEY);
+	}
+	
+	OSStatus ortn = hmacLegacyInit(mHmac, keyData, keyLen);
+	if(ortn) {
+		MacOSError::throwMe(ortn);
+	}
+}
+
+void MacLegacyContext::update(const CssmData &data)
+{
+	OSStatus ortn = hmacLegacyUpdate(mHmac,
+		data.data(),
+		data.length());
+	if(ortn) {
+		MacOSError::throwMe(ortn);
+	}
+}
+
+/* generate only */
+void MacLegacyContext::final(CssmData &out)
+{
+	if(out.length() < kHMACSHA1DigestSize) {
+		CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR);
+	}
+	hmacLegacyFinal(mHmac, out.data());
+}
+
+/* verify only */
+void MacLegacyContext::final(const CssmData &in)
+{
+	unsigned char mac[kHMACSHA1DigestSize];
+	hmacLegacyFinal(mHmac, mac);
+	if(memcmp(mac, in.data(), kHMACSHA1DigestSize)) {
+		CssmError::throwMe(CSSMERR_CSP_VERIFY_FAILED);
+	}
+}
+
+size_t MacLegacyContext::outputSize(bool final, size_t inSize)
+{
+	return kHMACSHA1DigestSize;
+}
+
+#endif	/* CRYPTKIT_CSP_ENABLE */