X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/b04fe171f0375ecd5d8a24747ca1dff85720a0ca..6b200bc335dc93c5516ccb52f14bd896d8c7fad7:/SecurityTests/clxutils/p12Parse/p12Crypto.cpp

diff --git a/SecurityTests/clxutils/p12Parse/p12Crypto.cpp b/SecurityTests/clxutils/p12Parse/p12Crypto.cpp
deleted file mode 100644
index 0bd1888c..00000000
--- a/SecurityTests/clxutils/p12Parse/p12Crypto.cpp
+++ /dev/null
@@ -1,322 +0,0 @@
-/*
- * Copyright (c) 2003,2005 Apple Computer, Inc. All Rights Reserved.
- * 
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please 
- * obtain a copy of the License at http://www.apple.com/publicsource and 
- * read it before using this file.
- * 
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 
- * Please see the License for the specific language governing rights and 
- * limitations under the License.
- */
-
-/*
- * p12Crypto.cpp - PKCS12 Crypto routines. App space reference version.
- *
- * Created 2/28/03 by Doug Mitchell.
- */
-
-#include "p12Crypto.h"
-#include "pkcs12Utils.h"
-#include <security_cdsa_utils/cuCdsaUtils.h>
-#include <Security/cssmapple.h>
-
-/*
- * Free memory via specified plugin's app-level allocator
- */
-static void appFreeCssmMemory(
-	CSSM_HANDLE	hand,
-	void 			*p)
-{
-	CSSM_API_MEMORY_FUNCS memFuncs;
-	CSSM_RETURN crtn = CSSM_GetAPIMemoryFunctions(hand, &memFuncs);
-	if(crtn) {
-		cssmPerror("CSSM_GetAPIMemoryFunctions", crtn);
-		/* oh well, leak and continue */
-		return;
-	}
-	memFuncs.free_func(p, memFuncs.AllocRef);
-}
-
-#define KEY_LABEL	"p12 key"
-
-/*
- * Given appropriate P12-style parameters, cook up a CSSM_KEY.
- */
-CSSM_RETURN p12KeyGen_app(
-	CSSM_CSP_HANDLE		cspHand,
-	CSSM_KEY			&key,
-	bool				isForEncr,	// true: en/decrypt   false: MAC
-	CSSM_ALGORITHMS		keyAlg,
-	CSSM_ALGORITHMS		pbeHashAlg,	// SHA1, MD5 only
-	uint32				keySizeInBits,
-	uint32				iterCount,
-	const CSSM_DATA		&salt,
-	const CSSM_DATA		&pwd,		// unicode, double null terminated
-	CSSM_DATA			&iv)		// referent is optional
-{
-	CSSM_RETURN					crtn;
-	CSSM_CC_HANDLE 				ccHand;
-	CSSM_DATA					dummyLabel;
-	CSSM_ACCESS_CREDENTIALS		creds;
-	
-	memset(&key, 0, sizeof(CSSM_KEY));
-	memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS));
-
-	/* infer key derivation algorithm */
-	CSSM_ALGORITHMS deriveAlg = CSSM_ALGID_NONE;
-	if(pbeHashAlg != CSSM_ALGID_SHA1) {
-		return CSSMERR_CSP_INVALID_ALGORITHM;
-	}
-	if(isForEncr) {
-		/*
-		 * FIXME - if this key is going to be used to wrap/unwrap a 
-		 * shrouded key bag, its usage will change accordingly...
-		 */
-		deriveAlg = CSSM_ALGID_PKCS12_PBE_ENCR;
-	}
-	else {
-		deriveAlg = CSSM_ALGID_PKCS12_PBE_MAC;
-	}
-	CSSM_CRYPTO_DATA seed;
-	seed.Param = pwd;
-	seed.Callback = NULL;
-	seed.CallerCtx = NULL;
-	
-	crtn = CSSM_CSP_CreateDeriveKeyContext(cspHand,
-		deriveAlg,
-		keyAlg,
-		keySizeInBits,
-		&creds,
-		NULL,			// BaseKey
-		iterCount,
-		&salt,
-		&seed,			// seed
-		&ccHand);
-	if(crtn) {
-		cuPrintError("CSSM_CSP_CreateDeriveKeyContext", crtn);
-		return crtn;
-	}
-	
-	dummyLabel.Length = strlen(KEY_LABEL);
-	dummyLabel.Data = (uint8 *)KEY_LABEL;
-	
-	/* KEYUSE_ANY - this is just an ephemeral session key */
-	crtn = CSSM_DeriveKey(ccHand,
-		&iv,
-		CSSM_KEYUSE_ANY,
-		//CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_SENSITIVE,
-		CSSM_KEYATTR_RETURN_DATA | CSSM_KEYATTR_EXTRACTABLE,
-		&dummyLabel,
-		NULL,			// cred and acl
-		&key);
-	CSSM_DeleteContext(ccHand);
-	if(crtn) {
-		cuPrintError("CSSM_DeriveKey", crtn);
-	}
-	return crtn;
-}
-
-/*
- * Decrypt (typically, an encrypted P7 ContentInfo contents or
- * a P12 ShroudedKeyBag).
- */
-CSSM_RETURN p12Decrypt_app(
-	CSSM_CSP_HANDLE		cspHand,
-	const CSSM_DATA		&cipherText,
-	CSSM_ALGORITHMS		keyAlg,				
-	CSSM_ALGORITHMS		encrAlg,
-	CSSM_ALGORITHMS		pbeHashAlg,			// SHA1, MD5 only
-	uint32				keySizeInBits,
-	uint32				blockSizeInBytes,	// for IV
-	CSSM_PADDING		padding,			// CSSM_PADDING_PKCS7, etc.
-	CSSM_ENCRYPT_MODE	mode,				// CSSM_ALGMODE_CBCPadIV8, etc.
-	uint32				iterCount,
-	const CSSM_DATA		&salt,
-	const CSSM_DATA		&pwd,		// unicode, double null terminated
-	SecNssCoder			&coder,		// for mallocing KeyData and plainText
-	CSSM_DATA			&plainText)
-{
-	CSSM_RETURN crtn;
-	CSSM_KEY ckey;
-	CSSM_CC_HANDLE ccHand = 0;
-	
-	/* P12 style IV derivation, optional */
-	CSSM_DATA iv = {0, NULL};
-	CSSM_DATA_PTR ivPtr = NULL;
-	if(blockSizeInBytes) {
-		coder.allocItem(iv, blockSizeInBytes);
-		ivPtr = &iv;
-	}
-	
-	/* P12 style key derivation */
-	crtn = p12KeyGen_app(cspHand, ckey, true, keyAlg, pbeHashAlg,
-		keySizeInBits, iterCount, salt, pwd, iv);
-	if(crtn) {
-		return crtn;
-	}	
-		
-	/* CSSM context */
-	crtn = CSSM_CSP_CreateSymmetricContext(cspHand,
-		encrAlg,
-		mode,
-		NULL,			// access cred
-		&ckey,
-		ivPtr,			// InitVector, optional
-		padding,	
-		NULL,			// Params
-		&ccHand);
-	if(crtn) {
-		cuPrintError("CSSM_CSP_CreateSymmetricContext", crtn);
-		return crtn;
-	}
-	
-	/* go - CSP mallocs ptext and rem data */
-	CSSM_DATA ourPtext = {0, NULL};
-	CSSM_DATA remData = {0, NULL};
-	uint32 bytesDecrypted;
-	crtn = CSSM_DecryptData(ccHand,
-		&cipherText,
-		1,
-		&ourPtext,
-		1,
-		&bytesDecrypted,
-		&remData);
-	if(crtn) {
-		cuPrintError("CSSM_EncryptData", crtn);
-	}
-	else {
-		coder.allocCopyItem(ourPtext, plainText);
-		plainText.Length = bytesDecrypted;
-		
-		/* plaintext copied into coder space; free the memory allocated
-		 * by the CSP */
-		appFreeCssmMemory(cspHand, ourPtext.Data);
-	}
-	/* an artifact of CSPFUllPLuginSession - this never contains
-	 * valid data but sometimes gets mallocds */
-	if(remData.Data) {
-		appFreeCssmMemory(cspHand, remData.Data);
-	}
-	CSSM_DeleteContext(ccHand);
-	CSSM_FreeKey(cspHand, NULL, &ckey, CSSM_FALSE);
-	return crtn;
-}
-
-/*
- * Calculate the MAC for a PFX. Caller is either going compare
- * the result against an existing PFX's MAC or drop the result into 
- * a newly created PFX.
- */
-CSSM_RETURN p12GenMac_app(
-	CSSM_CSP_HANDLE		cspHand,
-	const CSSM_DATA		&ptext,	// e.g., NSS_P12_DecodedPFX.derAuthSaafe
-	CSSM_ALGORITHMS		alg,	// better be SHA1!
-	unsigned			iterCount,
-	const CSSM_DATA		&salt,
-	const CSSM_DATA		&pwd,		// unicode, double null terminated
-	SecNssCoder			&coder,		// for mallocing macData
-	CSSM_DATA			&macData)	// RETURNED 
-{
-	CSSM_RETURN crtn;
-	
-	/* P12 style key derivation */
-	unsigned keySizeInBits;
-	CSSM_ALGORITHMS hmacAlg;
-	switch(alg) {
-		case CSSM_ALGID_SHA1:
-			keySizeInBits = 160;
-			hmacAlg = CSSM_ALGID_SHA1HMAC;
-			break;
-		case CSSM_ALGID_MD5:
-			/* not even sure if this is legal in p12 world... */
-			keySizeInBits = 128;
-			hmacAlg = CSSM_ALGID_MD5HMAC;
-			break;
-		default:
-			return CSSMERR_CSP_INVALID_ALGORITHM;
-	}
-	CSSM_KEY macKey;
-	CSSM_DATA iv = {0, NULL};
-	crtn = p12KeyGen_app(cspHand, macKey, false, hmacAlg, alg,
-		keySizeInBits, iterCount, salt, pwd, iv);
-	if(crtn) {
-		return crtn;
-	}	
-
-	/* prealloc the mac data */
-	coder.allocItem(macData, keySizeInBits / 8);
-	CSSM_CC_HANDLE ccHand = 0;
-	crtn = CSSM_CSP_CreateMacContext(cspHand, hmacAlg, &macKey, &ccHand);
-	if(crtn) {
-		cuPrintError("CSSM_CSP_CreateMacContext", crtn);
-		return crtn;
-	}
-	
-	crtn = CSSM_GenerateMac (ccHand, &ptext, 1, &macData);
-	if(crtn) {
-		cuPrintError("CSSM_GenerateMac", crtn);
-	}
-	CSSM_DeleteContext(ccHand);
-	CSSM_FreeKey(cspHand, NULL, &macKey, CSSM_FALSE);
-	return crtn;
-}
-
-/*
- * Verify MAC on an existing PFX.  
- */
-CSSM_RETURN p12VerifyMac_app(
-	const NSS_P12_DecodedPFX 	&pfx,
-	CSSM_CSP_HANDLE				cspHand,
-	const CSSM_DATA				&pwd,	// unicode, double null terminated
-	SecNssCoder					&coder)	// for temp mallocs
-{
-	if(pfx.macData == NULL) {
-		return CSSMERR_CSP_INVALID_SIGNATURE;
-	}
-	NSS_P12_MacData &macData = *pfx.macData;
-	NSS_P7_DigestInfo &digestInfo  = macData.mac;
-	CSSM_OID &algOid = digestInfo.digestAlgorithm.algorithm;
-	CSSM_ALGORITHMS macAlg;
-	if(!cssmOidToAlg(&algOid, &macAlg)) {
-		return CSSMERR_CSP_INVALID_ALGORITHM;
-	}
-	uint32 iterCount = 0;
-	CSSM_DATA &citer = macData.iterations;
-	if(!p12DataToInt(citer, iterCount)) {
-		return CSSMERR_CSP_INVALID_ATTR_ROUNDS;
-	}
-	if(iterCount == 0) {
-		/* optional, default 1 */
-		iterCount = 1;
-	}
-
-	/*
-	 * In classic fashion, the PKCS12 spec now says:
-	 *
-	 *      When password integrity mode is used to secure a PFX PDU, 
-	 *      an SHA-1 HMAC is computed on the BER-encoding of the contents 
-	 *      of the content field of the authSafe field in the PFX PDU.
-	 *
-	 * So here we go.
-	 */
-	CSSM_DATA genMac;
-	CSSM_RETURN crtn = p12GenMac_app(cspHand, *pfx.authSafe.content.data, 
-		macAlg, iterCount, macData.macSalt, pwd, coder, genMac);
-	if(crtn) {
-		return crtn;
-	}
-	if(nssCompareCssmData(&genMac, &digestInfo.digest)) {
-		return CSSM_OK;
-	}
-	else {
-		return CSSMERR_CSP_VERIFY_FAILED;
-	}
-}
-