1  /*
  2   * Copyright (c) 2000-2002,2011-2012,2014 Apple Inc. All Rights Reserved.
  3   * 
  4   * The contents of this file constitute Original Code as defined in and are
  5   * subject to the Apple Public Source License Version 1.2 (the 'License').
  6   * You may not use this file except in compliance with the License. Please obtain
  7   * a copy of the License at http://www.apple.com/publicsource and read it before
  8   * using this file.
  9   * 
 10   * This Original Code and all software distributed under the License are
 11   * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
 12   * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
 13   * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
 14   * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
 15   * specific language governing rights and limitations under the License.
 16   */
 17  
 18  
 19  /*
 20   * DH_exchange.cp - Diffie-Hellman key exchange
 21   */
 22   
 23  #include "DH_exchange.h"
 24  #include <Security/cssmerr.h>
 25  #include "DH_utils.h"
 26  #include "DH_keys.h"
 27  #include <strings.h>
 28  #include <opensslUtils/opensslUtils.h>
 29  
 30  void DeriveKey_DH (
 31  	const Context &context,
 32  	const CssmData &Param,			// other's public key. may be empty
 33  	CSSM_DATA *keyData,				// mallocd by caller
 34  									// we fill in keyData->Length bytes
 35  	AppleCSPSession &session)
 36  {
 37  	bool mallocdPrivKey;
 38  	size_t privSize;
 39  	
 40  	/* private DH key from context - required */
 41  	DH *privKey = contextToDhKey(context, session, CSSM_ATTRIBUTE_KEY,
 42  		CSSM_KEYCLASS_PRIVATE_KEY, CSSM_KEYUSE_DERIVE, mallocdPrivKey);
 43  	if(privKey == NULL) {
 44  		CssmError::throwMe(CSSMERR_CSP_MISSING_ATTR_KEY);
 45  	}
 46  	cspDhDebug("DeriveKey_DH, privKey %p", privKey);
 47  	privSize = DH_size(privKey);
 48  	if(privSize < keyData->Length) {
 49  		/* we've been asked for more bits than this key can generate */
 50  		CssmError::throwMe(CSSMERR_CSP_UNSUPPORTED_KEY_SIZE);
 51  	}
 52  	
 53  	/*
 54  	 * Public key ("their" key) can come from two places:
 55  	 * -- in the context as a CSSM_ATTRIBUTE_PUBLIC_KEY. This is how 
 56  	 *    public keys in X509 format must be used in this function
 57  	 * -- in the incoming Param, the raw unformatted (PKCS3) form 
 58  	 */
 59  	bool mallocdPubKey = false;
 60  	BIGNUM *pubKeyBn = NULL;
 61  	bool allocdPubKeyBn = false;
 62  	DH *pubKey = contextToDhKey(context, session, CSSM_ATTRIBUTE_PUBLIC_KEY,
 63  		CSSM_KEYCLASS_PUBLIC_KEY, CSSM_KEYUSE_DERIVE, mallocdPubKey);
 64  	if(pubKey != NULL) {
 65  		if(pubKey->pub_key == NULL) {
 66  			errorLog0("DeriveKey_DH: public key in context with no pub_key\n");
 67  			CssmError::throwMe(CSSMERR_CSP_INVALID_KEY);
 68  		}
 69  		pubKeyBn = pubKey->pub_key;
 70  		cspDhDebug("DeriveKey_DH, pubKey from context %p", pubKey);
 71  	}
 72  	else {
 73  		if((Param.Data == NULL) || (Param.Length == 0)) {
 74  			errorLog0("DeriveKey_DH: no pub_key, no Param\n");
 75  			CssmError::throwMe(CSSMERR_CSP_INVALID_KEY);
 76  		}
 77  		pubKeyBn = BN_bin2bn(Param.Data, (int)Param.Length, NULL);
 78  		if(pubKeyBn == NULL) {
 79  			CssmError::throwMe(CSSMERR_CSP_MEMORY_ERROR);
 80  		}
 81  		allocdPubKeyBn = true;
 82  		cspDhDebug("DeriveKey_DH, no pubKey in context");
 83  	}
 84  	unsigned char *buf = (unsigned char *)session.malloc(privSize);
 85  	int rtn = DH_compute_key(buf, pubKeyBn, privKey);
 86  	if(rtn > 0) {
 87  		/*
 88  		 * FIXME : I have not found a specification describing *which*
 89  		 * bytes of the value we just computed we are supposed to
 90  		 * use as the actual key bytes. We use the M.S. bytes.
 91  		 *
 92  		 * Note that due to modulo arithmetic, we may have gotten fewer
 93  		 * bytes than we asked for. If so, the caller will have
 94  		 * to deal with that if they really need privSize bytes.
 95  		 */
 96  		assert((uint32)rtn <= privSize);
 97  		CSSM_SIZE toMove = keyData->Length;
 98  		if((uint32)rtn < toMove) {
 99  			toMove = (uint32)rtn;
100  		}
101  		memmove(keyData->Data, buf, toMove);
102  		keyData->Length = toMove;
103  	}
104  	if(mallocdPrivKey) {
105  		DH_free(privKey);
106  	}
107  	if(mallocdPubKey) {
108  		DH_free(pubKey);
109  	}
110  	if(allocdPubKeyBn) {
111  		BN_free(pubKeyBn);
112  	}
113  	session.free(buf);
114  	if(rtn <= 0) {
115  		throwRsaDsa("DH_compute_key");
116  	}
117  }
118