1  /*
  2   * Copyright (c) 2000-2001,2011,2013-2014 Apple Inc. All Rights Reserved.
  3   *
  4   * The contents of this file constitute Original Code as defined in and are
  5   * subject to the Apple Public Source License Version 1.2 (the 'License').
  6   * You may not use this file except in compliance with the License. Please obtain
  7   * a copy of the License at http://www.apple.com/publicsource and read it before
  8   * using this file.
  9   *
 10   * This Original Code and all software distributed under the License are
 11   * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
 12   * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
 13   * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
 14   * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
 15   * specific language governing rights and limitations under the License.
 16   */
 17  
 18  
 19  /*
 20   * RSA_DSA_keys.h - key pair support for RSA/DSA
 21   */
 22  
 23  #ifndef	_RSA_DSA_KEYS_H_
 24  #define _RSA_DSA_KEYS_H_
 25  
 26  #include <AppleCSPContext.h>
 27  #include <AppleCSPSession.h>
 28  #include <RSA_DSA_csp.h>
 29  #include "AppleCSPKeys.h"
 30  #include <Security/osKeyTemplates.h>
 31  #include <openssl/rsa_legacy.h>
 32  #include <openssl/dsa_legacy.h>
 33  #include <security_cdsa_utilities/context.h>
 34  #include <security_asn1/SecNssCoder.h>
 35  
 36  #define RSA_PUB_KEY_FORMAT		CSSM_KEYBLOB_RAW_FORMAT_PKCS1
 37  #define RSA_PRIV_KEY_FORMAT		CSSM_KEYBLOB_RAW_FORMAT_PKCS8
 38  
 39  #define DSA_PUB_KEY_FORMAT		CSSM_KEYBLOB_RAW_FORMAT_X509
 40  #define DSA_PRIV_KEY_FORMAT		CSSM_KEYBLOB_RAW_FORMAT_FIPS186
 41  
 42  #define	DSA_MIN_KEY_SIZE		512
 43  #define DSA_MAX_KEY_SIZE		4096
 44  #define DSA_KEY_BITS_MASK		(64 - 1)	/* these bits must be zero */
 45  											/* i.e., aligned to 64 bits */
 46  
 47  #define RSA_MAX_KEY_SIZE			(8 * 1024)
 48  #define RSA_MAX_PUB_EXPONENT_SIZE	64
 49  
 50  /* Those max RSA sizes can be overridden with these system preferences */
 51  #define kRSAKeySizePrefsDomain		"com.apple.security"
 52  #define kRSAMaxKeySizePref			CFSTR("RSAMaxKeySize")
 53  #define kRSAMaxPublicExponentPref	CFSTR("RSAMaxPublicExponent")
 54  
 55  /*
 56   * RSA version of a BinaryKey.
 57   */
 58  class RSABinaryKey : public BinaryKey {
 59  public:
 60  	RSABinaryKey(RSA *rsaKey = NULL);
 61  	~RSABinaryKey();
 62  	void generateKeyBlob(
 63  		Allocator			&allocator,
 64  		CssmData			&blob,
 65  		CSSM_KEYBLOB_FORMAT	&format,
 66  		AppleCSPSession		&session,
 67  		const CssmKey		*paramKey,		/* optional, unused here */
 68  		CSSM_KEYATTR_FLAGS	&attrFlags);	/* IN/OUT */
 69  
 70  	RSA						*mRsaKey;
 71  
 72  	bool isOaep()				{ return mOaep; }
 73  	const CSSM_DATA &label()	{ return mLabel; }
 74  	void setOaep(
 75  		const CSSM_DATA		&label);
 76  private:
 77  	/*
 78  	 * optional fields for OEAP keys
 79  	 * (mKeyHeader.AlgorithmId == CSSM_ALGMODE_PKCS1_EME_OAEP)
 80  	 */
 81  	bool					mOaep;
 82  	CssmAutoData			mLabel;
 83  };
 84  
 85  class RSAKeyPairGenContext :
 86  	public AppleCSPContext, private AppleKeyPairGenContext  {
 87  public:
 88  	RSAKeyPairGenContext(
 89  		AppleCSPSession &session,
 90  		const Context &) :
 91  			AppleCSPContext(session) {}
 92  
 93  	~RSAKeyPairGenContext() { }
 94  
 95  	/* no init functionality, but we need to implement it */
 96  	void init(
 97  		const Context &,
 98  		bool) { }
 99  
100  	// this one is specified in, and called from, CSPFullPluginSession
101  	void generate(
102  		const Context 	&context,
103  		CssmKey 		&pubKey,
104  		CssmKey 		&privKey);
105  
106      // declared in CSPFullPluginSession, but not implemented here
107      void generate(const Context &context, uint32, CssmData &params, uint32 &attrCount, Context::Attr * &attrs);
108  
109  	// this one is specified in, and called from, AppleKeyPairGenContext
110  	void generate(
111  		const Context 	&context,
112  		BinaryKey		&pubBinKey,
113  		BinaryKey		&privBinKey,
114  		uint32			&keySize);
115  
116  };	/* KeyPairGenContext */
117  
118  /*
119   * CSPKeyInfoProvider for RSA keys
120   */
121  class RSAKeyInfoProvider : public CSPKeyInfoProvider
122  {
123  private:
124  	RSAKeyInfoProvider(
125  		const CssmKey		&cssmKey,
126  		AppleCSPSession		&session);
127  public:
128  	static CSPKeyInfoProvider *provider(
129  		const CssmKey 		&cssmKey,
130  		AppleCSPSession		&session);
131  
132  	~RSAKeyInfoProvider() { }
133  	void CssmKeyToBinary(
134  		CssmKey				*paramKey,	// optional
135  		CSSM_KEYATTR_FLAGS	&attrFlags,	// IN/OUT
136  		BinaryKey			**binKey);	// RETURNED
137  	void QueryKeySizeInBits(
138  		CSSM_KEY_SIZE		&keySize);	// RETURNED
139  	bool getHashableBlob(
140  		Allocator 		&allocator,
141  		CssmData			&hashBlob);
142  };
143  
144  /*
145   * DSA version of a BinaryKey.
146   */
147  class DSABinaryKey : public BinaryKey {
148  public:
149  	DSABinaryKey(DSA *dsaKey = NULL);
150  	~DSABinaryKey();
151  	void generateKeyBlob(
152  		Allocator 		&allocator,
153  		CssmData			&blob,
154  		CSSM_KEYBLOB_FORMAT	&format,
155  		AppleCSPSession		&session,
156  		const CssmKey		*paramKey,		/* optional */
157  		CSSM_KEYATTR_FLAGS	&attrFlags);	/* IN/OUT */
158  
159  	DSA						*mDsaKey;
160  };
161  
162  class DSAKeyPairGenContext :
163  	public AppleCSPContext, private AppleKeyPairGenContext  {
164  public:
165  	DSAKeyPairGenContext(
166  		AppleCSPSession &session,
167  		const Context &) :
168  			AppleCSPContext(session), mGenAttrs(NULL) {}
169  
170  	~DSAKeyPairGenContext() { freeGenAttrs(); }
171  
172  	/* no init functionality, but we need to implement it */
173  	void init(
174  		const Context &,
175  		bool) { }
176  
177  	// this one is specified in, and called from, CSPFullPluginSession
178  	void generate(
179  		const Context 	&context,
180  		CssmKey 		&pubKey,
181  		CssmKey 		&privKey);
182  
183  	// this one is specified in, and called from, AppleKeyPairGenContext
184  	void generate(
185  		const Context 	&context,
186  		BinaryKey		&pubBinKey,
187  		BinaryKey		&privBinKey,
188  		uint32			&keySize);
189  
190  	// specified in, and called from, CSPFullPluginSession�- generate parameters
191  	void generate(
192  		const Context 	&context,
193  		uint32 			bitSize,
194  		CssmData 		&params,
195  		uint32 			&attrCount,
196  		Context::Attr * &attrs);
197  
198  	/*
199  	 * Necessary to handle and deflect "context changed" notification which occurs
200  	 * after the strange return from "generate parameters", when the plugin adds
201  	 * the "returned" values to the Context.
202  	 */
203  	bool changed(const Context &context) { return true; }
204  
205  	void dsaGenParams(
206  		uint32			keySizeInBits,
207  		const void		*inSeed,			// optional
208  		unsigned		inSeedLen,
209  		NSS_DSAAlgParams &algParams,
210  		SecNssCoder		&coder);
211  
212  private:
213  	/* gross hack to store attributes "returned" from GenParams */
214  	Context::Attr		*mGenAttrs;
215  	void				freeGenAttrs();
216  };	/* KeyPairGenContext */
217  
218  /*
219   * CSPKeyInfoProvider for DSA keys
220   */
221  class DSAKeyInfoProvider : public CSPKeyInfoProvider
222  {
223  private:
224  	DSAKeyInfoProvider(
225  		const CssmKey		&cssmKey,
226  		AppleCSPSession		&session);
227  public:
228  	static CSPKeyInfoProvider *provider(
229  		const CssmKey 		&cssmKey,
230  		AppleCSPSession		&session);
231  
232  	~DSAKeyInfoProvider() { }
233  	void CssmKeyToBinary(
234  		CssmKey				*paramKey,	// optional
235  		CSSM_KEYATTR_FLAGS	&attrFlags,	// IN/OUT
236  		BinaryKey			**binKey);	// RETURNED
237  	void QueryKeySizeInBits(
238  		CSSM_KEY_SIZE		&keySize);	// RETURNED
239  	bool getHashableBlob(
240  		Allocator 	&allocator,
241  		CssmData		&hashBlob);
242  };
243  
244  #endif	/* _RSA_DSA_KEYS_H_ */