#include "pkcs8.h"
#include "AppleCSPUtils.h"
#include "AppleCSPKeys.h"
#include <Security/keyTemplates.h>
#include <security_asn1/SecNssCoder.h>
#include <security_asn1/nssUtils.h>
#include "AppleCSPSession.h"
#include <Security/cssmapple.h>
void AppleCSPSession::pkcs8InferKeyHeader(
CssmKey &key)
{
NSS_PrivateKeyInfo privKeyInfo;
SecNssCoder coder;
CSSM_DATA &keyData = key.KeyData;
memset(&privKeyInfo, 0, sizeof(privKeyInfo));
if(coder.decodeItem(keyData, kSecAsn1PrivateKeyInfoTemplate,
&privKeyInfo)) {
errorLog0("pkcs8InferKeyHeader decode error\n");
CssmError::throwMe(CSSMERR_CSP_INVALID_KEY);
}
CSSM_KEYHEADER &hdr = key.KeyHeader;
if(!cssmOidToAlg(&privKeyInfo.algorithm.algorithm,
&hdr.AlgorithmId)) {
errorLog0("pkcs8InferKeyHeader unknown algorithm\n");
CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
}
switch(hdr.AlgorithmId) {
case CSSM_ALGID_RSA:
case CSSM_ALGID_ECDSA:
hdr.Format = CSSM_KEYBLOB_RAW_FORMAT_PKCS8;
break;
case CSSM_ALGID_DSA:
hdr.Format = CSSM_KEYBLOB_RAW_FORMAT_PKCS8;
break;
default:
hdr.Format = CSSM_KEYBLOB_RAW_FORMAT_NONE;
break;
}
CSSM_KEY_SIZE keySize;
try {
unique_ptr<CSPKeyInfoProvider> provider(infoProvider(key));
provider->QueryKeySizeInBits(keySize);
}
catch(const CssmError &cerror) {
if((cerror.error == CSSMERR_CSP_INVALID_KEY) &&
(hdr.AlgorithmId == CSSM_ALGID_DSA)) {
hdr.Format = CSSM_KEYBLOB_RAW_FORMAT_FIPS186;
try {
unique_ptr<CSPKeyInfoProvider> provider(infoProvider(key));
provider->QueryKeySizeInBits(keySize);
}
catch(...) {
throw;
}
}
else {
throw;
}
}
catch(...) {
throw;
}
hdr.LogicalKeySizeInBits = keySize.LogicalKeySizeInBits;
}
CSSM_KEYBLOB_FORMAT pkcs8RawKeyFormat(
CSSM_ALGORITHMS keyAlg)
{
switch(keyAlg) {
case CSSM_ALGID_RSA:
case CSSM_ALGID_ECDSA:
return CSSM_KEYBLOB_RAW_FORMAT_PKCS8;
case CSSM_ALGID_DSA:
return CSSM_KEYBLOB_RAW_FORMAT_FIPS186;
default:
return CSSM_KEYBLOB_RAW_FORMAT_NONE;
}
}
CSSM_KEYBLOB_FORMAT opensslRawKeyFormat(
CSSM_ALGORITHMS keyAlg)
{
switch(keyAlg) {
case CSSM_ALGID_RSA:
return CSSM_KEYBLOB_RAW_FORMAT_PKCS1;
case CSSM_ALGID_DSA:
return CSSM_KEYBLOB_RAW_FORMAT_OPENSSL;
case CSSM_ALGID_ECDSA:
return CSSM_KEYBLOB_RAW_FORMAT_PKCS8;
default:
return CSSM_KEYBLOB_RAW_FORMAT_NONE;
}
}
void AppleCSPSession::opensslInferKeyHeader(
CssmKey &key)
{
CSSM_KEYHEADER &hdr = key.KeyHeader;
switch(hdr.AlgorithmId) {
case CSSM_ALGID_RSA:
hdr.Format = CSSM_KEYBLOB_RAW_FORMAT_PKCS1;
break;
case CSSM_ALGID_DSA:
hdr.Format = CSSM_KEYBLOB_RAW_FORMAT_OPENSSL;
break;
case CSSM_ALGID_ECDSA:
hdr.Format = CSSM_KEYBLOB_RAW_FORMAT_PKCS8;
break;
default:
hdr.Format = CSSM_KEYBLOB_RAW_FORMAT_NONE;
return;
}
CSSM_KEY_SIZE keySize;
try {
unique_ptr<CSPKeyInfoProvider> provider(infoProvider(key));
provider->QueryKeySizeInBits(keySize);
}
catch(...) {
throw;
}
hdr.LogicalKeySizeInBits = keySize.LogicalKeySizeInBits;
return;
}