MacContext.cpp   [plain text]

/*
 * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
 * 
 * The contents of this file constitute Original Code as defined in and are
 * subject to the Apple Public Source License Version 1.2 (the 'License').
 * You may not use this file except in compliance with the License. Please obtain
 * a copy of the License at http://www.apple.com/publicsource and read it before
 * using this file.
 * 
 * This Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
 * specific language governing rights and limitations under the License.
 */

/*
 * MacContext.cpp - AppleCSPContext for HMACSHA1
 */

#include "MacContext.h"
#include <HMACSHA1.h>
#include <Security/cssmerr.h>
#include <CommonCrypto/CommonDigest.h>	/* for digest sizes */
#ifdef	CRYPTKIT_CSP_ENABLE
#include <security_cryptkit/HmacSha1Legacy.h>
#endif	/* CRYPTKIT_CSP_ENABLE */

MacContext::~MacContext()
{
	memset(&hmacCtx, 0, sizeof(hmacCtx));
}
	
/* called out from CSPFullPluginSession....
 * both generate and verify */
void MacContext::init(const Context &context, bool isSigning)
{
	CCHmacAlgorithm ccAlg;
	
	/* obtain key from context */
	CSSM_SIZE	keyLen;
	uint8 		*keyData 	= NULL;
	
	symmetricKeyBits(context, session(), mAlg, 
		isSigning ? CSSM_KEYUSE_SIGN : CSSM_KEYUSE_VERIFY,
		keyData, keyLen);
	uint32 minKey = 0;
	switch(mAlg) {
		case CSSM_ALGID_SHA1HMAC:
			minKey = HMAC_SHA_MIN_KEY_SIZE;
			mDigestSize = CC_SHA1_DIGEST_LENGTH;
			ccAlg = kCCHmacAlgSHA1;
			break;
		case CSSM_ALGID_MD5HMAC:
			minKey = HMAC_MD5_MIN_KEY_SIZE;
			mDigestSize = CC_MD5_DIGEST_LENGTH;
			ccAlg = kCCHmacAlgMD5;
			break;
		default:
			assert(0);			// factory should not have called us
			CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
	}
	if((keyLen < minKey) || (keyLen > HMAC_MAX_KEY_SIZE)) {
		CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_KEY);
	}
	CCHmacInit(&hmacCtx, ccAlg, keyData, keyLen);
}

void MacContext::update(const CssmData &data)
{
	CCHmacUpdate(&hmacCtx, data.data(), data.length());
}

/* generate only */
void MacContext::final(CssmData &out)
{
	if(out.length() < mDigestSize) {
		CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR);
	}
	CCHmacFinal(&hmacCtx, out.data());
	out.Length = mDigestSize;
}

/* verify only */
#define MAX_DIGEST_SIZE		CC_SHA1_DIGEST_LENGTH

void MacContext::final(const CssmData &in)
{
	unsigned char mac[MAX_DIGEST_SIZE];
	
	CCHmacFinal(&hmacCtx, mac);
	if(memcmp(mac, in.data(), mDigestSize)) {
		CssmError::throwMe(CSSMERR_CSP_VERIFY_FAILED);
	}
}

size_t MacContext::outputSize(bool final, size_t inSize)
{
	return mDigestSize;
}

#ifdef 	CRYPTKIT_CSP_ENABLE

MacLegacyContext::~MacLegacyContext()
{
	if(mHmac) {
		hmacLegacyFree(mHmac);
		mHmac = NULL;
	}
}
	
/* called out from CSPFullPluginSession....
 * both generate and verify: */
void MacLegacyContext::init(const Context &context, bool isSigning)
{
	if(mHmac == NULL) {
		mHmac = hmacLegacyAlloc();
		if(mHmac == NULL) {
			CssmError::throwMe(CSSMERR_CSP_MEMORY_ERROR);
		}
	}
	
	/* obtain key from context */
	CSSM_SIZE	keyLen;
	uint8 		*keyData 	= NULL;
	
	/* FIXME - this may require a different key alg */
	symmetricKeyBits(context, session(), CSSM_ALGID_SHA1HMAC, 
		isSigning ? CSSM_KEYUSE_SIGN : CSSM_KEYUSE_VERIFY,
		keyData, keyLen);
	if((keyLen < HMAC_SHA_MIN_KEY_SIZE) || (keyLen > HMAC_MAX_KEY_SIZE)) {
		CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_KEY);
	}
	
	OSStatus ortn = hmacLegacyInit(mHmac, keyData, keyLen);
	if(ortn) {
		MacOSError::throwMe(ortn);
	}
}

void MacLegacyContext::update(const CssmData &data)
{
	OSStatus ortn = hmacLegacyUpdate(mHmac,
		data.data(),
		data.length());
	if(ortn) {
		MacOSError::throwMe(ortn);
	}
}

/* generate only */
void MacLegacyContext::final(CssmData &out)
{
	if(out.length() < kHMACSHA1DigestSize) {
		CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR);
	}
	hmacLegacyFinal(mHmac, out.data());
}

/* verify only */
void MacLegacyContext::final(const CssmData &in)
{
	unsigned char mac[kHMACSHA1DigestSize];
	hmacLegacyFinal(mHmac, mac);
	if(memcmp(mac, in.data(), kHMACSHA1DigestSize)) {
		CssmError::throwMe(CSSMERR_CSP_VERIFY_FAILED);
	}
}

size_t MacLegacyContext::outputSize(bool final, size_t inSize)
{
	return kHMACSHA1DigestSize;
}

#endif	/* CRYPTKIT_CSP_ENABLE */