void RSABinaryKey::generateKeyBlob(
Allocator &allocator,
CssmData &blob,
CSSM_KEYBLOB_FORMAT &format, /* IN/OUT */
AppleCSPSession &session,
const CssmKey *paramKey, /* optional, unused here */
CSSM_KEYATTR_FLAGS &attrFlags) /* IN/OUT */
{
bool isPub;
CSSM_RETURN crtn;
/* FIXME get label from context here for OAEP */
/*
* Here, the incoming default of CSSM_KEYBLOB_RAW_FORMAT_NONE
* is translated to our AppleCSP-custom defaults. App can override.
*/
switch(mKeyHeader.KeyClass) {
case CSSM_KEYCLASS_PUBLIC_KEY:
isPub = true;
switch(format) {
case CSSM_KEYBLOB_RAW_FORMAT_NONE:
format = RSA_PUB_KEY_FORMAT; // default
break;
case CSSM_KEYBLOB_RAW_FORMAT_DIGEST:
if(mOaep) {
/* have to take digest of the whole thing including label */
format = CSSM_KEYBLOB_RAW_FORMAT_X509;
}
else {
/* calculate digest on PKCS1 blob */
format = CSSM_KEYBLOB_RAW_FORMAT_PKCS1;
}
break;
case CSSM_KEYBLOB_RAW_FORMAT_PKCS1:
case CSSM_KEYBLOB_RAW_FORMAT_X509:
case CSSM_KEYBLOB_RAW_FORMAT_OPENSSH:
case CSSM_KEYBLOB_RAW_FORMAT_OPENSSH2:
break;
default:
CssmError::throwMe(CSSMERR_CSP_UNSUPPORTED_KEY_FORMAT);
}
break;
case CSSM_KEYCLASS_PRIVATE_KEY:
isPub = false;
switch(format) {
case CSSM_KEYBLOB_RAW_FORMAT_NONE: // default
format = RSA_PRIV_KEY_FORMAT;
break;
case CSSM_KEYBLOB_RAW_FORMAT_DIGEST:
if(mOaep) {
/* have to take digest of the whole thing including label */
format = CSSM_KEYBLOB_RAW_FORMAT_X509;
}
else {
/* calculate digest on PKCS1 blob */
format = CSSM_KEYBLOB_RAW_FORMAT_PKCS1;
}
isPub = true;
break;
case CSSM_KEYBLOB_RAW_FORMAT_PKCS1:
case CSSM_KEYBLOB_RAW_FORMAT_PKCS8:
case CSSM_KEYBLOB_RAW_FORMAT_OPENSSH:
break;
default:
CssmError::throwMe(CSSMERR_CSP_UNSUPPORTED_KEY_FORMAT);
}
break;
default:
CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS);
}
CssmAutoData encodedKey(allocator);
if(mOaep) {
CSSM_DATA label = mLabel;
if(isPub) {
crtn = RSAOAEPPublicKeyEncode(mRsaKey, &label, encodedKey);
}
else {
crtn = RSAOAEPPrivateKeyEncode(mRsaKey, &label, encodedKey);
}
}
else {
if(isPub) {
crtn = RSAPublicKeyEncode(mRsaKey, format, descData(), encodedKey);
}
else {
crtn = RSAPrivateKeyEncode(mRsaKey, format, descData(), encodedKey);
}
}
if(crtn) {
CssmError::throwMe(crtn);
}
blob = encodedKey.release();
}
std::string DictImpl::descData( void const *data ) const
{
return descData( data, 16 );
}
void DSABinaryKey::generateKeyBlob(
Allocator &allocator,
CssmData &blob,
CSSM_KEYBLOB_FORMAT &format,
AppleCSPSession &session,
const CssmKey *paramKey, /* optional */
CSSM_KEYATTR_FLAGS &attrFlags) /* IN/OUT */
{
bool isPub;
CSSM_RETURN crtn;
/*
* Here, the incoming default of CSSM_KEYBLOB_RAW_FORMAT_NONE
* is translated to our AppleCSP-custom defaults. App can override.
*/
switch(mKeyHeader.KeyClass) {
case CSSM_KEYCLASS_PUBLIC_KEY:
isPub = true;
switch(format) {
case CSSM_KEYBLOB_RAW_FORMAT_NONE:
format = DSA_PUB_KEY_FORMAT; // default
break;
case CSSM_KEYBLOB_RAW_FORMAT_FIPS186:
case CSSM_KEYBLOB_RAW_FORMAT_X509:
case CSSM_KEYBLOB_RAW_FORMAT_DIGEST:
case CSSM_KEYBLOB_RAW_FORMAT_OPENSSH2:
break;
default:
CssmError::throwMe(CSSMERR_CSP_UNSUPPORTED_KEY_FORMAT);
}
break;
case CSSM_KEYCLASS_PRIVATE_KEY:
isPub = false;
switch(format) {
case CSSM_KEYBLOB_RAW_FORMAT_NONE:
format = DSA_PRIV_KEY_FORMAT; // default
break;
case CSSM_KEYBLOB_RAW_FORMAT_DIGEST:
/*
* This is calculated on the public key, which
* is not always part of a DSA private key's encoding...
* so first calculate the public key.
*/
dsaKeyPrivToPub(mDsaKey);
isPub = true;
break;
case CSSM_KEYBLOB_RAW_FORMAT_FIPS186:
case CSSM_KEYBLOB_RAW_FORMAT_PKCS8:
case CSSM_KEYBLOB_RAW_FORMAT_OPENSSL:
break;
default:
CssmError::throwMe(CSSMERR_CSP_UNSUPPORTED_KEY_FORMAT);
}
break;
default:
CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS);
}
/* possible conversion from partial binary key to fully
* formed blob */
DSA *dsaToEncode = mDsaKey;
DSA *dsaUpgrade = NULL;
if(isPub &&
(mDsaKey->p == NULL) &&
(paramKey != NULL)) {
/*
* Don't modify BinaryKey; make a copy.
*/
dsaUpgrade = DSA_new();
if(dsaUpgrade == NULL) {
CssmError::throwMe(CSSMERR_CSP_MEMORY_ERROR);
}
dsaUpgrade->pub_key = BN_dup(mDsaKey->pub_key);
crtn = dsaGetParamsFromKey(dsaUpgrade, *paramKey, session);
if(crtn) {
DSA_free(dsaUpgrade);
CssmError::throwMe(crtn);
}
/* success - switch keys and inform caller of attr change */
dsaToEncode = dsaUpgrade;
attrFlags &= ~CSSM_KEYATTR_PARTIAL;
}
/*
* DSA private keys originating from BSAFE form - e.g., DSA private
* keys wrapped in a keychain (which have format FIPS186 by default)
* have no public key component. Generate the public key if we don't
* have one.
*/
if(!isPub && (dsaToEncode->pub_key == NULL)) {
dsaKeyPrivToPub(dsaToEncode);
}
CssmAutoData encodedKey(allocator);
if(isPub) {
crtn = DSAPublicKeyEncode(dsaToEncode, format, descData(), encodedKey);
}
else {
crtn = DSAPrivateKeyEncode(dsaToEncode, format, descData(), encodedKey);
}
if(dsaUpgrade != NULL) {
/* temp key, get rid of it */
DSA_free(dsaUpgrade);
}
if(crtn) {
CssmError::throwMe(crtn);
}
blob = encodedKey.release();
}
