/*
* Standard CSPContext init, called from CSPFullPluginSession::init().
* Reusable, e.g., query followed by en/decrypt.
*/
void RC5Context::init(
const Context &context,
bool encrypting)
{
CSSM_SIZE keyLen;
uint8 *keyData = NULL;
uint32 rounds = RC5_16_ROUNDS;
/* obtain key from context */
symmetricKeyBits(context, session(), CSSM_ALGID_RC5,
encrypting ? CSSM_KEYUSE_ENCRYPT : CSSM_KEYUSE_DECRYPT,
keyData, keyLen);
if((keyLen < RC5_MIN_KEY_SIZE_BYTES) || (keyLen > RC5_MAX_KEY_SIZE_BYTES)) {
CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_KEY);
}
/*
* Optional rounds
*/
rounds = context.getInt(CSSM_ATTRIBUTE_ROUNDS);
if(rounds == 0) {
/* default */
rounds = RC5_16_ROUNDS;
}
/* init the low-level state */
RC5_32_set_key(&rc5Key, keyLen, keyData, rounds);
/* Finally, have BlockCryptor do its setup */
setup(RC5_BLOCK_SIZE_BYTES, context);
}
/* called out from CSPFullPluginSession....
* both generate and verify */
void MacContext::init(const Context &context, bool isSigning)
{
CCHmacAlgorithm ccAlg;
/* obtain key from context */
CSSM_SIZE keyLen;
uint8 *keyData = NULL;
symmetricKeyBits(context, session(), mAlg,
isSigning ? CSSM_KEYUSE_SIGN : CSSM_KEYUSE_VERIFY,
keyData, keyLen);
uint32 minKey = 0;
switch(mAlg) {
case CSSM_ALGID_SHA1HMAC:
minKey = HMAC_SHA_MIN_KEY_SIZE;
mDigestSize = CC_SHA1_DIGEST_LENGTH;
ccAlg = kCCHmacAlgSHA1;
break;
case CSSM_ALGID_MD5HMAC:
minKey = HMAC_MD5_MIN_KEY_SIZE;
mDigestSize = CC_MD5_DIGEST_LENGTH;
ccAlg = kCCHmacAlgMD5;
break;
default:
assert(0); // factory should not have called us
CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
}
if((keyLen < minKey) || (keyLen > HMAC_MAX_KEY_SIZE)) {
CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_KEY);
}
CCHmacInit(&hmacCtx, ccAlg, keyData, keyLen);
}
/*
* Standard CSPContext init, called from CSPFullPluginSession::init().
* Reusable, e.g., query followed by en/decrypt.
*/
void DESContext::init(
const Context &context,
bool encrypting)
{
CSSM_SIZE keyLen;
uint8 *keyData = NULL;
/* obtain key from context */
symmetricKeyBits(context, session(), CSSM_ALGID_DES,
encrypting ? CSSM_KEYUSE_ENCRYPT : CSSM_KEYUSE_DECRYPT,
keyData, keyLen);
if(keyLen != (DES_KEY_SIZE_BITS_EXTERNAL / 8)) {
CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_KEY);
}
if (DesInst != NULL)
{
CCCryptorRelease(DesInst);
}
(void) CCCryptorCreateWithMode(0, kCCModeECB, kCCAlgorithmDES, ccDefaultPadding, NULL, keyData, kCCKeySizeDES, NULL, 0, 0, 0, &DesInst);
/* Finally, have BlockCryptor do its setup */
setup(DES_BLOCK_SIZE_BYTES, context);
}
/*
* Standard CSPContext init, called from CSPFullPluginSession::init().
* Reusable, e.g., query followed by en/decrypt.
*/
void RC2Context::init(
const Context &context,
bool encrypting)
{
CSSM_SIZE keyLen;
uint8 *keyData = NULL;
uint32 effectiveBits;
/* obtain key from context */
symmetricKeyBits(context, session(), CSSM_ALGID_RC2,
encrypting ? CSSM_KEYUSE_ENCRYPT : CSSM_KEYUSE_DECRYPT,
keyData, keyLen);
if((keyLen < RC2_MIN_KEY_SIZE_BYTES) || (keyLen > RC2_MAX_KEY_SIZE_BYTES)) {
CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_KEY);
}
/*
* Optional effective key size in bits - either from Context,
* or the key
*/
effectiveBits = context.getInt(CSSM_ATTRIBUTE_EFFECTIVE_BITS);
if(effectiveBits == 0) {
CssmKey &key = context.get<CssmKey>(CSSM_ATTRIBUTE_KEY,
CSSMERR_CSP_MISSING_ATTR_KEY);
effectiveBits = key.KeyHeader.LogicalKeySizeInBits;
}
/* init the low-level state */
RC2_set_key(&rc2Key, keyLen, keyData, effectiveBits);
/* Finally, have BlockCryptor do its setup */
setup(RC2_BLOCK_SIZE_BYTES, context);
}
/*
* Standard CSPContext init, called from CSPFullPluginSession::init().
* Reusable, e.g., query followed by en/decrypt.
*/
void CastContext::init(
const Context &context,
bool encrypting)
{
if(mInitFlag && !opStarted()) {
return;
}
CSSM_SIZE keyLen;
uint8 *keyData = NULL;
bool sameKeySize = false;
/* obtain key from context */
symmetricKeyBits(context, session(), CSSM_ALGID_CAST,
encrypting ? CSSM_KEYUSE_ENCRYPT : CSSM_KEYUSE_DECRYPT,
keyData, keyLen);
if((keyLen < kCCKeySizeMinCAST) || (keyLen > kCCKeySizeMaxCAST)) {
CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_KEY);
}
/*
* Delete existing key if key size changed
*/
if(mRawKeySize == keyLen) {
sameKeySize = true;
}
else {
deleteKey();
}
/* init key only if key size or key bits have changed */
if(!sameKeySize || memcmp(mRawKey, keyData, mRawKeySize)) {
(void) CCCryptorCreateWithMode(0, kCCModeECB, kCCAlgorithmCAST, ccDefaultPadding, NULL, keyData, keyLen, NULL, 0, 0, 0, &mCastKey);
/* save this raw key data */
memmove(mRawKey, keyData, keyLen);
mRawKeySize = (uint32)keyLen;
}
/* Finally, have BlockCryptor do its setup */
setup(kCCBlockSizeCAST, context);
mInitFlag = true;
}
/*
* Standard CSPContext init, called from CSPFullPluginSession::init().
* Reusable, e.g., query followed by en/decrypt.
*/
void BlowfishContext::init(
const Context &context,
bool encrypting)
{
if(mInitFlag && !opStarted()) {
return;
}
CSSM_SIZE keyLen;
uint8 *keyData = NULL;
bool sameKeySize = false;
/* obtain key from context */
symmetricKeyBits(context, session(), CSSM_ALGID_BLOWFISH,
encrypting ? CSSM_KEYUSE_ENCRYPT : CSSM_KEYUSE_DECRYPT,
keyData, keyLen);
if((keyLen < BF_MIN_KEY_SIZE_BYTES) || (keyLen > BF_MAX_KEY_SIZE_BYTES)) {
CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_KEY);
}
/*
* Delete existing key if key size changed
*/
if(mRawKeySize == keyLen) {
sameKeySize = true;
}
else {
deleteKey();
}
/* init key only if key size or key bits have changed */
if(!sameKeySize || memcmp(mRawKey, keyData, mRawKeySize)) {
BF_set_key(&mBfKey, (int)keyLen, keyData);
/* save this raw key data */
memmove(mRawKey, keyData, keyLen);
mRawKeySize = (unsigned int)keyLen;
}
/* Finally, have BlockCryptor do its setup */
setup(BF_BLOCK, context);
mInitFlag = true;
}
/*
* Standard CSPContext init, called from CSPFullPluginSession::init().
* Reusable, e.g., query followed by en/decrypt.
*/
void RC4Context::init(
const Context &context,
bool encrypting)
{
CSSM_SIZE keyLen;
uint8 *keyData = NULL;
/* obtain key from context */
symmetricKeyBits(context, session(), CSSM_ALGID_RC4,
encrypting ? CSSM_KEYUSE_ENCRYPT : CSSM_KEYUSE_DECRYPT,
keyData, keyLen);
if((keyLen < kCCKeySizeMinRC4) || (keyLen > kCCKeySizeMaxRC4)) {
CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_KEY);
}
/* All other context attributes ignored */
/* init the low-level state */
(void) CCCryptorCreateWithMode(0, kCCModeRC4, kCCAlgorithmRC4, ccDefaultPadding, NULL, keyData, keyLen, NULL, 0, 0, 0, &rc4Key);
}
/*
* Standard CSPContext init, called from CSPFullPluginSession::init().
* Reusable, e.g., query followed by en/decrypt. Even reusable after context
* changed (i.e., new IV in Encrypted File System).
*/
void GAESContext::init(
const Context &context,
bool encrypting)
{
if(mInitFlag && !opStarted()) {
return;
}
CSSM_SIZE keyLen;
uint8 *keyData = NULL;
bool sameKeySize = false;
/* obtain key from context */
symmetricKeyBits(context, session(), CSSM_ALGID_AES,
encrypting ? CSSM_KEYUSE_ENCRYPT : CSSM_KEYUSE_DECRYPT,
keyData, keyLen);
switch(keyLen) {
case kCCKeySizeAES128:
case kCCKeySizeAES192:
case kCCKeySizeAES256:
break;
default:
CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_KEY);
}
/*
* Delete existing key if key size changed
*/
if(mRawKeySize == keyLen) {
sameKeySize = true;
}
else {
deleteKey();
}
/*
* Init key only if key size or key bits have changed, or
* we're doing a different operation than the previous key
* was scheduled for.
*/
if(!sameKeySize || (mWasEncrypting != encrypting) ||
memcmp(mRawKey, keyData, mRawKeySize)) {
(void) CCCryptorCreateWithMode(0, kCCModeECB, kCCAlgorithmAES128, ccDefaultPadding, NULL, keyData, keyLen, NULL, 0, 0, 0, &mAesKey);
/* save this raw key data */
memmove(mRawKey, keyData, keyLen);
mRawKeySize = keyLen;
mWasEncrypting = encrypting;
}
/* we handle CBC, and hence the IV, ourselves */
CSSM_ENCRYPT_MODE cssmMode = context.getInt(CSSM_ATTRIBUTE_MODE);
switch (cssmMode) {
/* no mode attr --> 0 == CSSM_ALGMODE_NONE, not currently supported */
case CSSM_ALGMODE_CBCPadIV8:
case CSSM_ALGMODE_CBC_IV8:
{
CssmData *iv = context.get<CssmData>(CSSM_ATTRIBUTE_INIT_VECTOR);
if(iv == NULL) {
CssmError::throwMe(CSSMERR_CSP_MISSING_ATTR_INIT_VECTOR);
}
if(iv->Length != kCCBlockSizeAES128) {
CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_INIT_VECTOR);
}
}
break;
default:
break;
}
/* Finally, have BlockCryptor do its setup */
setup(GLADMAN_BLOCK_SIZE_BYTES, context);
mInitFlag = true;
}
