void AppleCSPSession::WrapKey(
CSSM_CC_HANDLE CCHandle,
const Context &Context,
const AccessCredentials &AccessCred,
const CssmKey &UnwrappedKey,
const CssmData *DescriptiveData,
CssmKey &WrappedKey,
CSSM_PRIVILEGE Privilege)
{
CssmKey::Header &wrappedHdr = WrappedKey.header();
bool isNullWrap = false;
CssmKey *wrappingKey = NULL;
CSSM_KEYBLOB_FORMAT wrapFormat;
switch(UnwrappedKey.keyClass()) {
case CSSM_KEYCLASS_PUBLIC_KEY:
case CSSM_KEYCLASS_PRIVATE_KEY:
case CSSM_KEYCLASS_SESSION_KEY:
break;
default:
CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS);
}
/* wrapping key only required for non-NULL wrap */
wrappingKey = Context.get<CssmKey>(CSSM_ATTRIBUTE_KEY);
if(wrappingKey == NULL) {
if((Context.algorithm() == CSSM_ALGID_NONE) &&
(Context.type() == CSSM_ALGCLASS_SYMMETRIC)) {
// NULL wrap, OK
isNullWrap = true;
}
else {
errorLog0("WrapKey: missing wrapping key\n");
CssmError::throwMe(CSSMERR_CSP_MISSING_ATTR_KEY);
}
}
/*
* Validate misc. params as best we can
*/
if(isNullWrap) {
wrapFormat = CSSM_KEYBLOB_WRAPPED_FORMAT_NONE;
}
else {
/*
* Can only wrap session and private keys.
*/
#if !ALLOW_PUB_KEY_WRAP
if(UnwrappedKey.keyClass() == CSSM_KEYCLASS_PUBLIC_KEY) {
CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS);
}
#endif /* ALLOW_PUB_KEY_WRAP */
cspValidateIntendedKeyUsage(&wrappingKey->KeyHeader, CSSM_KEYUSE_WRAP);
cspVerifyKeyTimes(wrappingKey->KeyHeader);
/*
* make sure wrapping key type matches context
*/
CSSM_CONTEXT_TYPE wrapType;
switch(wrappingKey->KeyHeader.KeyClass) {
case CSSM_KEYCLASS_PUBLIC_KEY:
case CSSM_KEYCLASS_PRIVATE_KEY:
wrapType = CSSM_ALGCLASS_ASYMMETRIC;
break;
case CSSM_KEYCLASS_SESSION_KEY:
wrapType = CSSM_ALGCLASS_SYMMETRIC;
break;
default:
errorLog0("WrapKey: bad class of wrappingKey\n");
CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_KEY);
}
if(wrapType != Context.type()) {
errorLog0("WrapKey: mismatch wrappingKey/contextType\n");
CssmError::throwMe(CSSMERR_CSP_INVALID_CONTEXT);
}
if(Context.algorithm() == CSSM_ALGID_NONE) {
errorLog0("WrapKey: null wrap alg, non-null key\n");
CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
}
/*
* Get optional wrap format, set default per incoming keys
* Note: no such atrribute ==> 0 ==> FORMAT_NONE, which we
* take to mean "use the default".
*/
wrapFormat = Context.getInt(CSSM_ATTRIBUTE_WRAPPED_KEY_FORMAT);
if(wrapFormat == CSSM_KEYBLOB_WRAPPED_FORMAT_NONE) {
/* figure out a default based on unwrapped key */
switch(UnwrappedKey.keyClass()) {
case CSSM_KEYCLASS_SESSION_KEY:
wrapFormat = CSSM_KEYBLOB_WRAPPED_FORMAT_PKCS7;
break;
case CSSM_KEYCLASS_PUBLIC_KEY:
wrapFormat = CSSM_KEYBLOB_WRAPPED_FORMAT_APPLE_CUSTOM;
break;
case CSSM_KEYCLASS_PRIVATE_KEY:
switch(UnwrappedKey.algorithm()) {
case CSSM_ALGID_FEE:
wrapFormat = CSSM_KEYBLOB_WRAPPED_FORMAT_APPLE_CUSTOM;
break;
default:
wrapFormat = CSSM_KEYBLOB_WRAPPED_FORMAT_PKCS8;
break;
}
break;
default:
/* NOT REACHED - checked above */
break;
}
} /* no format present or FORMAT_NONE */
}
/* make sure we have a valid format here */
switch(wrapFormat) {
case CSSM_KEYBLOB_WRAPPED_FORMAT_PKCS7:
if(UnwrappedKey.keyClass() != CSSM_KEYCLASS_SESSION_KEY) {
/* this wrapping style only for symmetric keys */
CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS);
}
break;
case CSSM_KEYBLOB_WRAPPED_FORMAT_PKCS8:
case CSSM_KEYBLOB_WRAPPED_FORMAT_OPENSSL:
if(UnwrappedKey.keyClass() != CSSM_KEYCLASS_PRIVATE_KEY) {
/* these wrapping styles only for private keys */
CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS);
}
break;
case CSSM_KEYBLOB_WRAPPED_FORMAT_APPLE_CUSTOM:
/* no restrictions (well AES can't be the wrap alg but that will
* be caught later */
break;
case CSSM_KEYBLOB_WRAPPED_FORMAT_OPENSSH1:
/* RSA private key, reference format, only */
if(UnwrappedKey.keyClass() != CSSM_KEYCLASS_PRIVATE_KEY) {
CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS);
}
if(UnwrappedKey.algorithm() != CSSM_ALGID_RSA) {
CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
}
if(UnwrappedKey.blobType() != CSSM_KEYBLOB_REFERENCE) {
CssmError::throwMe(CSSMERR_CSP_KEY_BLOB_TYPE_INCORRECT);
}
break;
case CSSM_KEYBLOB_WRAPPED_FORMAT_NONE:
if(isNullWrap) {
/* only time this is OK */
break;
}
/* else fall thru */
default:
dprintf1("KeyWrap: invalid wrapFormat (%d)\n", (int)wrapFormat);
CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_WRAPPED_KEY_FORMAT);
}
/* get the blob to be wrappped */
CssmData rawBlob;
bool allocdRawBlob = false;
CSSM_KEYBLOB_FORMAT rawFormat;
/*
* Outgoing same as incoming unless a partial key is completed during
* generateKeyBlob()
*/
const CssmKey::Header &unwrappedHdr = UnwrappedKey.header();
CSSM_KEYATTR_FLAGS unwrappedKeyAttrFlags = unwrappedHdr.KeyAttr;
switch(UnwrappedKey.blobType()) {
case CSSM_KEYBLOB_RAW:
/*
* Trivial case - we already have the blob.
* This op - wrapping a raw key - is not supported for the
* CSSM_KEYBLOB_WRAPPED_FORMAT_OPENSSH1 format since that doesn't
* operate on a key blob.
*/
rawBlob = CssmData::overlay(UnwrappedKey.KeyData);
rawFormat = UnwrappedKey.blobFormat();
break;
case CSSM_KEYBLOB_REFERENCE:
/* get binary key, then get blob from it */
{
BinaryKey &binKey = lookupRefKey(UnwrappedKey);
/*
* Subsequent tests for extractability: don't trust the
* caller's header; use the one in the BinaryKey.
*/
CSSM_KEYATTR_FLAGS keyAttr = binKey.mKeyHeader.KeyAttr;
if(!(keyAttr & CSSM_KEYATTR_EXTRACTABLE)) {
/* this key not extractable in any form */
CssmError::throwMe(CSSMERR_CSP_INVALID_KEYATTR_MASK);
}
/*
* CSSM_KEYBLOB_WRAPPED_FORMAT_OPENSSH1: we're ready to roll;
* all we need is the reference key.
*/
if(wrapFormat == CSSM_KEYBLOB_WRAPPED_FORMAT_OPENSSH1) {
break;
}
/*
* Null wrap - prevent caller from obtaining
* clear bits if CSSM_KEYATTR_SENSITIVE
*/
if(isNullWrap && (keyAttr & CSSM_KEYATTR_SENSITIVE)) {
CssmError::throwMe(CSSMERR_CSP_INVALID_KEYATTR_MASK);
}
/*
* Special case for PKCS8 and openssl: need to get blob of a specific
* algorithm-dependent format. Caller can override our
* preference with a
* CSSM_ATTRIBUTE_{PRIVATE,PUBLIC,SESSION}_KEY_FORMAT
* context attribute.
*/
rawFormat = requestedKeyFormat(Context, UnwrappedKey);
if(rawFormat == CSSM_KEYBLOB_RAW_FORMAT_NONE) {
CSSM_ALGORITHMS keyAlg = binKey.mKeyHeader.AlgorithmId;
switch(wrapFormat) {
case CSSM_KEYBLOB_WRAPPED_FORMAT_PKCS8:
rawFormat = pkcs8RawKeyFormat(keyAlg);
break;
case CSSM_KEYBLOB_WRAPPED_FORMAT_OPENSSL:
rawFormat = opensslRawKeyFormat(keyAlg);
break;
default:
/* punt and take default for key type */
break;
}
}
/*
* DescriptiveData for encoding, currently only used for
* SSH1 keys.
*/
if((DescriptiveData != NULL) && (DescriptiveData->Length != 0)) {
binKey.descData(*DescriptiveData);
}
/* optional parameter-bearing key */
CssmKey *paramKey = Context.get<CssmKey>(CSSM_ATTRIBUTE_PARAM_KEY);
binKey.generateKeyBlob(privAllocator,
rawBlob,
rawFormat,
*this,
paramKey,
unwrappedKeyAttrFlags);
}
allocdRawBlob = true; // remember - we need to free
break;
default:
errorLog0("WrapKey: bad unwrappedKey BlobType\n");
CssmError::throwMe(CSSMERR_CSP_INVALID_KEY);
}
/*
* Prepare outgoing header.
*/
setKeyHeader(wrappedHdr,
plugin.myGuid(),
unwrappedHdr.algorithm(), // same as incoming
unwrappedHdr.keyClass(), // same as incoming
unwrappedKeyAttrFlags,
unwrappedHdr.KeyUsage);
wrappedHdr.LogicalKeySizeInBits = unwrappedHdr.LogicalKeySizeInBits;
wrappedHdr.WrapAlgorithmId = Context.algorithm(); // true for null
// and non-Null
wrappedHdr.StartDate = unwrappedHdr.StartDate;
wrappedHdr.EndDate = unwrappedHdr.EndDate;
wrappedHdr.Format = wrapFormat;
if(isNullWrap) {
wrappedHdr.BlobType = CSSM_KEYBLOB_RAW;
}
else {
wrappedHdr.BlobType = CSSM_KEYBLOB_WRAPPED;
}
/*
* special cases - break out here for Apple Custom and OpenSSHv1
*/
if(!isNullWrap) {
switch(wrapFormat) {
case CSSM_KEYBLOB_WRAPPED_FORMAT_APPLE_CUSTOM:
try {
WrapKeyCms(CCHandle,
Context,
AccessCred,
UnwrappedKey,
rawBlob,
allocdRawBlob,
DescriptiveData,
WrappedKey,
Privilege);
}
catch(...) {
if(allocdRawBlob) {
freeCssmData(rawBlob, privAllocator);
}
throw;
}
if(allocdRawBlob) {
freeCssmData(rawBlob, privAllocator);
}
return;
case CSSM_KEYBLOB_WRAPPED_FORMAT_OPENSSH1:
{
/*
* 1. We don't have to worry about allocdRawBlob since this
* operation only works on reference keys and we did not
* obtain the raw blob from the BinaryKey.
* 2. This is a redundant lookupRefKey, I know, but since
* that returns a reference, it would just be too messy to have
* the previous call be in the same scope as this.
*/
BinaryKey &binKey = lookupRefKey(UnwrappedKey);
WrapKeyOpenSSH1(CCHandle,
Context,
AccessCred,
binKey,
rawBlob,
allocdRawBlob,
DescriptiveData,
WrappedKey,
Privilege);
return;
}
default:
/* proceed to encrypt blob */
break;
}
} /* !isNullWrap */
/*
* Generate wrapped blob. Careful, we need to conditionally free
* rawBlob on error.
*/
CssmData encryptedBlob;
CssmData remData;
WrappedKey.KeyData.Data = NULL; // ignore possible incoming KeyData
WrappedKey.KeyData.Length = 0;
try {
if(isNullWrap) {
/* copy raw blob to caller's wrappedKey */
copyCssmData(rawBlob,
CssmData::overlay(WrappedKey.KeyData),
normAllocator);
wrappedHdr.Format = rawFormat;
}
else {
/* encrypt rawBlob using caller's context, then encode to
* WrappedKey.KeyData */
CSSM_SIZE bytesEncrypted;
EncryptData(CCHandle,
Context,
&rawBlob, // ClearBufs[]
1, // ClearBufCount
&encryptedBlob, // CipherBufs[],
1, // CipherBufCount,
bytesEncrypted,
remData,
Privilege);
// I'm not 100% sure about this....
assert(remData.Length == 0);
encryptedBlob.Length = bytesEncrypted;
WrappedKey.KeyData = encryptedBlob;
wrappedHdr.BlobType = CSSM_KEYBLOB_WRAPPED;
// OK to be zero or not present
wrappedHdr.WrapMode = Context.getInt(
CSSM_ATTRIBUTE_MODE);
}
}
catch (...) {
errorLog0("WrapKey: EncryptData() threw exception\n");
if(allocdRawBlob) {
freeCssmData(rawBlob, privAllocator);
}
freeCssmData(remData,normAllocator);
throw;
}
if(allocdRawBlob) {
freeCssmData(rawBlob, privAllocator);
}
freeCssmData(remData, normAllocator);
}
// Called from subclass after it allocates its BinaryKeys.
// Caller frees BinaryKeys if we throw any exception.
void AppleKeyPairGenContext::generate(
const Context &context,
AppleCSPSession &session,
CssmKey &pubKey,
BinaryKey *pubBinKey,
CssmKey &privKey,
BinaryKey *privBinKey)
{
uint32 keySize;
cspKeyStorage privStorage;
cspKeyStorage pubStorage;
CssmKey::Header &pubHdr = pubKey.header();
CssmKey::Header &privHdr = privKey.header();
// validate context and key header args
pubStorage = cspParseKeyAttr(CKT_Public, pubHdr.KeyAttr);
privStorage = cspParseKeyAttr(CKT_Private, privHdr.KeyAttr);
cspValidateKeyUsageBits(CKT_Public, pubHdr.KeyUsage);
cspValidateKeyUsageBits(CKT_Private, privHdr.KeyUsage);
// have subclass generate the key pairs in the form of
// its native BinaryKeys
generate(context, *pubBinKey, *privBinKey, keySize);
// FIXME - Any other header setup?
pubHdr.LogicalKeySizeInBits =
privHdr.LogicalKeySizeInBits = keySize;
pubHdr.KeyAttr &= ~KEY_ATTR_RETURN_MASK;
privHdr.KeyAttr &= ~KEY_ATTR_RETURN_MASK;
// Handle key formatting. Delete the BinaryKeys if
// we're not creating ref keys, after safe completion of
// generateKeyBlob (which may throw, in which case the binary keys
// get deleted by our caller).
CSSM_KEYATTR_FLAGS attrFlags = 0;
switch(pubStorage) {
case CKS_Ref:
session.addRefKey(*pubBinKey, pubKey);
break;
case CKS_Data:
pubHdr.Format = requestedKeyFormat(context, pubKey);
pubBinKey->mKeyHeader = pubHdr;
pubBinKey->generateKeyBlob(
session.normAlloc(), // alloc in user space
CssmData::overlay(pubKey.KeyData),
pubHdr.Format,
session,
NULL, // no paramKey here!
attrFlags);
break;
case CKS_None:
break;
}
switch(privStorage) {
case CKS_Ref:
session.addRefKey(*privBinKey, privKey);
break;
case CKS_Data:
privHdr.Format = requestedKeyFormat(context, privKey);
privBinKey->mKeyHeader = privHdr;
privBinKey->generateKeyBlob(
session.normAlloc(), // alloc in user space
CssmData::overlay(privKey.KeyData),
privHdr.Format,
session,
NULL,
attrFlags);
break;
case CKS_None:
break;
}
if(pubStorage != CKS_Ref) {
delete pubBinKey;
}
if(privStorage != CKS_Ref) {
delete privBinKey;
}
}
