void QueryRepresentatorTest::testSymbolTable() { setUpData(); CPPUNIT_ASSERT_EQUAL(3, QueryRepresentator::getSize()); SymbolTable table1 = QueryRepresentator::getSymbolTable(0); SymbolTable table2 = QueryRepresentator::getSymbolTable(1); SymbolTable table3 = QueryRepresentator::getSymbolTable(2); CPPUNIT_ASSERT_EQUAL(1, table1.getSize()); CPPUNIT_ASSERT_EQUAL(KEYWORD_STMT, table1.getType(0)); CPPUNIT_ASSERT("s1"==table1.getName(0)); CPPUNIT_ASSERT_EQUAL(2, table2.getSize()); CPPUNIT_ASSERT_EQUAL(KEYWORD_STMT, table2.getType(0)); CPPUNIT_ASSERT("s1"==table2.getName(0)); CPPUNIT_ASSERT_EQUAL(KEYWORD_VAR, table2.getType(1)); CPPUNIT_ASSERT("x"==table2.getName(1)); CPPUNIT_ASSERT_EQUAL(2, table3.getSize()); CPPUNIT_ASSERT_EQUAL(KEYWORD_STMT, table3.getType(0)); CPPUNIT_ASSERT("s1"==table3.getName(0)); CPPUNIT_ASSERT_EQUAL(KEYWORD_WHILE, table3.getType(1)); CPPUNIT_ASSERT("w"==table3.getName(1)); }
void AppleCSPSession::DeriveKey_PBKDF2( const Context &context, const CssmData &Param, CSSM_DATA *keyData) { /* validate algorithm-specific arguments */ /* Param must point to a CSSM_PKCS5_PBKDF2_PARAMS */ if(Param.Length != sizeof(CSSM_PKCS5_PBKDF2_PARAMS)) { errorLog0("DeriveKey_PBKDF2: Param wrong size\n"); CssmError::throwMe(CSSMERR_CSP_INVALID_INPUT_POINTER); } const CSSM_PKCS5_PBKDF2_PARAMS *pbkdf2Params = reinterpret_cast<const CSSM_PKCS5_PBKDF2_PARAMS *>(Param.Data); if(pbkdf2Params == NULL) { errorLog0("DeriveKey_PBKDF2: null Param.Data\n"); CssmError::throwMe(CSSMERR_CSP_INVALID_DATA); } /* Get passphrase from either baseKey or from CSSM_PKCS5_PBKDF2_PARAMS */ CssmKey *passKey = context.get<CssmKey>(CSSM_ATTRIBUTE_KEY); CSSM_SIZE passphraseLen = 0; uint8 *passphrase = NULL; if(passKey != NULL) { AppleCSPContext::symmetricKeyBits(context, *this, CSSM_ALGID_SECURE_PASSPHRASE, CSSM_KEYUSE_DERIVE, passphrase, passphraseLen); } else { passphraseLen = pbkdf2Params->Passphrase.Length; passphrase = pbkdf2Params->Passphrase.Data; } #if !ALLOW_ZERO_PASSWORD /* passphrase required */ if(passphrase == NULL) { errorLog0("DeriveKey_PBKDF2: null Passphrase\n"); CssmError::throwMe(CSSMERR_CSP_INVALID_DATA); } if(passphraseLen == 0) { /* FIXME - enforce minimum length? */ errorLog0("DeriveKey_PBKDF2: zero length passphrase\n"); CssmError::throwMe(CSSMERR_CSP_INVALID_INPUT_POINTER); } #endif /* ALLOW_ZERO_PASSWORD */ if(pbkdf2Params->PseudoRandomFunction != CSSM_PKCS5_PBKDF2_PRF_HMAC_SHA1) { errorLog0("DeriveKey_PBKDF2: invalid PRF\n"); CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM); } /* salt, from context, required */ CssmData salt = context.get<CssmData>(CSSM_ATTRIBUTE_SALT, CSSMERR_CSP_MISSING_ATTR_SALT); if((salt.Data == NULL) || (salt.Length < PBKDF2_MIN_SALT)) { CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_SALT); } /* iteration count, from context, required */ uint32 iterCount = context.getInt(CSSM_ATTRIBUTE_ITERATION_COUNT, CSSMERR_CSP_MISSING_ATTR_ITERATION_COUNT); if(iterCount < PBKDF2_MIN_ITER_CNT) { CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_ITERATION_COUNT); } /* * allocate a temp buffer, length * = MAX (hLen, saltLen + 4) + 2 * hLen * = MAX (kSHA1DigestSize, saltLen + 4) + 2 * kSHA1DigestSize */ size_t tempLen = salt.Length + 4; if(tempLen < kSHA1DigestSize) { tempLen = kSHA1DigestSize; } tempLen += (2 * kSHA1DigestSize); CSSM_DATA tempData = {0, NULL}; setUpData(tempData, tempLen, privAllocator); /* go */ pbkdf2 (hmacsha1, kSHA1DigestSize, passphrase, (uint32)passphraseLen, salt.Data, (uint32)salt.Length, iterCount, keyData->Data, (uint32)keyData->Length, tempData.Data); freeData(&tempData, privAllocator, false); }
/* * Member function initially declared for CSPAbstractPluginSession; * we're overriding the null version in CSPFullPluginSession. * * We'll generate any type of key (for now). */ void AppleCSPSession::DeriveKey( CSSM_CC_HANDLE CCHandle, const Context &context, CssmData &Param, uint32 KeyUsage, uint32 KeyAttr, const CssmData *KeyLabel, const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry, CssmKey &DerivedKey) { /* validate input args, common to all algorithms */ switch(context.algorithm()) { case CSSM_ALGID_PKCS5_PBKDF2: case CSSM_ALGID_DH: case CSSM_ALGID_PKCS12_PBE_ENCR: case CSSM_ALGID_PKCS12_PBE_MAC: case CSSM_ALGID_PKCS5_PBKDF1_MD5: case CSSM_ALGID_PKCS5_PBKDF1_MD2: case CSSM_ALGID_PKCS5_PBKDF1_SHA1: case CSSM_ALGID_PBE_OPENSSL_MD5: case CSSM_ALGID_OPENSSH1: #if CRYPTKIT_CSP_ENABLE case CSSM_ALGID_ECDH: case CSSM_ALGID_ECDH_X963_KDF: #endif break; /* maybe more here, later */ default: CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM); } DerivedKey.KeyData.Data = NULL; DerivedKey.KeyData.Length = 0; cspKeyStorage keyStorage = cspParseKeyAttr(CKT_Session, KeyAttr); cspValidateKeyUsageBits(CKT_Session, KeyUsage); /* outgoing key type, required (though any algorithm is OK) */ uint32 keyType = context.getInt(CSSM_ATTRIBUTE_KEY_TYPE, CSSMERR_CSP_MISSING_ATTR_KEY_TYPE); /* outgoing key size, required - any nonzero value is OK */ uint32 reqKeySize = context.getInt( CSSM_ATTRIBUTE_KEY_LENGTH, CSSMERR_CSP_MISSING_ATTR_KEY_LENGTH); /* cook up a place to put the key data */ uint32 keySizeInBytes = (reqKeySize + 7) / 8; SymmetricBinaryKey *binKey = NULL; CSSM_DATA_PTR keyData = NULL; switch(keyStorage) { case CKS_None: /* no way */ CssmError::throwMe(CSSMERR_CSP_INVALID_KEYATTR_MASK); case CKS_Ref: /* cook up a symmetric binary key */ binKey = new SymmetricBinaryKey(reqKeySize); keyData = &binKey->mKeyData; break; case CKS_Data: /* key bytes --> caller's cssmKey */ keyData = &DerivedKey.KeyData; setUpData(*keyData, keySizeInBytes, normAllocator); break; } /* break off to algorithm-specific code, whose job it is * to fill in keyData->Data with keyData->Length bytes */ switch(context.algorithm()) { case CSSM_ALGID_PKCS5_PBKDF2: DeriveKey_PBKDF2(context, Param, keyData); break; case CSSM_ALGID_DH: DeriveKey_DH(context, Param, keyData, *this); break; case CSSM_ALGID_PKCS12_PBE_ENCR: case CSSM_ALGID_PKCS12_PBE_MAC: DeriveKey_PKCS12(context, *this, Param, keyData); break; case CSSM_ALGID_PKCS5_PBKDF1_MD5: case CSSM_ALGID_PKCS5_PBKDF1_MD2: case CSSM_ALGID_PKCS5_PBKDF1_SHA1: case CSSM_ALGID_PBE_OPENSSL_MD5: DeriveKey_PKCS5_V1_5(context, context.algorithm(), Param, keyData); break; case CSSM_ALGID_OPENSSH1: DeriveKey_OpenSSH1(context, context.algorithm(), Param, keyData); break; #if CRYPTKIT_CSP_ENABLE case CSSM_ALGID_ECDH: case CSSM_ALGID_ECDH_X963_KDF: CryptKit::DeriveKey_ECDH(context, context.algorithm(), Param, keyData, *this); break; #endif /* maybe more here, later */ default: assert(0); } /* set up outgoing header */ KeyAttr &= ~KEY_ATTR_RETURN_MASK; CSSM_KEYHEADER &hdr = DerivedKey.KeyHeader; setKeyHeader(hdr, plugin.myGuid(), keyType, CSSM_KEYCLASS_SESSION_KEY, KeyAttr, KeyUsage); /* handle derived size < requested size, legal for Diffie-Hellman */ hdr.LogicalKeySizeInBits = (uint32)(keyData->Length * 8); if(keyStorage == CKS_Ref) { /* store and convert to ref key */ addRefKey(*binKey, DerivedKey); } else { /* Raw data */ hdr.BlobType = CSSM_KEYBLOB_RAW; hdr.Format = CSSM_KEYBLOB_RAW_FORMAT_OCTET_STRING; } }