/* * Standard CSPContext init, called from CSPFullPluginSession::init(). * Reusable, e.g., query followed by en/decrypt. */ void RC5Context::init( const Context &context, bool encrypting) { CSSM_SIZE keyLen; uint8 *keyData = NULL; uint32 rounds = RC5_16_ROUNDS; /* obtain key from context */ symmetricKeyBits(context, session(), CSSM_ALGID_RC5, encrypting ? CSSM_KEYUSE_ENCRYPT : CSSM_KEYUSE_DECRYPT, keyData, keyLen); if((keyLen < RC5_MIN_KEY_SIZE_BYTES) || (keyLen > RC5_MAX_KEY_SIZE_BYTES)) { CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_KEY); } /* * Optional rounds */ rounds = context.getInt(CSSM_ATTRIBUTE_ROUNDS); if(rounds == 0) { /* default */ rounds = RC5_16_ROUNDS; } /* init the low-level state */ RC5_32_set_key(&rc5Key, keyLen, keyData, rounds); /* Finally, have BlockCryptor do its setup */ setup(RC5_BLOCK_SIZE_BYTES, context); }
/* called out from CSPFullPluginSession.... * both generate and verify */ void MacContext::init(const Context &context, bool isSigning) { CCHmacAlgorithm ccAlg; /* obtain key from context */ CSSM_SIZE keyLen; uint8 *keyData = NULL; symmetricKeyBits(context, session(), mAlg, isSigning ? CSSM_KEYUSE_SIGN : CSSM_KEYUSE_VERIFY, keyData, keyLen); uint32 minKey = 0; switch(mAlg) { case CSSM_ALGID_SHA1HMAC: minKey = HMAC_SHA_MIN_KEY_SIZE; mDigestSize = CC_SHA1_DIGEST_LENGTH; ccAlg = kCCHmacAlgSHA1; break; case CSSM_ALGID_MD5HMAC: minKey = HMAC_MD5_MIN_KEY_SIZE; mDigestSize = CC_MD5_DIGEST_LENGTH; ccAlg = kCCHmacAlgMD5; break; default: assert(0); // factory should not have called us CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM); } if((keyLen < minKey) || (keyLen > HMAC_MAX_KEY_SIZE)) { CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_KEY); } CCHmacInit(&hmacCtx, ccAlg, keyData, keyLen); }
/* * Standard CSPContext init, called from CSPFullPluginSession::init(). * Reusable, e.g., query followed by en/decrypt. */ void DESContext::init( const Context &context, bool encrypting) { CSSM_SIZE keyLen; uint8 *keyData = NULL; /* obtain key from context */ symmetricKeyBits(context, session(), CSSM_ALGID_DES, encrypting ? CSSM_KEYUSE_ENCRYPT : CSSM_KEYUSE_DECRYPT, keyData, keyLen); if(keyLen != (DES_KEY_SIZE_BITS_EXTERNAL / 8)) { CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_KEY); } if (DesInst != NULL) { CCCryptorRelease(DesInst); } (void) CCCryptorCreateWithMode(0, kCCModeECB, kCCAlgorithmDES, ccDefaultPadding, NULL, keyData, kCCKeySizeDES, NULL, 0, 0, 0, &DesInst); /* Finally, have BlockCryptor do its setup */ setup(DES_BLOCK_SIZE_BYTES, context); }
/* * Standard CSPContext init, called from CSPFullPluginSession::init(). * Reusable, e.g., query followed by en/decrypt. */ void RC2Context::init( const Context &context, bool encrypting) { CSSM_SIZE keyLen; uint8 *keyData = NULL; uint32 effectiveBits; /* obtain key from context */ symmetricKeyBits(context, session(), CSSM_ALGID_RC2, encrypting ? CSSM_KEYUSE_ENCRYPT : CSSM_KEYUSE_DECRYPT, keyData, keyLen); if((keyLen < RC2_MIN_KEY_SIZE_BYTES) || (keyLen > RC2_MAX_KEY_SIZE_BYTES)) { CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_KEY); } /* * Optional effective key size in bits - either from Context, * or the key */ effectiveBits = context.getInt(CSSM_ATTRIBUTE_EFFECTIVE_BITS); if(effectiveBits == 0) { CssmKey &key = context.get<CssmKey>(CSSM_ATTRIBUTE_KEY, CSSMERR_CSP_MISSING_ATTR_KEY); effectiveBits = key.KeyHeader.LogicalKeySizeInBits; } /* init the low-level state */ RC2_set_key(&rc2Key, keyLen, keyData, effectiveBits); /* Finally, have BlockCryptor do its setup */ setup(RC2_BLOCK_SIZE_BYTES, context); }
/* * Standard CSPContext init, called from CSPFullPluginSession::init(). * Reusable, e.g., query followed by en/decrypt. */ void CastContext::init( const Context &context, bool encrypting) { if(mInitFlag && !opStarted()) { return; } CSSM_SIZE keyLen; uint8 *keyData = NULL; bool sameKeySize = false; /* obtain key from context */ symmetricKeyBits(context, session(), CSSM_ALGID_CAST, encrypting ? CSSM_KEYUSE_ENCRYPT : CSSM_KEYUSE_DECRYPT, keyData, keyLen); if((keyLen < kCCKeySizeMinCAST) || (keyLen > kCCKeySizeMaxCAST)) { CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_KEY); } /* * Delete existing key if key size changed */ if(mRawKeySize == keyLen) { sameKeySize = true; } else { deleteKey(); } /* init key only if key size or key bits have changed */ if(!sameKeySize || memcmp(mRawKey, keyData, mRawKeySize)) { (void) CCCryptorCreateWithMode(0, kCCModeECB, kCCAlgorithmCAST, ccDefaultPadding, NULL, keyData, keyLen, NULL, 0, 0, 0, &mCastKey); /* save this raw key data */ memmove(mRawKey, keyData, keyLen); mRawKeySize = (uint32)keyLen; } /* Finally, have BlockCryptor do its setup */ setup(kCCBlockSizeCAST, context); mInitFlag = true; }
/* * Standard CSPContext init, called from CSPFullPluginSession::init(). * Reusable, e.g., query followed by en/decrypt. */ void BlowfishContext::init( const Context &context, bool encrypting) { if(mInitFlag && !opStarted()) { return; } CSSM_SIZE keyLen; uint8 *keyData = NULL; bool sameKeySize = false; /* obtain key from context */ symmetricKeyBits(context, session(), CSSM_ALGID_BLOWFISH, encrypting ? CSSM_KEYUSE_ENCRYPT : CSSM_KEYUSE_DECRYPT, keyData, keyLen); if((keyLen < BF_MIN_KEY_SIZE_BYTES) || (keyLen > BF_MAX_KEY_SIZE_BYTES)) { CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_KEY); } /* * Delete existing key if key size changed */ if(mRawKeySize == keyLen) { sameKeySize = true; } else { deleteKey(); } /* init key only if key size or key bits have changed */ if(!sameKeySize || memcmp(mRawKey, keyData, mRawKeySize)) { BF_set_key(&mBfKey, (int)keyLen, keyData); /* save this raw key data */ memmove(mRawKey, keyData, keyLen); mRawKeySize = (unsigned int)keyLen; } /* Finally, have BlockCryptor do its setup */ setup(BF_BLOCK, context); mInitFlag = true; }
/* * Standard CSPContext init, called from CSPFullPluginSession::init(). * Reusable, e.g., query followed by en/decrypt. */ void RC4Context::init( const Context &context, bool encrypting) { CSSM_SIZE keyLen; uint8 *keyData = NULL; /* obtain key from context */ symmetricKeyBits(context, session(), CSSM_ALGID_RC4, encrypting ? CSSM_KEYUSE_ENCRYPT : CSSM_KEYUSE_DECRYPT, keyData, keyLen); if((keyLen < kCCKeySizeMinRC4) || (keyLen > kCCKeySizeMaxRC4)) { CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_KEY); } /* All other context attributes ignored */ /* init the low-level state */ (void) CCCryptorCreateWithMode(0, kCCModeRC4, kCCAlgorithmRC4, ccDefaultPadding, NULL, keyData, keyLen, NULL, 0, 0, 0, &rc4Key); }
/* * Standard CSPContext init, called from CSPFullPluginSession::init(). * Reusable, e.g., query followed by en/decrypt. Even reusable after context * changed (i.e., new IV in Encrypted File System). */ void GAESContext::init( const Context &context, bool encrypting) { if(mInitFlag && !opStarted()) { return; } CSSM_SIZE keyLen; uint8 *keyData = NULL; bool sameKeySize = false; /* obtain key from context */ symmetricKeyBits(context, session(), CSSM_ALGID_AES, encrypting ? CSSM_KEYUSE_ENCRYPT : CSSM_KEYUSE_DECRYPT, keyData, keyLen); switch(keyLen) { case kCCKeySizeAES128: case kCCKeySizeAES192: case kCCKeySizeAES256: break; default: CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_KEY); } /* * Delete existing key if key size changed */ if(mRawKeySize == keyLen) { sameKeySize = true; } else { deleteKey(); } /* * Init key only if key size or key bits have changed, or * we're doing a different operation than the previous key * was scheduled for. */ if(!sameKeySize || (mWasEncrypting != encrypting) || memcmp(mRawKey, keyData, mRawKeySize)) { (void) CCCryptorCreateWithMode(0, kCCModeECB, kCCAlgorithmAES128, ccDefaultPadding, NULL, keyData, keyLen, NULL, 0, 0, 0, &mAesKey); /* save this raw key data */ memmove(mRawKey, keyData, keyLen); mRawKeySize = keyLen; mWasEncrypting = encrypting; } /* we handle CBC, and hence the IV, ourselves */ CSSM_ENCRYPT_MODE cssmMode = context.getInt(CSSM_ATTRIBUTE_MODE); switch (cssmMode) { /* no mode attr --> 0 == CSSM_ALGMODE_NONE, not currently supported */ case CSSM_ALGMODE_CBCPadIV8: case CSSM_ALGMODE_CBC_IV8: { CssmData *iv = context.get<CssmData>(CSSM_ATTRIBUTE_INIT_VECTOR); if(iv == NULL) { CssmError::throwMe(CSSMERR_CSP_MISSING_ATTR_INIT_VECTOR); } if(iv->Length != kCCBlockSizeAES128) { CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_INIT_VECTOR); } } break; default: break; } /* Finally, have BlockCryptor do its setup */ setup(GLADMAN_BLOCK_SIZE_BYTES, context); mInitFlag = true; }