/*
* Staged init - cook up a CSSM_CC_HANDLE and call the appropriate
* init.
*/
CSSM_RETURN cdsaStagedEncDecrInit(
CSSM_CSP_HANDLE cspHandle, // from cdsaCspAttach()
const CSSM_KEY *key, // from cdsaDeriveKey()
StagedOpType opType, // SO_Encrypt, SO_Decrypt
CSSM_CC_HANDLE *ccHandle) // RETURNED
{
CSSM_RETURN crtn;
CSSM_CC_HANDLE ccHand;
crtn = genCryptHandle(cspHandle, key, &ivCommon, &ccHand);
if(crtn) {
return crtn;
}
switch(opType) {
case SO_Encrypt:
crtn = CSSM_EncryptDataInit(ccHand);
break;
case SO_Decrypt:
crtn = CSSM_DecryptDataInit(ccHand);
break;
default:
return CSSMERR_CSP_FUNCTION_NOT_IMPLEMENTED;
}
if(crtn) {
CSSM_DeleteContext(ccHand);
}
else {
*ccHandle = ccHand;
}
return CSSM_OK;
}
static SecCmsCipherContext *
SecCmsCipherContextStart(PRArenaPool *poolp, SecSymmetricKeyRef key, SECAlgorithmID *algid, PRBool encrypt)
{
SecCmsCipherContext *cc;
CSSM_CC_HANDLE ciphercc = 0;
SECOidData *oidData;
SECOidTag algtag;
CSSM_ALGORITHMS algorithm;
CSSM_PADDING padding = CSSM_PADDING_PKCS7;
CSSM_ENCRYPT_MODE mode;
CSSM_CSP_HANDLE cspHandle;
const CSSM_KEY *cssmKey;
OSStatus rv;
uint8 ivbuf[8];
CSSM_DATA initVector = { sizeof(ivbuf), ivbuf };
//CSSM_CONTEXT_ATTRIBUTE contextAttribute = { CSSM_ATTRIBUTE_ALG_PARAMS, sizeof(CSSM_DATA_PTR) };
rv = SecKeyGetCSPHandle(key, &cspHandle);
if (rv)
goto loser;
rv = SecKeyGetCSSMKey(key, &cssmKey);
if (rv)
goto loser;
// @@@ Add support for PBE based stuff
oidData = SECOID_FindOID(&algid->algorithm);
if (!oidData)
goto loser;
algtag = oidData->offset;
algorithm = oidData->cssmAlgorithm;
if (!algorithm)
goto loser;
switch (algtag)
{
case SEC_OID_RC2_CBC:
case SEC_OID_RC4:
case SEC_OID_DES_EDE3_CBC:
case SEC_OID_DES_EDE:
case SEC_OID_DES_CBC:
case SEC_OID_RC5_CBC_PAD:
case SEC_OID_AES_128_CBC:
case SEC_OID_AES_192_CBC:
case SEC_OID_AES_256_CBC:
case SEC_OID_FORTEZZA_SKIPJACK:
mode = CSSM_ALGMODE_CBCPadIV8;
break;
case SEC_OID_DES_ECB:
case SEC_OID_AES_128_ECB:
case SEC_OID_AES_192_ECB:
case SEC_OID_AES_256_ECB:
mode = CSSM_ALGMODE_ECBPad;
break;
case SEC_OID_DES_OFB:
mode = CSSM_ALGMODE_OFBPadIV8;
break;
case SEC_OID_DES_CFB:
mode = CSSM_ALGMODE_CFBPadIV8;
break;
default:
goto loser;
}
if (encrypt)
{
CSSM_CC_HANDLE randomcc;
//SECItem *parameters;
// Generate random initVector
if (CSSM_CSP_CreateRandomGenContext(cspHandle,
CSSM_ALGID_APPLE_YARROW,
NULL, /* seed*/
initVector.Length,
&randomcc))
goto loser;
if (CSSM_GenerateRandom(randomcc, &initVector))
goto loser;
CSSM_DeleteContext(randomcc);
// Put IV into algid.parameters
switch (algtag)
{
case SEC_OID_RC4:
case SEC_OID_DES_EDE3_CBC:
case SEC_OID_DES_EDE:
case SEC_OID_DES_CBC:
case SEC_OID_AES_128_CBC:
case SEC_OID_AES_192_CBC:
case SEC_OID_AES_256_CBC:
case SEC_OID_FORTEZZA_SKIPJACK:
case SEC_OID_DES_ECB:
case SEC_OID_AES_128_ECB:
case SEC_OID_AES_192_ECB:
case SEC_OID_AES_256_ECB:
case SEC_OID_DES_OFB:
case SEC_OID_DES_CFB:
/* Just encode the initVector as an octet string. */
if (!SEC_ASN1EncodeItem(poolp, &algid->parameters,
&initVector, SEC_OctetStringTemplate))
goto loser;
break;
case SEC_OID_RC2_CBC:
{
sec_rc2cbcParameter rc2 = {};
unsigned long rc2version;
SECItem *newParams;
rc2.iv = initVector;
rc2version = rc2_unmap(cssmKey->KeyHeader.LogicalKeySizeInBits);
if (!SEC_ASN1EncodeUnsignedInteger (NULL, &(rc2.rc2ParameterVersion),
rc2version))
goto loser;
newParams = SEC_ASN1EncodeItem (poolp, &algid->parameters, &rc2,
sec_rc2cbc_parameter_template);
PORT_Free(rc2.rc2ParameterVersion.Data);
if (newParams == NULL)
goto loser;
break;
}
case SEC_OID_RC5_CBC_PAD:
default:
// @@@ Implement rc5 params stuff.
goto loser;
break;
}
}
else
{
// Extract IV from algid.parameters
// Put IV into algid.parameters
switch (algtag)
{
case SEC_OID_RC4:
case SEC_OID_DES_EDE3_CBC:
case SEC_OID_DES_EDE:
case SEC_OID_DES_CBC:
case SEC_OID_AES_128_CBC:
case SEC_OID_AES_192_CBC:
case SEC_OID_AES_256_CBC:
case SEC_OID_FORTEZZA_SKIPJACK:
case SEC_OID_DES_ECB:
case SEC_OID_AES_128_ECB:
case SEC_OID_AES_192_ECB:
case SEC_OID_AES_256_ECB:
case SEC_OID_DES_OFB:
case SEC_OID_DES_CFB:
{
CSSM_DATA iv = {};
/* Just decode the initVector from an octet string. */
rv = SEC_ASN1DecodeItem(NULL, &iv, SEC_OctetStringTemplate, &(algid->parameters));
if (rv)
goto loser;
if (initVector.Length != iv.Length) {
PORT_Free(iv.Data);
goto loser;
}
memcpy(initVector.Data, iv.Data, initVector.Length);
PORT_Free(iv.Data);
break;
}
case SEC_OID_RC2_CBC:
{
sec_rc2cbcParameter rc2 = {};
unsigned long ulEffectiveBits;
rv = SEC_ASN1DecodeItem(NULL, &rc2 ,sec_rc2cbc_parameter_template,
&(algid->parameters));
if (rv)
goto loser;
if (initVector.Length != rc2.iv.Length) {
PORT_Free(rc2.iv.Data);
PORT_Free(rc2.rc2ParameterVersion.Data);
goto loser;
}
memcpy(initVector.Data, rc2.iv.Data, initVector.Length);
PORT_Free(rc2.iv.Data);
ulEffectiveBits = rc2_map(&rc2.rc2ParameterVersion);
PORT_Free(rc2.rc2ParameterVersion.Data);
if (ulEffectiveBits != cssmKey->KeyHeader.LogicalKeySizeInBits)
goto loser;
break;
}
case SEC_OID_RC5_CBC_PAD:
default:
// @@@ Implement rc5 params stuff.
goto loser;
break;
}
}
if (CSSM_CSP_CreateSymmetricContext(cspHandle,
algorithm,
mode,
NULL, /* accessCred */
cssmKey,
&initVector,
padding,
NULL, /* reserved */
&ciphercc))
goto loser;
if (encrypt)
rv = CSSM_EncryptDataInit(ciphercc);
else
rv = CSSM_DecryptDataInit(ciphercc);
if (rv)
goto loser;
cc = (SecCmsCipherContext *)PORT_ZAlloc(sizeof(SecCmsCipherContext));
if (cc == NULL)
goto loser;
cc->cc = ciphercc;
cc->encrypt = encrypt;
return cc;
loser:
if (ciphercc)
CSSM_DeleteContext(ciphercc);
return NULL;
}