[apple/security.git] / libsecurity_apple_csp / lib / AppleCSPSession.h

/*
 * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
 * 
 * The contents of this file constitute Original Code as defined in and are
 * subject to the Apple Public Source License Version 1.2 (the 'License').
 * You may not use this file except in compliance with the License. Please obtain
 * a copy of the License at http://www.apple.com/publicsource and read it before
 * using this file.
 * 
 * This Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
 * specific language governing rights and limitations under the License.
 */


//
// AppleCSPSession.h - top-level session class
//
#ifndef _APPLE_CSP_SESSION_H_
#define _APPLE_CSP_SESSION_H_

#include <security_cdsa_plugin/cssmplugin.h>
#include <security_cdsa_plugin/pluginsession.h>
#include <security_cdsa_plugin/CSPsession.h>
#include <security_utilities/threading.h>
#include "BinaryKey.h"
#include "AppleCSPUtils.h"

class CSPKeyInfoProvider;

/* avoid unnecessary includes.... */
class AppleCSPPlugin;
#ifdef	BSAFE_CSP_ENABLE
class BSafeFactory;
#endif
#ifdef	CRYPTKIT_CSP_ENABLE
class CryptKitFactory;
#endif
class MiscAlgFactory;
#ifdef	ASC_CSP_ENABLE
class AscAlgFactory;
#endif
class RSA_DSA_Factory;
class DH_Factory;

/* one per attach/detach */
class AppleCSPSession : public CSPFullPluginSession {
public:
	
	AppleCSPSession(
		CSSM_MODULE_HANDLE 	handle,
		AppleCSPPlugin 		&plug,
		const CSSM_VERSION 	&Version,
		uint32 				SubserviceID,
		CSSM_SERVICE_TYPE 	SubServiceType,
		CSSM_ATTACH_FLAGS 	AttachFlags,
		const CSSM_UPCALLS 	&upcalls);

	~AppleCSPSession();
	
	CSPContext *contextCreate(
		CSSM_CC_HANDLE 		handle, 
		const Context 		&context);
	void setupContext(
		CSPContext * 		&cspCtx, 
		const Context 		&context, 
		bool 				encoding);

	// Functions declared in CSPFullPluginSession which we override.
	
	// Free a key. If this is a reference key
	// we generated, remove it from refKeyMap. 
	void FreeKey(const AccessCredentials *AccessCred,
		CssmKey &KeyPtr,
		CSSM_BOOL Delete);
	
	void UnwrapKey(CSSM_CC_HANDLE CCHandle,
        const Context &Context,
        const CssmKey *PublicKey,
        const CssmKey &WrappedKey,
        uint32 KeyUsage,
        uint32 KeyAttr,
        const CssmData *KeyLabel,
        const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry,
        CssmKey &UnwrappedKey,
        CssmData &DescriptiveData,
        CSSM_PRIVILEGE Privilege);
	void WrapKey(CSSM_CC_HANDLE CCHandle,
        const Context &Context,
        const AccessCredentials &AccessCred,
        const CssmKey &Key,
        const CssmData *DescriptiveData,
        CssmKey &WrappedKey,
        CSSM_PRIVILEGE Privilege);
 	void DeriveKey(CSSM_CC_HANDLE CCHandle,
		const Context &Context,
		CssmData &Param,
		uint32 KeyUsage,
		uint32 KeyAttr,
		const CssmData *KeyLabel,
		const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry,
		CssmKey &DerivedKey);
	void PassThrough(CSSM_CC_HANDLE CCHandle,
		const Context &Context,
		uint32 PassThroughId,
		const void *InData,
		void **OutData);
	void getKeySize(const CssmKey &key, 
		CSSM_KEY_SIZE &size);

	// add a BinaryKey to our refKeyMap. Sets up cssmKey
	// as appropriate.
	void addRefKey(
		BinaryKey			&binKey,
		CssmKey				&cssmKey);
		
	// Given a CssmKey in reference form, obtain the associated
	// BinaryKey. 
	BinaryKey &lookupRefKey(
		const CssmKey		&cssmKey);

	// CSP's RNG. This redirects to Yarrow.
	void					getRandomBytes(size_t length, uint8 *cp);
	void					addEntropy(size_t length, const uint8 *cp);  
 
	Allocator 			&normAlloc()  { return normAllocator; }	
    Allocator 			&privAlloc()  { return privAllocator; }
		
	#ifdef	BSAFE_CSP_ENABLE
	BSafeFactory 			&bSafe4Factory;
	#endif
	#ifdef	CRYPTKIT_CSP_ENABLE
	CryptKitFactory			&cryptKitFactory;
	#endif
	MiscAlgFactory			&miscAlgFactory;
	#ifdef	ASC_CSP_ENABLE
	AscAlgFactory			&ascAlgFactory;
	#endif
	RSA_DSA_Factory			&rsaDsaAlgFactory;
	DH_Factory				&dhAlgFactory;
	
private:
	// storage of binary keys (which apps know as reference keys)
	typedef std::map<KeyRef, const BinaryKey *> keyMap;
	keyMap					refKeyMap;
	Mutex					refKeyMapLock;
    Allocator 			&normAllocator;	
    Allocator 			&privAllocator;	
	
	BinaryKey 				*lookupKeyRef(KeyRef keyRef);
	void 					DeriveKey_PBKDF2(
								const Context &Context,
								const CssmData &Param,
								CSSM_DATA *keyData);
	
	void					DeriveKey_PKCS5_V1_5(
								const Context &context,
								CSSM_ALGORITHMS algId,
								const CssmData &Param,
								CSSM_DATA *keyData);	

	void					DeriveKey_OpenSSH1(
								const Context &context,
								CSSM_ALGORITHMS algId,
								const CssmData &Param,
								CSSM_DATA *keyData);	

	/* CMS wrap/unwrap, called out from standard wrap/unwrap */
	void WrapKeyCms(
		CSSM_CC_HANDLE CCHandle,
		const Context &Context,
		const AccessCredentials &AccessCred,
		const CssmKey &UnwrappedKey,
		CssmData &rawBlob,
		bool allocdRawBlob,			// callee has to free rawBlob
		const CssmData *DescriptiveData,
		CssmKey &WrappedKey,
		CSSM_PRIVILEGE Privilege);
		
	void UnwrapKeyCms(
		CSSM_CC_HANDLE CCHandle,
		const Context &Context,
		const CssmKey &WrappedKey,
		const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry,
		CssmKey &UnwrappedKey,
		CssmData &DescriptiveData,
		CSSM_PRIVILEGE Privilege,
		cspKeyStorage keyStorage);

	/* OpenSSHv1 wrap/unwrap, called out from standard wrap/unwrap */
	void WrapKeyOpenSSH1(
		CSSM_CC_HANDLE CCHandle,
		const Context &Context,
		const AccessCredentials &AccessCred,
		BinaryKey &unwrappedBinKey,
		CssmData &rawBlob,
		bool allocdRawBlob,			// callee has to free rawBlob
		const CssmData *DescriptiveData,
		CssmKey &WrappedKey,
		CSSM_PRIVILEGE Privilege);
		
	void UnwrapKeyOpenSSH1(
		CSSM_CC_HANDLE CCHandle,
		const Context &Context,
		const CssmKey &WrappedKey,
		const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry,
		CssmKey &UnwrappedKey,
		CssmData &DescriptiveData,
		CSSM_PRIVILEGE Privilege,
		cspKeyStorage keyStorage);

	/* 
	 * Used for generating crypto contexts at this level. 
	 * Analogous to AlgorithmFactory.setup().
	 */
	bool setup(
		CSPFullPluginSession::CSPContext * &cspCtx, 
		const Context &context);

	/*
	 * Find a CSPKeyInfoProvider subclass for the specified key.
	 */
	CSPKeyInfoProvider *infoProvider(
		const CssmKey	&key);
		
	void pkcs8InferKeyHeader(
		CssmKey			&key);
	
	void opensslInferKeyHeader(
		CssmKey			&key);
	
};	/* AppleCSPSession */


#endif //_APPLE_CSP_SESSION_H_
Commit	Line	Data
b1ab9ed8 A	1	/*
	2	* Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
	3	*
	4	* The contents of this file constitute Original Code as defined in and are
	5	* subject to the Apple Public Source License Version 1.2 (the 'License').
	6	* You may not use this file except in compliance with the License. Please obtain
	7	* a copy of the License at http://www.apple.com/publicsource and read it before
	8	* using this file.
	9	*
	10	* This Original Code and all software distributed under the License are
	11	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
	12	* OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
	13	* LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
	14	* PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
	15	* specific language governing rights and limitations under the License.
	16	*/
	17
	18
	19	//
	20	// AppleCSPSession.h - top-level session class
	21	//
	22	#ifndef _APPLE_CSP_SESSION_H_
	23	#define _APPLE_CSP_SESSION_H_
	24
	25	#include <security_cdsa_plugin/cssmplugin.h>
	26	#include <security_cdsa_plugin/pluginsession.h>
	27	#include <security_cdsa_plugin/CSPsession.h>
	28	#include <security_utilities/threading.h>
	29	#include "BinaryKey.h"
	30	#include "AppleCSPUtils.h"
	31
	32	class CSPKeyInfoProvider;
	33
	34	/* avoid unnecessary includes.... */
	35	class AppleCSPPlugin;
	36	#ifdef BSAFE_CSP_ENABLE
	37	class BSafeFactory;
	38	#endif
	39	#ifdef CRYPTKIT_CSP_ENABLE
	40	class CryptKitFactory;
	41	#endif
	42	class MiscAlgFactory;
	43	#ifdef ASC_CSP_ENABLE
	44	class AscAlgFactory;
	45	#endif
	46	class RSA_DSA_Factory;
	47	class DH_Factory;
	48
	49	/* one per attach/detach */
	50	class AppleCSPSession : public CSPFullPluginSession {
	51	public:
	52
	53	AppleCSPSession(
	54	CSSM_MODULE_HANDLE handle,
	55	AppleCSPPlugin &plug,
	56	const CSSM_VERSION &Version,
	57	uint32 SubserviceID,
	58	CSSM_SERVICE_TYPE SubServiceType,
	59	CSSM_ATTACH_FLAGS AttachFlags,
	60	const CSSM_UPCALLS &upcalls);
	61
	62	~AppleCSPSession();
	63
	64	CSPContext *contextCreate(
65	CSSM_CC_HANDLE handle,
66	const Context &context);
67	void setupContext(
68	CSPContext * &cspCtx,
69	const Context &context,
70	bool encoding);
71
72	// Functions declared in CSPFullPluginSession which we override.
73
74	// Free a key. If this is a reference key
75	// we generated, remove it from refKeyMap.
76	void FreeKey(const AccessCredentials *AccessCred,
77	CssmKey &KeyPtr,
78	CSSM_BOOL Delete);
79
80	void UnwrapKey(CSSM_CC_HANDLE CCHandle,
81	const Context &Context,
82	const CssmKey *PublicKey,
83	const CssmKey &WrappedKey,
84	uint32 KeyUsage,
85	uint32 KeyAttr,
86	const CssmData *KeyLabel,
87	const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry,
88	CssmKey &UnwrappedKey,
89	CssmData &DescriptiveData,
90	CSSM_PRIVILEGE Privilege);
91	void WrapKey(CSSM_CC_HANDLE CCHandle,
92	const Context &Context,
93	const AccessCredentials &AccessCred,
94	const CssmKey &Key,
95	const CssmData *DescriptiveData,
96	CssmKey &WrappedKey,
97	CSSM_PRIVILEGE Privilege);
98	void DeriveKey(CSSM_CC_HANDLE CCHandle,
99	const Context &Context,
100	CssmData &Param,
101	uint32 KeyUsage,
102	uint32 KeyAttr,
103	const CssmData *KeyLabel,
104	const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry,
105	CssmKey &DerivedKey);
106	void PassThrough(CSSM_CC_HANDLE CCHandle,
107	const Context &Context,
108	uint32 PassThroughId,
109	const void *InData,
110	void **OutData);
111	void getKeySize(const CssmKey &key,
112	CSSM_KEY_SIZE &size);
113
114	// add a BinaryKey to our refKeyMap. Sets up cssmKey
115	// as appropriate.
116	void addRefKey(
117	BinaryKey &binKey,
118	CssmKey &cssmKey);
119
120	// Given a CssmKey in reference form, obtain the associated
121	// BinaryKey.
122	BinaryKey &lookupRefKey(
123	const CssmKey &cssmKey);
124
125	// CSP's RNG. This redirects to Yarrow.
126	void getRandomBytes(size_t length, uint8 *cp);
127	void addEntropy(size_t length, const uint8 *cp);
128
129	Allocator &normAlloc() { return normAllocator; }
130	Allocator &privAlloc() { return privAllocator; }
131
132	#ifdef BSAFE_CSP_ENABLE
133	BSafeFactory &bSafe4Factory;
134	#endif
135	#ifdef CRYPTKIT_CSP_ENABLE
136	CryptKitFactory &cryptKitFactory;
137	#endif
138	MiscAlgFactory &miscAlgFactory;
139	#ifdef ASC_CSP_ENABLE
140	AscAlgFactory &ascAlgFactory;
141	#endif
142	RSA_DSA_Factory &rsaDsaAlgFactory;
143	DH_Factory &dhAlgFactory;
144
145	private:
146	// storage of binary keys (which apps know as reference keys)
147	typedef std::map<KeyRef, const BinaryKey *> keyMap;
148	keyMap refKeyMap;
149	Mutex refKeyMapLock;
150	Allocator &normAllocator;
151	Allocator &privAllocator;
152
153	BinaryKey *lookupKeyRef(KeyRef keyRef);
154	void DeriveKey_PBKDF2(
155	const Context &Context,
156	const CssmData &Param,
157	CSSM_DATA *keyData);
158
159	void DeriveKey_PKCS5_V1_5(
160	const Context &context,
161	CSSM_ALGORITHMS algId,
162	const CssmData &Param,
163	CSSM_DATA *keyData);
164
165	void DeriveKey_OpenSSH1(
166	const Context &context,
167	CSSM_ALGORITHMS algId,
168	const CssmData &Param,
169	CSSM_DATA *keyData);
170
171	/* CMS wrap/unwrap, called out from standard wrap/unwrap */
172	void WrapKeyCms(
173	CSSM_CC_HANDLE CCHandle,
174	const Context &Context,
175	const AccessCredentials &AccessCred,
176	const CssmKey &UnwrappedKey,
177	CssmData &rawBlob,
178	bool allocdRawBlob, // callee has to free rawBlob
179	const CssmData *DescriptiveData,
180	CssmKey &WrappedKey,
181	CSSM_PRIVILEGE Privilege);
182
183	void UnwrapKeyCms(
184	CSSM_CC_HANDLE CCHandle,
185	const Context &Context,
186	const CssmKey &WrappedKey,
187	const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry,
188	CssmKey &UnwrappedKey,
189	CssmData &DescriptiveData,
190	CSSM_PRIVILEGE Privilege,
191	cspKeyStorage keyStorage);
192
193	/* OpenSSHv1 wrap/unwrap, called out from standard wrap/unwrap */
194	void WrapKeyOpenSSH1(
195	CSSM_CC_HANDLE CCHandle,
196	const Context &Context,
197	const AccessCredentials &AccessCred,
198	BinaryKey &unwrappedBinKey,
199	CssmData &rawBlob,
200	bool allocdRawBlob, // callee has to free rawBlob
201	const CssmData *DescriptiveData,
202	CssmKey &WrappedKey,
203	CSSM_PRIVILEGE Privilege);
204
205	void UnwrapKeyOpenSSH1(
206	CSSM_CC_HANDLE CCHandle,
207	const Context &Context,
208	const CssmKey &WrappedKey,
209	const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry,
210	CssmKey &UnwrappedKey,
211	CssmData &DescriptiveData,
212	CSSM_PRIVILEGE Privilege,
213	cspKeyStorage keyStorage);
214
215	/*
216	* Used for generating crypto contexts at this level.
217	* Analogous to AlgorithmFactory.setup().
218	*/
219	bool setup(
220	CSPFullPluginSession::CSPContext * &cspCtx,
221	const Context &context);
222
223	/*
224	* Find a CSPKeyInfoProvider subclass for the specified key.
225	*/
226	CSPKeyInfoProvider *infoProvider(
227	const CssmKey &key);
228
229	void pkcs8InferKeyHeader(
230	CssmKey &key);
231
232	void opensslInferKeyHeader(
233	CssmKey &key);
234
235	}; /* AppleCSPSession */
236
237
238	#endif //_APPLE_CSP_SESSION_H_