[apple/security.git] / OSX / libsecurity_apple_cspdl / lib / SSCSPSession.cpp

/*
 * Copyright (c) 2000-2001,2011-2012,2014 Apple Inc. All Rights Reserved.
 * 
 * The contents of this file constitute Original Code as defined in and are
 * subject to the Apple Public Source License Version 1.2 (the 'License').
 * You may not use this file except in compliance with the License. Please obtain
 * a copy of the License at http://www.apple.com/publicsource and read it before
 * using this file.
 * 
 * This Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
 * specific language governing rights and limitations under the License.
 */


//
// SSCSPSession.cpp - Security Server CSP session.
//
#include "SSCSPSession.h"

#include "CSPDLPlugin.h"
#include "SSDatabase.h"
#include "SSDLSession.h"
#include "SSKey.h"
#include <security_cdsa_utilities/cssmbridge.h>
#include <memory>

using namespace std;
using namespace SecurityServer;

//
// SSCSPSession -- Security Server CSP session
//
SSCSPSession::SSCSPSession(CSSM_MODULE_HANDLE handle,
						   CSPDLPlugin &plug,
						   const CSSM_VERSION &version,
						   uint32 subserviceId,
						   CSSM_SERVICE_TYPE subserviceType,
						   CSSM_ATTACH_FLAGS attachFlags,
						   const CSSM_UPCALLS &upcalls,
						   SSCSPDLSession &ssCSPDLSession,
						   CssmClient::CSP &rawCsp)
: CSPFullPluginSession(handle, plug, version, subserviceId, subserviceType,
					   attachFlags, upcalls),
  mSSCSPDLSession(ssCSPDLSession),
  mSSFactory(plug.mSSFactory),
  mRawCsp(rawCsp),
  mClientSession(Allocator::standard(), *this)
{
	mClientSession.registerForAclEdits(SSCSPDLSession::didChangeKeyAclCallback, &mSSCSPDLSession);
}

//
// Called at (CSSM) context create time. This is ignored; we do a full 
// context setup later, at setupContext time. 
//
CSPFullPluginSession::CSPContext *
SSCSPSession::contextCreate(CSSM_CC_HANDLE handle, const Context &context)
{
	return NULL;
}


//
// Called by CSPFullPluginSession when an op is actually commencing.
// Context can safely assumed to be fully formed and stable for the
// duration of the  op; thus we wait until now to set up our 
// CSPContext as appropriate to the op.
//
void
SSCSPSession::setupContext(CSPContext * &cspCtx,
						   const Context &context,
						   bool encoding)
{
	// note we skip this if this CSPContext is being reused
    if (cspCtx == NULL)
	{

		if (mSSFactory.setup(*this, cspCtx, context, encoding))
			return;

#if 0
		if (mBSafe4Factory.setup(*this, cspCtx, context))
			return;

		if (mCryptKitFactory.setup(*this, cspCtx, context))
			return;
#endif

        CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
	}
}


//
// DL interaction
//
SSDatabase
SSCSPSession::getDatabase(const Context &context)
{
	return getDatabase(context.get<CSSM_DL_DB_HANDLE>(CSSM_ATTRIBUTE_DL_DB_HANDLE));
}

SSDatabase
SSCSPSession::getDatabase(CSSM_DL_DB_HANDLE *aDLDbHandle)
{
	if (aDLDbHandle)
		return findSession<SSDLSession>(aDLDbHandle->DLHandle).findDbHandle(aDLDbHandle->DBHandle);
	else
		return SSDatabase();
}


//
// Reference Key management
//
void
SSCSPSession::makeReferenceKey(KeyHandle inKeyHandle, CssmKey &ioKey, SSDatabase &inSSDatabase,
							   uint32 inKeyAttr, const CssmData *inKeyLabel)
{
	return mSSCSPDLSession.makeReferenceKey(*this, inKeyHandle, ioKey, inSSDatabase, inKeyAttr, inKeyLabel);
}

SSKey &
SSCSPSession::lookupKey(const CssmKey &inKey)
{
	return mSSCSPDLSession.lookupKey(inKey);
}


//
// Key creating and handeling members
//
void
SSCSPSession::WrapKey(CSSM_CC_HANDLE CCHandle,
					  const Context &context,
					  const AccessCredentials &AccessCred,
					  const CssmKey &Key,
					  const CssmData *DescriptiveData,
					  CssmKey &WrappedKey,
					  CSSM_PRIVILEGE Privilege)
{
	// @@@ Deal with permanent keys
 	const CssmKey *keyInContext =
		context.get<const CssmKey>(CSSM_ATTRIBUTE_KEY);

	KeyHandle contextKeyHandle = (keyInContext
								  ? lookupKey(*keyInContext).keyHandle()
								  : noKey);
	clientSession().wrapKey(context, contextKeyHandle,
							lookupKey(Key).keyHandle(), &AccessCred,
							DescriptiveData, WrappedKey, *this);
}

void
SSCSPSession::UnwrapKey(CSSM_CC_HANDLE CCHandle,
						const Context &context,
						const CssmKey *PublicKey,
						const CssmWrappedKey &WrappedKey,
						uint32 KeyUsage,
						uint32 KeyAttr,
						const CssmData *KeyLabel,
						const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry,
						CssmKey &UnwrappedKey,
						CssmData &DescriptiveData,
						CSSM_PRIVILEGE Privilege)
{
	SSDatabase database = getDatabase(context);
	validateKeyAttr(KeyAttr);
	const AccessCredentials *cred = NULL;
	const AclEntryInput *owner = NULL;
	if (CredAndAclEntry)
	{
		cred = AccessCredentials::overlay(CredAndAclEntry->AccessCred);
		owner = &AclEntryInput::overlay(CredAndAclEntry->InitialAclEntry);
	}

	KeyHandle publicKey = noKey;
	if (PublicKey)
	{
		if (PublicKey->blobType() == CSSM_KEYBLOB_RAW)
		{
			// @@@ We need to unwrap the publicKey into the SecurityServer
			// before continuing
			CssmError::throwMe(CSSMERR_CSP_INVALID_KEY);
		}
		else
			publicKey = lookupKey(*PublicKey).keyHandle();
	}

	// @@@ Deal with permanent keys
 	const CssmKey *keyInContext =
		context.get<const CssmKey>(CSSM_ATTRIBUTE_KEY);

	KeyHandle contextKeyHandle =
		keyInContext ? lookupKey(*keyInContext).keyHandle() : noKey;

	KeyHandle unwrappedKeyHandle;
	clientSession().unwrapKey(database.dbHandle(), context, contextKeyHandle,
							  publicKey, WrappedKey, KeyUsage, KeyAttr,
							  cred, owner, DescriptiveData, unwrappedKeyHandle,
							  UnwrappedKey.header(), *this);	
	makeReferenceKey(unwrappedKeyHandle, UnwrappedKey, database, KeyAttr,
					 KeyLabel);
}

void
SSCSPSession::DeriveKey(CSSM_CC_HANDLE ccHandle,
						const Context &context,
						CssmData &param,
						uint32 keyUsage,
						uint32 keyAttr,
						const CssmData *keyLabel,
						const CSSM_RESOURCE_CONTROL_CONTEXT *credAndAclEntry,
						CssmKey &derivedKey)
{
	SSDatabase database = getDatabase(context);
	validateKeyAttr(keyAttr);
	const AccessCredentials *cred = NULL;
	const AclEntryInput *owner = NULL;
	if (credAndAclEntry)
	{
		cred = AccessCredentials::overlay(credAndAclEntry->AccessCred);
		owner = &AclEntryInput::overlay(credAndAclEntry->InitialAclEntry);
	}

	/* optional BaseKey */
 	const CssmKey *keyInContext =
		context.get<const CssmKey>(CSSM_ATTRIBUTE_KEY);
	KeyHandle contextKeyHandle =
		keyInContext ? lookupKey(*keyInContext).keyHandle() : noKey;
	KeyHandle keyHandle;
	switch(context.algorithm()) {
	case CSSM_ALGID_KEYCHAIN_KEY:
		{
			// special interpretation: take DLDBHandle -> DbHandle from params
			clientSession().extractMasterKey(database.dbHandle(), context,
				getDatabase(param.interpretedAs<CSSM_DL_DB_HANDLE>(CSSMERR_CSP_INVALID_ATTR_DL_DB_HANDLE)).dbHandle(),
				keyUsage, keyAttr, cred, owner, keyHandle, derivedKey.header());
		}
		break;
	default:
		clientSession().deriveKey(database.dbHandle(), context, contextKeyHandle, keyUsage,
					keyAttr, param, cred, owner, keyHandle, derivedKey.header());
		break;
	}
	makeReferenceKey(keyHandle, derivedKey, database, keyAttr, keyLabel);
}

void
SSCSPSession::GenerateKey(CSSM_CC_HANDLE ccHandle,
						  const Context &context,
						  uint32 keyUsage,
						  uint32 keyAttr,
						  const CssmData *keyLabel,
						  const CSSM_RESOURCE_CONTROL_CONTEXT *credAndAclEntry,
						  CssmKey &key,
						  CSSM_PRIVILEGE privilege)
{
	SSDatabase database = getDatabase(context);
	validateKeyAttr(keyAttr);
	const AccessCredentials *cred = NULL;
	const AclEntryInput *owner = NULL;
	if (credAndAclEntry)
	{
		cred = AccessCredentials::overlay(credAndAclEntry->AccessCred);
		owner = &AclEntryInput::overlay(credAndAclEntry->InitialAclEntry);
	}

	KeyHandle keyHandle;
	clientSession().generateKey(database.dbHandle(), context, keyUsage,
								keyAttr, cred, owner, keyHandle, key.header());
	makeReferenceKey(keyHandle, key, database, keyAttr, keyLabel);
}

void
SSCSPSession::GenerateKeyPair(CSSM_CC_HANDLE ccHandle,
							  const Context &context,
							  uint32 publicKeyUsage,
							  uint32 publicKeyAttr,
							  const CssmData *publicKeyLabel,
							  CssmKey &publicKey,
							  uint32 privateKeyUsage,
							  uint32 privateKeyAttr,
							  const CssmData *privateKeyLabel,
							  const CSSM_RESOURCE_CONTROL_CONTEXT *credAndAclEntry,
							  CssmKey &privateKey,
							  CSSM_PRIVILEGE privilege)
{
	SSDatabase database = getDatabase(context);
	validateKeyAttr(publicKeyAttr);
	validateKeyAttr(privateKeyAttr);
	const AccessCredentials *cred = NULL;
	const AclEntryInput *owner = NULL;
	if (credAndAclEntry)
	{
		cred = AccessCredentials::overlay(credAndAclEntry->AccessCred);
		owner = &AclEntryInput::overlay(credAndAclEntry->InitialAclEntry);
	}

	/* 
	 * Public keys must be extractable in the clear - that's the Apple
	 * policy. The raw CSP is unable to enforce the extractable
	 * bit since it always sees that as true (it's managed and forced
	 * true by the SecurityServer). So...
	 */
	if(!(publicKeyAttr & CSSM_KEYATTR_EXTRACTABLE)) {
			CssmError::throwMe(CSSMERR_CSP_INVALID_KEYATTR_MASK);
	}
	KeyHandle pubKeyHandle, privKeyHandle;
	clientSession().generateKey(database.dbHandle(), context,
							   publicKeyUsage, publicKeyAttr,
							   privateKeyUsage, privateKeyAttr,
							   cred, owner,
							   pubKeyHandle, publicKey.header(),
							   privKeyHandle, privateKey.header());
	makeReferenceKey(privKeyHandle, privateKey, database, privateKeyAttr,
					 privateKeyLabel);
	// @@@ What if this throws, we need to free privateKey.
	makeReferenceKey(pubKeyHandle, publicKey, database, publicKeyAttr,
					 publicKeyLabel);
}

void
SSCSPSession::ObtainPrivateKeyFromPublicKey(const CssmKey &PublicKey,
											CssmKey &PrivateKey)
{
	unimplemented();
}

void
SSCSPSession::QueryKeySizeInBits(CSSM_CC_HANDLE CCHandle,
								 const Context *Context,
								 const CssmKey *Key,
								 CSSM_KEY_SIZE &KeySize)
{
	unimplemented();
}

void
SSCSPSession::FreeKey(const AccessCredentials *accessCred,
					  CssmKey &ioKey, CSSM_BOOL deleteKey)
{
	if (ioKey.blobType() == CSSM_KEYBLOB_REFERENCE)
	{
        StLock<Mutex> _(mSSCSPDLSession.mKeyDeletionMutex);
		// @@@ Note that this means that detaching a session should free
		// all keys ascociated with it or else...
		// -- or else what?
		// exactly!

		// @@@ There are thread safety issues when deleting a key that is
		// in use by another thread, but the answer to that is: Don't do
		// that!

		// Find the key in the map.  Tell tell the key to free itself
		// (when the auto_ptr deletes the key it removes itself from the map). 
	    secinfo("freeKey", "CSPDL FreeKey");
		auto_ptr<SSKey> ssKey(&mSSCSPDLSession.find<SSKey>(ioKey));
		ssKey->free(accessCred, ioKey, deleteKey);
	}
	else
	{
		CSPFullPluginSession::FreeKey(accessCred, ioKey, deleteKey);
	}
}


//
// Generation stuff.
//
void
SSCSPSession::GenerateRandom(CSSM_CC_HANDLE ccHandle,
							 const Context &context,
							 CssmData &randomNumber)
{
    checkOperation(context.type(), CSSM_ALGCLASS_RANDOMGEN);
	// if (context.algorithm() != @@@) CssmError::throwMe(ALGORITHM_NOT_SUPPORTED);
	uint32 needed = context.getInt(CSSM_ATTRIBUTE_OUTPUT_SIZE, CSSMERR_CSP_MISSING_ATTR_OUTPUT_SIZE);

	// @@@ What about the seed?
    if (randomNumber.length())
	{
        if (randomNumber.length() < needed)
            CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR);
		clientSession().generateRandom(context, randomNumber);
    }
	else
	{
        randomNumber.Data = alloc<uint8>(needed);
		try
		{
			clientSession().generateRandom(context, randomNumber);
		}
		catch(...)
		{
			free(randomNumber.Data);
			randomNumber.Data = NULL;
			throw;
		}
	}
}

//
// Login/Logout and token operational maintainance.  These mean little
// without support by the actual implementation, but we can help...
// @@@ Should this be in CSP[non-Full]PluginSession?
//
void
SSCSPSession::Login(const AccessCredentials &AccessCred,
					const CssmData *LoginName,
					const void *Reserved)
{
	// @@@ Do a login to the securityServer making keys persistent until it
	// goes away
	unimplemented();
}

void
SSCSPSession::Logout()
{
	unimplemented();
}

void
SSCSPSession::VerifyDevice(const CssmData &DeviceCert)
{
	CssmError::throwMe(CSSMERR_CSP_DEVICE_VERIFY_FAILED);
}

void
SSCSPSession::GetOperationalStatistics(CSPOperationalStatistics &statistics)
{
	unimplemented();
}


//
// Utterly miscellaneous, rarely used, strange functions
//
void
SSCSPSession::RetrieveCounter(CssmData &Counter)
{
	unimplemented();
}

void
SSCSPSession::RetrieveUniqueId(CssmData &UniqueID)
{
	unimplemented();
}

void
SSCSPSession::GetTimeValue(CSSM_ALGORITHMS TimeAlgorithm, CssmData &TimeData)
{
	unimplemented();
}


//
// ACL retrieval and change operations
//
void
SSCSPSession::GetKeyOwner(const CssmKey &Key,
						  CSSM_ACL_OWNER_PROTOTYPE &Owner)
{
	lookupKey(Key).getOwner(Owner, *this);
}

void
SSCSPSession::ChangeKeyOwner(const AccessCredentials &AccessCred,
							 const CssmKey &Key,
							 const CSSM_ACL_OWNER_PROTOTYPE &NewOwner)
{
	lookupKey(Key).changeOwner(AccessCred,
							   AclOwnerPrototype::overlay(NewOwner));
}

void
SSCSPSession::GetKeyAcl(const CssmKey &Key,
						const CSSM_STRING *SelectionTag,
						uint32 &NumberOfAclInfos,
						CSSM_ACL_ENTRY_INFO_PTR &AclInfos)
{
	lookupKey(Key).getAcl(reinterpret_cast<const char *>(SelectionTag),
						  NumberOfAclInfos,
						  reinterpret_cast<AclEntryInfo *&>(AclInfos), *this);
}

void
SSCSPSession::ChangeKeyAcl(const AccessCredentials &AccessCred,
						   const CSSM_ACL_EDIT &AclEdit,
						   const CssmKey &Key)
{
	lookupKey(Key).changeAcl(AccessCred, AclEdit::overlay(AclEdit));
}

void
SSCSPSession::GetLoginOwner(CSSM_ACL_OWNER_PROTOTYPE &Owner)
{
	unimplemented();
}

void
SSCSPSession::ChangeLoginOwner(const AccessCredentials &AccessCred,
							   const CSSM_ACL_OWNER_PROTOTYPE &NewOwner)
{
	unimplemented();
}

void
SSCSPSession::GetLoginAcl(const CSSM_STRING *SelectionTag,
						  uint32 &NumberOfAclInfos,
						  CSSM_ACL_ENTRY_INFO_PTR &AclInfos)
{
	unimplemented();
}

void
SSCSPSession::ChangeLoginAcl(const AccessCredentials &AccessCred,
							 const CSSM_ACL_EDIT &AclEdit)
{
	unimplemented();
}


//
// Passthroughs
//
void
SSCSPSession::PassThrough(CSSM_CC_HANDLE CCHandle,
						  const Context &context,
						  uint32 passThroughId,
						  const void *inData,
						  void **outData)
{
    checkOperation(context.type(), CSSM_ALGCLASS_NONE);
	switch (passThroughId) {
	case CSSM_APPLESCPDL_CSP_GET_KEYHANDLE:
	{
		// inData unused, must be NULL
		if (inData)
			CssmError::throwMe(CSSM_ERRCODE_INVALID_INPUT_POINTER);

		// outData required, must be pointer-to-pointer-to-KeyHandle
		KeyHandle &result = Required(reinterpret_cast<KeyHandle *>(outData));

		// we'll take the key from the context
		const CssmKey &key =
			context.get<const CssmKey>(CSSM_ATTRIBUTE_KEY,  CSSMERR_CSP_MISSING_ATTR_KEY);

		// all ready
		result = lookupKey(key).keyHandle();
		break;
	}
	case CSSM_APPLECSP_KEYDIGEST:
	{
		// inData unused, must be NULL
		if (inData)
			CssmError::throwMe(CSSM_ERRCODE_INVALID_INPUT_POINTER);

		// outData required
		Required(outData);

		// take the key from the context, convert to KeyHandle
		const CssmKey &key =
			context.get<const CssmKey>(CSSM_ATTRIBUTE_KEY,  CSSMERR_CSP_MISSING_ATTR_KEY); 
		KeyHandle keyHandle = lookupKey(key).keyHandle();

		// allocate digest holder on app's behalf
		CSSM_DATA *digest = alloc<CSSM_DATA>(sizeof(CSSM_DATA));
		digest->Data = NULL;
		digest->Length = 0;
				
		// go
		try {
			clientSession().getKeyDigest(keyHandle, CssmData::overlay(*digest));
		}
		catch(...) {
			free(digest);
			throw;
		}
		*outData = digest;
		break;
	}
	
	default:
		CssmError::throwMe(CSSM_ERRCODE_INVALID_PASSTHROUGH_ID);
	}
}

/* Validate requested key attr flags for newly generated keys */
void SSCSPSession::validateKeyAttr(uint32 reqKeyAttr)
{
	if(reqKeyAttr & (CSSM_KEYATTR_RETURN_DATA)) {
		/* CSPDL only supports reference keys */
		CssmError::throwMe(CSSMERR_CSP_UNSUPPORTED_KEYATTR_MASK);
	}
	if(reqKeyAttr & (CSSM_KEYATTR_ALWAYS_SENSITIVE | 
				     CSSM_KEYATTR_NEVER_EXTRACTABLE)) {
		/* invalid for any CSP */
		CssmError::throwMe(CSSMERR_CSP_INVALID_KEYATTR_MASK);
	}
	/* There may be more, but we'll leave it to SS and CSP to decide */
}
Commit	Line	Data
b1ab9ed8	1	/*
d8f41ccd	2	* Copyright (c) 2000-2001,2011-2012,2014 Apple Inc. All Rights Reserved.
b1ab9ed8 A	3	*
	4	* The contents of this file constitute Original Code as defined in and are
	5	* subject to the Apple Public Source License Version 1.2 (the 'License').
	6	* You may not use this file except in compliance with the License. Please obtain
	7	* a copy of the License at http://www.apple.com/publicsource and read it before
	8	* using this file.
	9	*
	10	* This Original Code and all software distributed under the License are
	11	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
	12	* OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
	13	* LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
	14	* PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
	15	* specific language governing rights and limitations under the License.
	16	*/
	17
	18
	19	//
	20	// SSCSPSession.cpp - Security Server CSP session.
	21	//
	22	#include "SSCSPSession.h"
	23
	24	#include "CSPDLPlugin.h"
	25	#include "SSDatabase.h"
	26	#include "SSDLSession.h"
	27	#include "SSKey.h"
	28	#include <security_cdsa_utilities/cssmbridge.h>
	29	#include <memory>
	30
	31	using namespace std;
	32	using namespace SecurityServer;
	33
	34	//
	35	// SSCSPSession -- Security Server CSP session
	36	//
	37	SSCSPSession::SSCSPSession(CSSM_MODULE_HANDLE handle,
	38	CSPDLPlugin &plug,
	39	const CSSM_VERSION &version,
	40	uint32 subserviceId,
	41	CSSM_SERVICE_TYPE subserviceType,
	42	CSSM_ATTACH_FLAGS attachFlags,
	43	const CSSM_UPCALLS &upcalls,
	44	SSCSPDLSession &ssCSPDLSession,
	45	CssmClient::CSP &rawCsp)
	46	: CSPFullPluginSession(handle, plug, version, subserviceId, subserviceType,
	47	attachFlags, upcalls),
	48	mSSCSPDLSession(ssCSPDLSession),
	49	mSSFactory(plug.mSSFactory),
	50	mRawCsp(rawCsp),
	51	mClientSession(Allocator::standard(), *this)
	52	{
	53	mClientSession.registerForAclEdits(SSCSPDLSession::didChangeKeyAclCallback, &mSSCSPDLSession);
	54	}
	55
	56	//
	57	// Called at (CSSM) context create time. This is ignored; we do a full
	58	// context setup later, at setupContext time.
	59	//
	60	CSPFullPluginSession::CSPContext *
	61	SSCSPSession::contextCreate(CSSM_CC_HANDLE handle, const Context &context)
	62	{
	63	return NULL;
	64	}
	65
	66
67	//
68	// Called by CSPFullPluginSession when an op is actually commencing.
69	// Context can safely assumed to be fully formed and stable for the
70	// duration of the op; thus we wait until now to set up our
71	// CSPContext as appropriate to the op.
72	//
73	void
74	SSCSPSession::setupContext(CSPContext * &cspCtx,
75	const Context &context,
76	bool encoding)
77	{
78	// note we skip this if this CSPContext is being reused
79	if (cspCtx == NULL)
80	{
81
82	if (mSSFactory.setup(*this, cspCtx, context, encoding))
83	return;
84
85	#if 0
86	if (mBSafe4Factory.setup(*this, cspCtx, context))
87	return;
88
89	if (mCryptKitFactory.setup(*this, cspCtx, context))
90	return;
91	#endif
92
93	CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
94	}
95	}
96
97
98	//
99	// DL interaction
100	//
101	SSDatabase
102	SSCSPSession::getDatabase(const Context &context)
103	{
104	return getDatabase(context.get<CSSM_DL_DB_HANDLE>(CSSM_ATTRIBUTE_DL_DB_HANDLE));
105	}
106
107	SSDatabase
108	SSCSPSession::getDatabase(CSSM_DL_DB_HANDLE *aDLDbHandle)
109	{
110	if (aDLDbHandle)
111	return findSession<SSDLSession>(aDLDbHandle->DLHandle).findDbHandle(aDLDbHandle->DBHandle);
112	else
113	return SSDatabase();
114	}
115
116
117	//
118	// Reference Key management
119	//
120	void
121	SSCSPSession::makeReferenceKey(KeyHandle inKeyHandle, CssmKey &ioKey, SSDatabase &inSSDatabase,
122	uint32 inKeyAttr, const CssmData *inKeyLabel)
123	{
124	return mSSCSPDLSession.makeReferenceKey(*this, inKeyHandle, ioKey, inSSDatabase, inKeyAttr, inKeyLabel);
125	}
126
127	SSKey &
128	SSCSPSession::lookupKey(const CssmKey &inKey)
129	{
130	return mSSCSPDLSession.lookupKey(inKey);
131	}
132
133
134	//
135	// Key creating and handeling members
136	//
137	void
138	SSCSPSession::WrapKey(CSSM_CC_HANDLE CCHandle,
139	const Context &context,
140	const AccessCredentials &AccessCred,
141	const CssmKey &Key,
142	const CssmData *DescriptiveData,
143	CssmKey &WrappedKey,
144	CSSM_PRIVILEGE Privilege)
145	{
146	// @@@ Deal with permanent keys
147	const CssmKey *keyInContext =
148	context.get<const CssmKey>(CSSM_ATTRIBUTE_KEY);
149
150	KeyHandle contextKeyHandle = (keyInContext
151	? lookupKey(*keyInContext).keyHandle()
152	: noKey);
153	clientSession().wrapKey(context, contextKeyHandle,
154	lookupKey(Key).keyHandle(), &AccessCred,
155	DescriptiveData, WrappedKey, *this);
156	}
157
158	void
159	SSCSPSession::UnwrapKey(CSSM_CC_HANDLE CCHandle,
160	const Context &context,
161	const CssmKey *PublicKey,
162	const CssmWrappedKey &WrappedKey,
163	uint32 KeyUsage,
164	uint32 KeyAttr,
165	const CssmData *KeyLabel,
166	const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry,
167	CssmKey &UnwrappedKey,
168	CssmData &DescriptiveData,
169	CSSM_PRIVILEGE Privilege)
170	{
171	SSDatabase database = getDatabase(context);
172	validateKeyAttr(KeyAttr);
173	const AccessCredentials *cred = NULL;
174	const AclEntryInput *owner = NULL;
175	if (CredAndAclEntry)
176	{
177	cred = AccessCredentials::overlay(CredAndAclEntry->AccessCred);
178	owner = &AclEntryInput::overlay(CredAndAclEntry->InitialAclEntry);
179	}
180
181	KeyHandle publicKey = noKey;
182	if (PublicKey)
183	{
184	if (PublicKey->blobType() == CSSM_KEYBLOB_RAW)
185	{
186	// @@@ We need to unwrap the publicKey into the SecurityServer
187	// before continuing
188	CssmError::throwMe(CSSMERR_CSP_INVALID_KEY);
189	}
190	else
191	publicKey = lookupKey(*PublicKey).keyHandle();
192	}
193
194	// @@@ Deal with permanent keys
195	const CssmKey *keyInContext =
196	context.get<const CssmKey>(CSSM_ATTRIBUTE_KEY);
197
198	KeyHandle contextKeyHandle =
199	keyInContext ? lookupKey(*keyInContext).keyHandle() : noKey;
200
201	KeyHandle unwrappedKeyHandle;
202	clientSession().unwrapKey(database.dbHandle(), context, contextKeyHandle,
203	publicKey, WrappedKey, KeyUsage, KeyAttr,
204	cred, owner, DescriptiveData, unwrappedKeyHandle,
205	UnwrappedKey.header(), *this);
206	makeReferenceKey(unwrappedKeyHandle, UnwrappedKey, database, KeyAttr,
207	KeyLabel);
208	}
209
210	void
211	SSCSPSession::DeriveKey(CSSM_CC_HANDLE ccHandle,
212	const Context &context,
213	CssmData &param,
214	uint32 keyUsage,
215	uint32 keyAttr,
216	const CssmData *keyLabel,
217	const CSSM_RESOURCE_CONTROL_CONTEXT *credAndAclEntry,
218	CssmKey &derivedKey)
219	{
220	SSDatabase database = getDatabase(context);
221	validateKeyAttr(keyAttr);
222	const AccessCredentials *cred = NULL;
223	const AclEntryInput *owner = NULL;
224	if (credAndAclEntry)
225	{
226	cred = AccessCredentials::overlay(credAndAclEntry->AccessCred);
227	owner = &AclEntryInput::overlay(credAndAclEntry->InitialAclEntry);
228	}
229
230	/* optional BaseKey */
231	const CssmKey *keyInContext =
232	context.get<const CssmKey>(CSSM_ATTRIBUTE_KEY);
233	KeyHandle contextKeyHandle =
234	keyInContext ? lookupKey(*keyInContext).keyHandle() : noKey;
235	KeyHandle keyHandle;
236	switch(context.algorithm()) {
237	case CSSM_ALGID_KEYCHAIN_KEY:
238	{
239	// special interpretation: take DLDBHandle -> DbHandle from params
240	clientSession().extractMasterKey(database.dbHandle(), context,
241	getDatabase(param.interpretedAs<CSSM_DL_DB_HANDLE>(CSSMERR_CSP_INVALID_ATTR_DL_DB_HANDLE)).dbHandle(),
242	keyUsage, keyAttr, cred, owner, keyHandle, derivedKey.header());
243	}
244	break;
245	default:
246	clientSession().deriveKey(database.dbHandle(), context, contextKeyHandle, keyUsage,
247	keyAttr, param, cred, owner, keyHandle, derivedKey.header());
248	break;
249	}
250	makeReferenceKey(keyHandle, derivedKey, database, keyAttr, keyLabel);
251	}
252
253	void
254	SSCSPSession::GenerateKey(CSSM_CC_HANDLE ccHandle,
255	const Context &context,
256	uint32 keyUsage,
257	uint32 keyAttr,
258	const CssmData *keyLabel,
259	const CSSM_RESOURCE_CONTROL_CONTEXT *credAndAclEntry,
260	CssmKey &key,
261	CSSM_PRIVILEGE privilege)
262	{
263	SSDatabase database = getDatabase(context);
264	validateKeyAttr(keyAttr);
265	const AccessCredentials *cred = NULL;
266	const AclEntryInput *owner = NULL;
267	if (credAndAclEntry)
268	{
269	cred = AccessCredentials::overlay(credAndAclEntry->AccessCred);
270	owner = &AclEntryInput::overlay(credAndAclEntry->InitialAclEntry);
271	}
272
273	KeyHandle keyHandle;
274	clientSession().generateKey(database.dbHandle(), context, keyUsage,
275	keyAttr, cred, owner, keyHandle, key.header());
276	makeReferenceKey(keyHandle, key, database, keyAttr, keyLabel);
277	}
278
279	void
280	SSCSPSession::GenerateKeyPair(CSSM_CC_HANDLE ccHandle,
281	const Context &context,
282	uint32 publicKeyUsage,
283	uint32 publicKeyAttr,
284	const CssmData *publicKeyLabel,
285	CssmKey &publicKey,
286	uint32 privateKeyUsage,
287	uint32 privateKeyAttr,
288	const CssmData *privateKeyLabel,
289	const CSSM_RESOURCE_CONTROL_CONTEXT *credAndAclEntry,
290	CssmKey &privateKey,
291	CSSM_PRIVILEGE privilege)
292	{
293	SSDatabase database = getDatabase(context);
294	validateKeyAttr(publicKeyAttr);
295	validateKeyAttr(privateKeyAttr);
296	const AccessCredentials *cred = NULL;
297	const AclEntryInput *owner = NULL;
298	if (credAndAclEntry)
299	{
300	cred = AccessCredentials::overlay(credAndAclEntry->AccessCred);
301	owner = &AclEntryInput::overlay(credAndAclEntry->InitialAclEntry);
302	}
303
304	/*
305	* Public keys must be extractable in the clear - that's the Apple
306	* policy. The raw CSP is unable to enforce the extractable
307	* bit since it always sees that as true (it's managed and forced
308	* true by the SecurityServer). So...
309	*/
310	if(!(publicKeyAttr & CSSM_KEYATTR_EXTRACTABLE)) {
311	CssmError::throwMe(CSSMERR_CSP_INVALID_KEYATTR_MASK);
312	}
313	KeyHandle pubKeyHandle, privKeyHandle;
314	clientSession().generateKey(database.dbHandle(), context,
315	publicKeyUsage, publicKeyAttr,
316	privateKeyUsage, privateKeyAttr,
317	cred, owner,
318	pubKeyHandle, publicKey.header(),
319	privKeyHandle, privateKey.header());
320	makeReferenceKey(privKeyHandle, privateKey, database, privateKeyAttr,
321	privateKeyLabel);
322	// @@@ What if this throws, we need to free privateKey.
323	makeReferenceKey(pubKeyHandle, publicKey, database, publicKeyAttr,
324	publicKeyLabel);
325	}
326
327	void
328	SSCSPSession::ObtainPrivateKeyFromPublicKey(const CssmKey &PublicKey,
329	CssmKey &PrivateKey)
330	{
331	unimplemented();
332	}
333
334	void
335	SSCSPSession::QueryKeySizeInBits(CSSM_CC_HANDLE CCHandle,
427c49bc A	336	const Context *Context,
427c49bc A	337	const CssmKey *Key,
b1ab9ed8 A	338	CSSM_KEY_SIZE &KeySize)
	339	{
	340	unimplemented();
	341	}
	342
	343	void
	344	SSCSPSession::FreeKey(const AccessCredentials *accessCred,
	345	CssmKey &ioKey, CSSM_BOOL deleteKey)
	346	{
	347	if (ioKey.blobType() == CSSM_KEYBLOB_REFERENCE)
	348	{
866f8763	349	StLock<Mutex> _(mSSCSPDLSession.mKeyDeletionMutex);
b1ab9ed8 A	350	// @@@ Note that this means that detaching a session should free
	351	// all keys ascociated with it or else...
	352	// -- or else what?
	353	// exactly!
	354
	355	// @@@ There are thread safety issues when deleting a key that is
	356	// in use by another thread, but the answer to that is: Don't do
	357	// that!
	358
	359	// Find the key in the map. Tell tell the key to free itself
	360	// (when the auto_ptr deletes the key it removes itself from the map).
fa7225c8	361	secinfo("freeKey", "CSPDL FreeKey");
b1ab9ed8 A	362	auto_ptr<SSKey> ssKey(&mSSCSPDLSession.find<SSKey>(ioKey));
	363	ssKey->free(accessCred, ioKey, deleteKey);
	364	}
	365	else
	366	{
	367	CSPFullPluginSession::FreeKey(accessCred, ioKey, deleteKey);
	368	}
	369	}
	370
	371
	372	//
	373	// Generation stuff.
	374	//
	375	void
	376	SSCSPSession::GenerateRandom(CSSM_CC_HANDLE ccHandle,
	377	const Context &context,
	378	CssmData &randomNumber)
	379	{
	380	checkOperation(context.type(), CSSM_ALGCLASS_RANDOMGEN);
	381	// if (context.algorithm() != @@@) CssmError::throwMe(ALGORITHM_NOT_SUPPORTED);
	382	uint32 needed = context.getInt(CSSM_ATTRIBUTE_OUTPUT_SIZE, CSSMERR_CSP_MISSING_ATTR_OUTPUT_SIZE);
	383
	384	// @@@ What about the seed?
	385	if (randomNumber.length())
	386	{
	387	if (randomNumber.length() < needed)
	388	CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR);
	389	clientSession().generateRandom(context, randomNumber);
	390	}
	391	else
	392	{
	393	randomNumber.Data = alloc<uint8>(needed);
	394	try
	395	{
	396	clientSession().generateRandom(context, randomNumber);
	397	}
	398	catch(...)
	399	{
	400	free(randomNumber.Data);
	401	randomNumber.Data = NULL;
	402	throw;
	403	}
	404	}
	405	}
	406
	407	//
	408	// Login/Logout and token operational maintainance. These mean little
	409	// without support by the actual implementation, but we can help...
	410	// @@@ Should this be in CSP[non-Full]PluginSession?
	411	//
	412	void
	413	SSCSPSession::Login(const AccessCredentials &AccessCred,
	414	const CssmData *LoginName,
	415	const void *Reserved)
	416	{
5c19dc3a	417	// @@@ Do a login to the securityServer making keys persistent until it
b1ab9ed8 A	418	// goes away
	419	unimplemented();
	420	}
	421
	422	void
	423	SSCSPSession::Logout()
	424	{
	425	unimplemented();
	426	}
	427
	428	void
	429	SSCSPSession::VerifyDevice(const CssmData &DeviceCert)
	430	{
	431	CssmError::throwMe(CSSMERR_CSP_DEVICE_VERIFY_FAILED);
	432	}
	433
	434	void
	435	SSCSPSession::GetOperationalStatistics(CSPOperationalStatistics &statistics)
	436	{
	437	unimplemented();
	438	}
	439
	440
	441	//
	442	// Utterly miscellaneous, rarely used, strange functions
	443	//
	444	void
	445	SSCSPSession::RetrieveCounter(CssmData &Counter)
	446	{
	447	unimplemented();
	448	}
	449
	450	void
	451	SSCSPSession::RetrieveUniqueId(CssmData &UniqueID)
	452	{
	453	unimplemented();
	454	}
	455
	456	void
	457	SSCSPSession::GetTimeValue(CSSM_ALGORITHMS TimeAlgorithm, CssmData &TimeData)
	458	{
	459	unimplemented();
	460	}
	461
	462
	463	//
	464	// ACL retrieval and change operations
	465	//
	466	void
	467	SSCSPSession::GetKeyOwner(const CssmKey &Key,
	468	CSSM_ACL_OWNER_PROTOTYPE &Owner)
	469	{
	470	lookupKey(Key).getOwner(Owner, *this);
	471	}
	472
	473	void
	474	SSCSPSession::ChangeKeyOwner(const AccessCredentials &AccessCred,
	475	const CssmKey &Key,
	476	const CSSM_ACL_OWNER_PROTOTYPE &NewOwner)
	477	{
	478	lookupKey(Key).changeOwner(AccessCred,
	479	AclOwnerPrototype::overlay(NewOwner));
	480	}
	481
482	void
483	SSCSPSession::GetKeyAcl(const CssmKey &Key,
484	const CSSM_STRING *SelectionTag,
485	uint32 &NumberOfAclInfos,
486	CSSM_ACL_ENTRY_INFO_PTR &AclInfos)
487	{
488	lookupKey(Key).getAcl(reinterpret_cast<const char *>(SelectionTag),
489	NumberOfAclInfos,
490	reinterpret_cast<AclEntryInfo &>(AclInfos), this);
491	}
492
493	void
494	SSCSPSession::ChangeKeyAcl(const AccessCredentials &AccessCred,
495	const CSSM_ACL_EDIT &AclEdit,
496	const CssmKey &Key)
497	{
498	lookupKey(Key).changeAcl(AccessCred, AclEdit::overlay(AclEdit));
499	}
500
501	void
502	SSCSPSession::GetLoginOwner(CSSM_ACL_OWNER_PROTOTYPE &Owner)
503	{
504	unimplemented();
505	}
506
507	void
508	SSCSPSession::ChangeLoginOwner(const AccessCredentials &AccessCred,
509	const CSSM_ACL_OWNER_PROTOTYPE &NewOwner)
510	{
511	unimplemented();
512	}
513
514	void
515	SSCSPSession::GetLoginAcl(const CSSM_STRING *SelectionTag,
516	uint32 &NumberOfAclInfos,
517	CSSM_ACL_ENTRY_INFO_PTR &AclInfos)
518	{
519	unimplemented();
520	}
521
522	void
523	SSCSPSession::ChangeLoginAcl(const AccessCredentials &AccessCred,
524	const CSSM_ACL_EDIT &AclEdit)
525	{
526	unimplemented();
527	}
528
529
530
531	//
532	// Passthroughs
533	//
534	void
535	SSCSPSession::PassThrough(CSSM_CC_HANDLE CCHandle,
536	const Context &context,
537	uint32 passThroughId,
538	const void *inData,
539	void **outData)
540	{
541	checkOperation(context.type(), CSSM_ALGCLASS_NONE);
542	switch (passThroughId) {
543	case CSSM_APPLESCPDL_CSP_GET_KEYHANDLE:
544	{
545	// inData unused, must be NULL
546	if (inData)
547	CssmError::throwMe(CSSM_ERRCODE_INVALID_INPUT_POINTER);
548
549	// outData required, must be pointer-to-pointer-to-KeyHandle
550	KeyHandle &result = Required(reinterpret_cast<KeyHandle *>(outData));
551
552	// we'll take the key from the context
553	const CssmKey &key =
554	context.get<const CssmKey>(CSSM_ATTRIBUTE_KEY, CSSMERR_CSP_MISSING_ATTR_KEY);
555
556	// all ready
557	result = lookupKey(key).keyHandle();
558	break;
559	}
560	case CSSM_APPLECSP_KEYDIGEST:
561	{
562	// inData unused, must be NULL
563	if (inData)
564	CssmError::throwMe(CSSM_ERRCODE_INVALID_INPUT_POINTER);
565
566	// outData required
567	Required(outData);
568
569	// take the key from the context, convert to KeyHandle
570	const CssmKey &key =
571	context.get<const CssmKey>(CSSM_ATTRIBUTE_KEY, CSSMERR_CSP_MISSING_ATTR_KEY);
572	KeyHandle keyHandle = lookupKey(key).keyHandle();
573
574	// allocate digest holder on app's behalf
575	CSSM_DATA *digest = alloc<CSSM_DATA>(sizeof(CSSM_DATA));
576	digest->Data = NULL;
577	digest->Length = 0;
578
579	// go
580	try {
581	clientSession().getKeyDigest(keyHandle, CssmData::overlay(*digest));
582	}
583	catch(...) {
584	free(digest);
585	throw;
586	}
587	*outData = digest;
588	break;
589	}
590
591	default:
592	CssmError::throwMe(CSSM_ERRCODE_INVALID_PASSTHROUGH_ID);
593	}
594	}
595
596	/* Validate requested key attr flags for newly generated keys */
597	void SSCSPSession::validateKeyAttr(uint32 reqKeyAttr)
598	{
599	if(reqKeyAttr & (CSSM_KEYATTR_RETURN_DATA)) {
600	/* CSPDL only supports reference keys */
601	CssmError::throwMe(CSSMERR_CSP_UNSUPPORTED_KEYATTR_MASK);
602	}
603	if(reqKeyAttr & (CSSM_KEYATTR_ALWAYS_SENSITIVE \|
604	CSSM_KEYATTR_NEVER_EXTRACTABLE)) {
605	/* invalid for any CSP */
606	CssmError::throwMe(CSSMERR_CSP_INVALID_KEYATTR_MASK);
607	}
608	/* There may be more, but we'll leave it to SS and CSP to decide */
609	}