[apple/security.git] / securityd / src / localdatabase.cpp

/*
 * Copyright (c) 2004,2006,2008 Apple Inc. All Rights Reserved.
 * 
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */


//
// localdatabase - locally implemented database using internal CSP cryptography
//
#include "localdatabase.h"
#include "agentquery.h"
#include "localkey.h"
#include "server.h"
#include "session.h"
#include <security_cdsa_utilities/acl_any.h>	// for default owner ACLs
#include <security_cdsa_client/wrapkey.h>
#include <security_cdsa_client/genkey.h>
#include <security_cdsa_client/signclient.h>
#include <security_cdsa_client/cryptoclient.h>
#include <security_cdsa_client/macclient.h>
#include <security_utilities/endian.h>


//
// Create a Database object from initial parameters (create operation)
//
LocalDatabase::LocalDatabase(Process &proc)
	: Database(proc)
{
}


static inline LocalKey &myKey(Key &key)
{
	return safer_cast<LocalKey &>(key);
}


//
// Key inquiries
//
void LocalDatabase::queryKeySizeInBits(Key &key, CssmKeySize &result)
{
    CssmClient::Key theKey(Server::csp(), myKey(key));
    result = theKey.sizeInBits();
}


//
// Signatures and MACs
//
void LocalDatabase::generateSignature(const Context &context, Key &key,
	CSSM_ALGORITHMS signOnlyAlgorithm, const CssmData &data, CssmData &signature)
{
	context.replace(CSSM_ATTRIBUTE_KEY, myKey(key).cssmKey());
	key.validate(CSSM_ACL_AUTHORIZATION_SIGN, context);
	CssmClient::Sign signer(Server::csp(), context.algorithm(), signOnlyAlgorithm);
	signer.override(context);
	signer.sign(data, signature);
}

void LocalDatabase::verifySignature(const Context &context, Key &key,
	CSSM_ALGORITHMS verifyOnlyAlgorithm, const CssmData &data, const CssmData &signature)
{
	context.replace(CSSM_ATTRIBUTE_KEY, myKey(key).cssmKey());
	CssmClient::Verify verifier(Server::csp(), context.algorithm(), verifyOnlyAlgorithm);
	verifier.override(context);
	verifier.verify(data, signature);
}

void LocalDatabase::generateMac(const Context &context, Key &key,
	const CssmData &data, CssmData &mac)
{
	context.replace(CSSM_ATTRIBUTE_KEY, myKey(key).cssmKey());
	key.validate(CSSM_ACL_AUTHORIZATION_MAC, context);
	CssmClient::GenerateMac signer(Server::csp(), context.algorithm());
	signer.override(context);
	signer.sign(data, mac);
}

void LocalDatabase::verifyMac(const Context &context, Key &key,
	const CssmData &data, const CssmData &mac)
{
	context.replace(CSSM_ATTRIBUTE_KEY, myKey(key).cssmKey());
	key.validate(CSSM_ACL_AUTHORIZATION_MAC, context);
	CssmClient::VerifyMac verifier(Server::csp(), context.algorithm());
	verifier.override(context);
	verifier.verify(data, mac);
}


//
// Encryption/decryption
//
void LocalDatabase::encrypt(const Context &context, Key &key,
	const CssmData &clear, CssmData &cipher)
{
	context.replace(CSSM_ATTRIBUTE_KEY, myKey(key).cssmKey());
	key.validate(CSSM_ACL_AUTHORIZATION_ENCRYPT, context);
	CssmClient::Encrypt cryptor(Server::csp(), context.algorithm());
	cryptor.override(context);
	CssmData remData;
	size_t totalLength = cryptor.encrypt(clear, cipher, remData);
	// shouldn't need remData - if an algorithm REQUIRES this, we'd have to ship it
	if (remData)
		CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR);
	cipher.length(totalLength);
}

void LocalDatabase::decrypt(const Context &context, Key &key,
	const CssmData &cipher, CssmData &clear)
{
	context.replace(CSSM_ATTRIBUTE_KEY, myKey(key).cssmKey());
	key.validate(CSSM_ACL_AUTHORIZATION_DECRYPT, context);
	CssmClient::Decrypt cryptor(Server::csp(), context.algorithm());
	cryptor.override(context);
	CssmData remData;
	size_t totalLength = cryptor.decrypt(cipher, clear, remData);
	// shouldn't need remData - if an algorithm REQUIRES this, we'd have to ship it
	if (remData)
		CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR);
	clear.length(totalLength);
}


//
// Key generation and derivation.
// Currently, we consider symmetric key generation to be fast, but
// asymmetric key generation to be (potentially) slow.
//
void LocalDatabase::generateKey(const Context &context,
		const AccessCredentials *cred, const AclEntryPrototype *owner,
		uint32 usage, uint32 attrs, RefPointer<Key> &newKey)
{
	// prepare a context
	CssmClient::GenerateKey generate(Server::csp(), context.algorithm());
	generate.override(context);
	
	// generate key
	// @@@ turn "none" return into reference if permanent (only)
	CssmKey key;
	generate(key, LocalKey::KeySpec(usage, attrs));
		
	// register and return the generated key
    newKey = makeKey(key, attrs & LocalKey::managedAttributes, owner);
}

void LocalDatabase::generateKey(const Context &context,
	const AccessCredentials *cred, const AclEntryPrototype *owner,
	uint32 pubUsage, uint32 pubAttrs, uint32 privUsage, uint32 privAttrs,
    RefPointer<Key> &publicKey, RefPointer<Key> &privateKey)
{
	// prepare a context
	CssmClient::GenerateKey generate(Server::csp(), context.algorithm());
	generate.override(context);
	
	// this may take a while; let our server object know
	Server::active().longTermActivity();
	
	// generate keys
	// @@@ turn "none" return into reference if permanent (only)
	CssmKey pubKey, privKey;
	generate(pubKey, LocalKey::KeySpec(pubUsage, pubAttrs),
		privKey, LocalKey::KeySpec(privUsage, privAttrs));
		
	// register and return the generated keys
	publicKey = makeKey(pubKey, pubAttrs & LocalKey::managedAttributes, 
		(pubAttrs & CSSM_KEYATTR_PUBLIC_KEY_ENCRYPT) ? owner : NULL);
	privateKey = makeKey(privKey, privAttrs & LocalKey::managedAttributes, owner);
}


//
// Key wrapping and unwrapping.
// Note that the key argument (the key in the context) is optional because of the special
// case of "cleartext" (null algorithm) wrapping for import/export.
//

void LocalDatabase::wrapKey(const Context &context, const AccessCredentials *cred,
	Key *wrappingKey, Key &keyToBeWrapped,
	const CssmData &descriptiveData, CssmKey &wrappedKey)
{
    keyToBeWrapped.validate(context.algorithm() == CSSM_ALGID_NONE ?
            CSSM_ACL_AUTHORIZATION_EXPORT_CLEAR : CSSM_ACL_AUTHORIZATION_EXPORT_WRAPPED,
                            cred, &keyToBeWrapped.database());
    if (wrappingKey) {
        context.replace(CSSM_ATTRIBUTE_KEY, myKey(*wrappingKey).cssmKey());
		wrappingKey->validate(CSSM_ACL_AUTHORIZATION_ENCRYPT, context);
	}
    CssmClient::WrapKey wrap(Server::csp(), context.algorithm());
    wrap.override(context);
    wrap.cred(cred);
    wrap(myKey(keyToBeWrapped), wrappedKey, &descriptiveData);
}

void LocalDatabase::unwrapKey(const Context &context,
	const AccessCredentials *cred, const AclEntryPrototype *owner,
	Key *wrappingKey, Key *publicKey, CSSM_KEYUSE usage, CSSM_KEYATTR_FLAGS attrs,
	const CssmKey wrappedKey, RefPointer<Key> &unwrappedKey, CssmData &descriptiveData)
{
    if (wrappingKey) {
        context.replace(CSSM_ATTRIBUTE_KEY, myKey(*wrappingKey).cssmKey());
		wrappingKey->validate(CSSM_ACL_AUTHORIZATION_DECRYPT, context);
	}
	// we are not checking access on the public key, if any
	
    CssmClient::UnwrapKey unwrap(Server::csp(), context.algorithm());
    unwrap.override(context);
    unwrap.cred(cred);
	
	// the AclEntryInput will have to live until unwrap is done
	AclEntryInput ownerInput;
    if (owner) {
		ownerInput.proto() = *owner;
        unwrap.owner(ownerInput);
	}
	
    CssmKey result;
	unwrap(wrappedKey, LocalKey::KeySpec(usage, attrs), result, &descriptiveData,
		publicKey ? &myKey(*publicKey).cssmKey() : NULL);
    unwrappedKey = makeKey(result, attrs & LocalKey::managedAttributes, owner);
}


//
// Key derivation
//
void LocalDatabase::deriveKey(const Context &context, Key *key,
	const AccessCredentials *cred, const AclEntryPrototype *owner,
	CssmData *param, uint32 usage, uint32 attrs, RefPointer<Key> &derivedKey)
{
    if (key) {
		key->validate(CSSM_ACL_AUTHORIZATION_DERIVE, context);
        context.replace(CSSM_ATTRIBUTE_KEY, myKey(*key).cssmKey());
	}
	CssmClient::DeriveKey derive(Server::csp(), context.algorithm(), CSSM_ALGID_NONE);
	derive.override(context);
	
	// derive key
	// @@@ turn "none" return into reference if permanent (only)
	CssmKey dKey;
	derive(param, LocalKey::KeySpec(usage, attrs), dKey);

	// register and return the generated key
    derivedKey = makeKey(dKey, attrs & LocalKey::managedAttributes, owner);
}


//
// Miscellaneous CSSM functions
//
void LocalDatabase::getOutputSize(const Context &context, Key &key, uint32 inputSize,
	bool encrypt, uint32 &result)
{
    // We're fudging here somewhat, since the context can be any type.
    // ctx.override will fix the type, and no-one's the wiser.
	context.replace(CSSM_ATTRIBUTE_KEY, myKey(key).cssmKey());
    CssmClient::Digest ctx(Server::csp(), context.algorithm());
    ctx.override(context);
    result = ctx.getOutputSize(inputSize, encrypt);
}
Commit	Line	Data
d8f41ccd A	1	/*
	2	* Copyright (c) 2004,2006,2008 Apple Inc. All Rights Reserved.
	3	*
	4	* @APPLE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
	12	*
	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
	20	*
	21	* @APPLE_LICENSE_HEADER_END@
	22	*/
	23
	24
	25	//
	26	// localdatabase - locally implemented database using internal CSP cryptography
	27	//
	28	#include "localdatabase.h"
	29	#include "agentquery.h"
	30	#include "localkey.h"
	31	#include "server.h"
	32	#include "session.h"
d8f41ccd A	33	#include <security_cdsa_utilities/acl_any.h> // for default owner ACLs
	34	#include <security_cdsa_client/wrapkey.h>
	35	#include <security_cdsa_client/genkey.h>
	36	#include <security_cdsa_client/signclient.h>
	37	#include <security_cdsa_client/cryptoclient.h>
	38	#include <security_cdsa_client/macclient.h>
	39	#include <security_utilities/endian.h>
	40
	41
	42	//
	43	// Create a Database object from initial parameters (create operation)
	44	//
	45	LocalDatabase::LocalDatabase(Process &proc)
	46	: Database(proc)
	47	{
	48	}
	49
	50
	51	static inline LocalKey &myKey(Key &key)
	52	{
	53	return safer_cast<LocalKey &>(key);
	54	}
	55
	56
	57	//
	58	// Key inquiries
	59	//
	60	void LocalDatabase::queryKeySizeInBits(Key &key, CssmKeySize &result)
	61	{
	62	CssmClient::Key theKey(Server::csp(), myKey(key));
	63	result = theKey.sizeInBits();
	64	}
	65
	66
	67	//
	68	// Signatures and MACs
	69	//
	70	void LocalDatabase::generateSignature(const Context &context, Key &key,
	71	CSSM_ALGORITHMS signOnlyAlgorithm, const CssmData &data, CssmData &signature)
	72	{
	73	context.replace(CSSM_ATTRIBUTE_KEY, myKey(key).cssmKey());
	74	key.validate(CSSM_ACL_AUTHORIZATION_SIGN, context);
	75	CssmClient::Sign signer(Server::csp(), context.algorithm(), signOnlyAlgorithm);
	76	signer.override(context);
	77	signer.sign(data, signature);
	78	}
	79
	80	void LocalDatabase::verifySignature(const Context &context, Key &key,
	81	CSSM_ALGORITHMS verifyOnlyAlgorithm, const CssmData &data, const CssmData &signature)
	82	{
	83	context.replace(CSSM_ATTRIBUTE_KEY, myKey(key).cssmKey());
	84	CssmClient::Verify verifier(Server::csp(), context.algorithm(), verifyOnlyAlgorithm);
	85	verifier.override(context);
	86	verifier.verify(data, signature);
	87	}
	88
	89	void LocalDatabase::generateMac(const Context &context, Key &key,
	90	const CssmData &data, CssmData &mac)
	91	{
	92	context.replace(CSSM_ATTRIBUTE_KEY, myKey(key).cssmKey());
	93	key.validate(CSSM_ACL_AUTHORIZATION_MAC, context);
	94	CssmClient::GenerateMac signer(Server::csp(), context.algorithm());
	95	signer.override(context);
	96	signer.sign(data, mac);
97	}
98
99	void LocalDatabase::verifyMac(const Context &context, Key &key,
100	const CssmData &data, const CssmData &mac)
101	{
102	context.replace(CSSM_ATTRIBUTE_KEY, myKey(key).cssmKey());
103	key.validate(CSSM_ACL_AUTHORIZATION_MAC, context);
104	CssmClient::VerifyMac verifier(Server::csp(), context.algorithm());
105	verifier.override(context);
106	verifier.verify(data, mac);
107	}
108
109
110	//
111	// Encryption/decryption
112	//
113	void LocalDatabase::encrypt(const Context &context, Key &key,
114	const CssmData &clear, CssmData &cipher)
115	{
116	context.replace(CSSM_ATTRIBUTE_KEY, myKey(key).cssmKey());
117	key.validate(CSSM_ACL_AUTHORIZATION_ENCRYPT, context);
118	CssmClient::Encrypt cryptor(Server::csp(), context.algorithm());
119	cryptor.override(context);
120	CssmData remData;
121	size_t totalLength = cryptor.encrypt(clear, cipher, remData);
122	// shouldn't need remData - if an algorithm REQUIRES this, we'd have to ship it
123	if (remData)
124	CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR);
125	cipher.length(totalLength);
126	}
127
128	void LocalDatabase::decrypt(const Context &context, Key &key,
129	const CssmData &cipher, CssmData &clear)
130	{
131	context.replace(CSSM_ATTRIBUTE_KEY, myKey(key).cssmKey());
132	key.validate(CSSM_ACL_AUTHORIZATION_DECRYPT, context);
133	CssmClient::Decrypt cryptor(Server::csp(), context.algorithm());
134	cryptor.override(context);
135	CssmData remData;
136	size_t totalLength = cryptor.decrypt(cipher, clear, remData);
137	// shouldn't need remData - if an algorithm REQUIRES this, we'd have to ship it
138	if (remData)
139	CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR);
140	clear.length(totalLength);
141	}
142
143
144	//
145	// Key generation and derivation.
146	// Currently, we consider symmetric key generation to be fast, but
147	// asymmetric key generation to be (potentially) slow.
148	//
149	void LocalDatabase::generateKey(const Context &context,
150	const AccessCredentials cred, const AclEntryPrototype owner,
151	uint32 usage, uint32 attrs, RefPointer<Key> &newKey)
152	{
153	// prepare a context
154	CssmClient::GenerateKey generate(Server::csp(), context.algorithm());
155	generate.override(context);
156
157	// generate key
158	// @@@ turn "none" return into reference if permanent (only)
159	CssmKey key;
160	generate(key, LocalKey::KeySpec(usage, attrs));
161
162	// register and return the generated key
163	newKey = makeKey(key, attrs & LocalKey::managedAttributes, owner);
164	}
165
166	void LocalDatabase::generateKey(const Context &context,
167	const AccessCredentials cred, const AclEntryPrototype owner,
168	uint32 pubUsage, uint32 pubAttrs, uint32 privUsage, uint32 privAttrs,
169	RefPointer<Key> &publicKey, RefPointer<Key> &privateKey)
170	{
171	// prepare a context
172	CssmClient::GenerateKey generate(Server::csp(), context.algorithm());
173	generate.override(context);
174
175	// this may take a while; let our server object know
176	Server::active().longTermActivity();
177
178	// generate keys
179	// @@@ turn "none" return into reference if permanent (only)
180	CssmKey pubKey, privKey;
181	generate(pubKey, LocalKey::KeySpec(pubUsage, pubAttrs),
182	privKey, LocalKey::KeySpec(privUsage, privAttrs));
183
184	// register and return the generated keys
185	publicKey = makeKey(pubKey, pubAttrs & LocalKey::managedAttributes,
186	(pubAttrs & CSSM_KEYATTR_PUBLIC_KEY_ENCRYPT) ? owner : NULL);
187	privateKey = makeKey(privKey, privAttrs & LocalKey::managedAttributes, owner);
188	}
189
190
191	//
192	// Key wrapping and unwrapping.
193	// Note that the key argument (the key in the context) is optional because of the special
194	// case of "cleartext" (null algorithm) wrapping for import/export.
195	//
196
197	void LocalDatabase::wrapKey(const Context &context, const AccessCredentials *cred,
198	Key *wrappingKey, Key &keyToBeWrapped,
199	const CssmData &descriptiveData, CssmKey &wrappedKey)
200	{
201	keyToBeWrapped.validate(context.algorithm() == CSSM_ALGID_NONE ?
202	CSSM_ACL_AUTHORIZATION_EXPORT_CLEAR : CSSM_ACL_AUTHORIZATION_EXPORT_WRAPPED,
dd5fb164	203	cred, &keyToBeWrapped.database());
d8f41ccd A	204	if (wrappingKey) {
	205	context.replace(CSSM_ATTRIBUTE_KEY, myKey(*wrappingKey).cssmKey());
	206	wrappingKey->validate(CSSM_ACL_AUTHORIZATION_ENCRYPT, context);
	207	}
	208	CssmClient::WrapKey wrap(Server::csp(), context.algorithm());
	209	wrap.override(context);
	210	wrap.cred(cred);
	211	wrap(myKey(keyToBeWrapped), wrappedKey, &descriptiveData);
	212	}
	213
	214	void LocalDatabase::unwrapKey(const Context &context,
	215	const AccessCredentials cred, const AclEntryPrototype owner,
	216	Key wrappingKey, Key publicKey, CSSM_KEYUSE usage, CSSM_KEYATTR_FLAGS attrs,
	217	const CssmKey wrappedKey, RefPointer<Key> &unwrappedKey, CssmData &descriptiveData)
	218	{
	219	if (wrappingKey) {
	220	context.replace(CSSM_ATTRIBUTE_KEY, myKey(*wrappingKey).cssmKey());
	221	wrappingKey->validate(CSSM_ACL_AUTHORIZATION_DECRYPT, context);
	222	}
	223	// we are not checking access on the public key, if any
	224
	225	CssmClient::UnwrapKey unwrap(Server::csp(), context.algorithm());
	226	unwrap.override(context);
	227	unwrap.cred(cred);
	228
	229	// the AclEntryInput will have to live until unwrap is done
	230	AclEntryInput ownerInput;
	231	if (owner) {
	232	ownerInput.proto() = *owner;
	233	unwrap.owner(ownerInput);
	234	}
	235
	236	CssmKey result;
	237	unwrap(wrappedKey, LocalKey::KeySpec(usage, attrs), result, &descriptiveData,
	238	publicKey ? &myKey(*publicKey).cssmKey() : NULL);
	239	unwrappedKey = makeKey(result, attrs & LocalKey::managedAttributes, owner);
	240	}
	241
	242
	243	//
	244	// Key derivation
	245	//
	246	void LocalDatabase::deriveKey(const Context &context, Key *key,
	247	const AccessCredentials cred, const AclEntryPrototype owner,
	248	CssmData *param, uint32 usage, uint32 attrs, RefPointer<Key> &derivedKey)
	249	{
	250	if (key) {
	251	key->validate(CSSM_ACL_AUTHORIZATION_DERIVE, context);
	252	context.replace(CSSM_ATTRIBUTE_KEY, myKey(*key).cssmKey());
	253	}
	254	CssmClient::DeriveKey derive(Server::csp(), context.algorithm(), CSSM_ALGID_NONE);
	255	derive.override(context);
	256
	257	// derive key
	258	// @@@ turn "none" return into reference if permanent (only)
	259	CssmKey dKey;
	260	derive(param, LocalKey::KeySpec(usage, attrs), dKey);
	261
	262	// register and return the generated key
	263	derivedKey = makeKey(dKey, attrs & LocalKey::managedAttributes, owner);
	264	}
	265
	266
	267	//
268	// Miscellaneous CSSM functions
269	//
270	void LocalDatabase::getOutputSize(const Context &context, Key &key, uint32 inputSize,
271	bool encrypt, uint32 &result)
272	{
273	// We're fudging here somewhat, since the context can be any type.
274	// ctx.override will fix the type, and no-one's the wiser.
275	context.replace(CSSM_ATTRIBUTE_KEY, myKey(key).cssmKey());
276	CssmClient::Digest ctx(Server::csp(), context.algorithm());
277	ctx.override(context);
278	result = ctx.getOutputSize(inputSize, encrypt);
279	}