]> git.saurik.com Git - apple/security.git/blob - SecurityServer/ssblob.h
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-54.tar.gz
[apple/security.git] / SecurityServer / ssblob.h
1 /*
2 * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
3 *
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
8 * using this file.
9 *
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
16 */
17
18
19 //
20 // ssblob - objects to represent key and database blobs to SecurityServer
21 //
22 #ifndef _H_SSBLOB
23 #define _H_SSBLOB
24
25 #include <Security/SecurityServerClient.h>
26 #include <Security/cssm.h>
27 #include <Security/utilities.h>
28 #include <Security/cssmalloc.h>
29 #include <Security/cssmacl.h>
30 #include <Security/memutils.h>
31
32
33 namespace Security
34 {
35
36 using LowLevelMemoryUtilities::increment;
37
38 namespace SecurityServer
39 {
40
41 //
42 // A generic blob
43 //
44 class Blob {
45 protected:
46 template <class T>
47 T *at(off_t offset) { return LowLevelMemoryUtilities::increment<T>(this, offset); }
48 void *at(off_t offset) { return LowLevelMemoryUtilities::increment(this, offset); }
49 };
50
51
52 //
53 // The common features of our blobs
54 //
55 class CommonBlob : public Blob {
56 public:
57 // initial fixed fields for versioning
58 uint32 magic; // magic number
59 uint32 version; // version code
60
61 static const uint32 magicNumber = 0xfade0711;
62
63 static const uint32 version_MacOS_10_0 = 0x00000100; // MacOS 10.0.x
64 static const uint32 version_MacOS_10_1 = 0x00000101; // MacOS 10.1.x and on
65 static const uint32 currentVersion = version_MacOS_10_0;
66
67 public:
68 void initialize(uint32 version = currentVersion);
69 void validate(CSSM_RETURN failureCode) const;
70
71 void *data() { return at(0); }
72 };
73
74
75 //
76 // A Database blob
77 //
78 class DbBlob : public CommonBlob {
79 public:
80 struct Signature {
81 uint8 bytes[16];
82
83 bool operator < (const Signature &sig) const
84 { return memcmp(bytes, sig.bytes, sizeof(bytes)) < 0; }
85 bool operator == (const Signature &sig) const
86 { return memcmp(bytes, sig.bytes, sizeof(bytes)) == 0; }
87 };
88
89 struct PrivateBlob : public Blob {
90 typedef uint8 EncryptionKey[24];
91 typedef uint8 SigningKey[20];
92
93 EncryptionKey encryptionKey; // master encryption key
94 SigningKey signingKey; // master signing key
95
96 // private ACL blob follows, to the end
97 void *privateAclBlob() { return at(sizeof(PrivateBlob)); }
98 };
99
100 public:
101 // position separators between variable-length fields (see below)
102 uint32 startCryptoBlob; // end of public ACL; start of crypto blob
103 uint32 totalLength; // end of crypto blob; end of entire blob
104
105 Signature randomSignature; // randomizing database signature
106 uint32 sequence; // database sequence number
107 DBParameters params; // database settable parameters
108
109 uint8 salt[20]; // derivation salt
110 uint8 iv[8]; // encryption iv
111
112 uint8 blobSignature[20]; // HMAC/SHA1 of entire blob except itself
113
114 // variable length fields:
115 void *publicAclBlob() { return at(sizeof(DbBlob)); }
116 size_t publicAclBlobLength() const
117 { return startCryptoBlob - sizeof(DbBlob); }
118
119 void *cryptoBlob() { return at(startCryptoBlob); }
120 size_t cryptoBlobLength() const { return totalLength - startCryptoBlob; }
121
122 uint32 length() const { return totalLength; }
123
124 DbBlob *copy(CssmAllocator &alloc = CssmAllocator::standard()) const
125 {
126 DbBlob *blob = alloc.malloc<DbBlob>(length());
127 memcpy(blob, this, length());
128 return blob;
129 }
130 };
131
132
133 //
134 // A key blob
135 //
136 class KeyBlob : public CommonBlob {
137 public:
138 uint32 startCryptoBlob; // end of public ACL; start of crypto blob
139 uint32 totalLength; // end of crypto blob; end of entire blob
140
141 uint8 iv[8]; // encryption iv
142
143 CssmKey::Header header; // key header as-is
144 struct WrappedFields {
145 CSSM_KEYBLOB_TYPE blobType;
146 CSSM_KEYBLOB_FORMAT blobFormat;
147 CSSM_ALGORITHMS wrapAlgorithm;
148 CSSM_ENCRYPT_MODE wrapMode;
149 } wrappedHeader;
150
151 uint8 blobSignature[20]; // HMAC/SHA1 of entire blob except itself
152
153 // variable length fields:
154 void *publicAclBlob() { return at(sizeof(KeyBlob)); }
155 size_t publicAclBlobLength() const
156 { return startCryptoBlob - sizeof(KeyBlob); }
157
158 void *cryptoBlob() { return at(startCryptoBlob); }
159 size_t cryptoBlobLength() const { return totalLength - startCryptoBlob; }
160
161 uint32 length() const { return totalLength; }
162
163 // these bits are managed internally by the SecurityServer (and not passed to the CSPs)
164 static const uint32 managedAttributes =
165 CSSM_KEYATTR_ALWAYS_SENSITIVE |
166 CSSM_KEYATTR_NEVER_EXTRACTABLE |
167 CSSM_KEYATTR_PERMANENT;
168
169 public:
170 KeyBlob *copy(CssmAllocator &alloc) const
171 {
172 KeyBlob *blob = alloc.malloc<KeyBlob>(length());
173 memcpy(blob, this, length());
174 return blob;
175 }
176 };
177
178
179 } // end namespace SecurityServer
180
181 } // end namespace Security
182
183
184 #endif //_H_SSBLOB
mirror of Security