]> git.saurik.com Git - apple/security.git/blob - SecurityServer/connection.h
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-176.tar.gz
[apple/security.git] / SecurityServer / connection.h
1 /*
2 * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
3 *
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
8 * using this file.
9 *
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
16 */
17
18
19 //
20 // connection - manage connections to clients
21 //
22 #ifndef _H_CONNECTION
23 #define _H_CONNECTION
24
25 #include "securityserver.h"
26 #include "SecurityAgentClient.h"
27 #include <Security/osxsigning.h>
28 #include "process.h"
29 #include "key.h"
30 #include <string>
31
32 using MachPlusPlus::Port;
33 using MachPlusPlus::TaskPort;
34
35 class Session;
36
37
38 //
39 // A Connection object represents an established connection between a client
40 // and the SecurityServer. Note that in principle, a client process can have
41 // multiple Connections (each represented by an IPC channel), though there will
42 // usually be only one.
43 //
44 class Connection {
45 typedef Key::Handle KeyHandle;
46 public:
47 Connection(Process &proc, Port rPort);
48 virtual ~Connection();
49 void terminate(); // normal termination
50 bool abort(bool keepReplyPort = false); // abnormal termination
51
52 Port clientPort() const { return mClientPort; }
53
54 // work framing - called as work threads pick up connection work
55 void beginWork(); // I've got it
56 void checkWork(); // everything still okay?
57 bool endWork(); // Done with this
58
59 // notify that a SecurityAgent call may hang the active worker thread for a while
60 void useAgent(SecurityAgent::Client *client)
61 { StLock<Mutex> _(lock); agentWait = client; }
62
63 // special UI convenience - set a don't-ask-again trigger for Keychain-style ACLs
64 void setAclUpdateTrigger(const SecurityServerAcl &object)
65 { aclUpdateTrigger = &object; aclUpdateTriggerCount = aclUpdateTriggerLimit + 1; }
66 bool aclWasSetForUpdateTrigger(const SecurityServerAcl &object) const
67 { return aclUpdateTriggerCount > 0 && aclUpdateTrigger == &object; }
68
69 Process &process;
70
71 public:
72 void releaseKey(KeyHandle key);
73 CSSM_KEY_SIZE queryKeySize(Key &key);
74
75 // service calls
76 void generateSignature(const Context &context, Key &key, CSSM_ALGORITHMS signOnlyAlgorithm,
77 const CssmData &data, CssmData &signature);
78 void verifySignature(const Context &context, Key &key, CSSM_ALGORITHMS verifyOnlyAlgorithm,
79 const CssmData &data, const CssmData &signature);
80 void generateMac(const Context &context, Key &key,
81 const CssmData &data, CssmData &mac);
82 void verifyMac(const Context &context, Key &key,
83 const CssmData &data, const CssmData &mac);
84
85 void encrypt(const Context &context, Key &key, const CssmData &clear, CssmData &cipher);
86 void decrypt(const Context &context, Key &key, const CssmData &cipher, CssmData &clear);
87
88 void generateKey(Database *db, const Context &context,
89 const AccessCredentials *cred, const AclEntryPrototype *owner,
90 uint32 usage, uint32 attrs, Key * &newKey);
91 void generateKey(Database *db, const Context &context,
92 const AccessCredentials *cred, const AclEntryPrototype *owner,
93 uint32 pubUsage, uint32 pubAttrs, uint32 privUsage, uint32 privAttrs,
94 Key * &publicKey, Key * &privateKey);
95 Key &deriveKey(Database *db, const Context &context, Key *key,
96 const AccessCredentials *cred, const AclEntryPrototype *owner,
97 CssmData *param, uint32 usage, uint32 attrs);
98
99 void wrapKey(const Context &context, Key *key,
100 Key &keyToBeWrapped, const AccessCredentials *cred,
101 const CssmData &descriptiveData, CssmKey &wrappedKey);
102 Key &unwrapKey(Database *db, const Context &context, Key *key,
103 const AccessCredentials *cred, const AclEntryPrototype *owner,
104 uint32 usage, uint32 attrs, const CssmKey wrappedKey,
105 Key *publicKey, CssmData *descriptiveData);
106
107 uint32 getOutputSize(const Context &context, Key &key, uint32 inputSize, bool encrypt = true);
108
109 private:
110 // peer state: established during connection startup; fixed thereafter
111 Port mClientPort;
112
113 // transient state (altered as we go)
114 Mutex lock;
115 enum State {
116 idle, // no thread services us
117 busy, // a thread is busy servicing us
118 dying // busy and scheduled to die as soon as possible
119 } state;
120 SecurityAgent::Client *agentWait; // SA client session we may be waiting on
121
122 // see KeychainPromptAclSubject in acl_keychain.cpp for more information on this
123 const SecurityServerAcl *aclUpdateTrigger; // update trigger set for this (NULL if none)
124 uint8 aclUpdateTriggerCount; // number of back-to-back requests honored
125 static const uint8 aclUpdateTriggerLimit = 3; // 3 calls (getAcl+getOwner+changeAcl)
126 };
127
128
129 #endif //_H_CONNECTION
mirror of Security