OSX/libsecurity_keychain/lib/KeyItem.h

   1 /*
   2  * Copyright (c) 2002-2011,2013 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 //
  25 // KeyItem.h
  26 //
  27 #ifndef _SECURITY_KEYITEM_H_
  28 #define _SECURITY_KEYITEM_H_
  29
  30 #include <security_keychain/Item.h>
  31 #include <Security/SecKeyPriv.h>
  32
  33 namespace Security
  34 {
  35
  36 namespace KeychainCore
  37 {
  38
  39 class KeyItem : public ItemImpl
  40 {
  41         NOCOPY(KeyItem)
  42 public:
  43         SECCFFUNCTIONS_BASE(KeyItem, SecKeyRef)
  44
  45     // SecKeyRef is now provided by iOS implementation, so we have to hack standard accessors normally defined by
  46     // SECCFUNCTIONS macro to retarget SecKeyRef to foreign object instead of normal way through SecCFObject.
  47     static KeyItem *required(SecKeyRef ptr);
  48     static KeyItem *optional(SecKeyRef ptr);
  49     operator CFTypeRef() const throw();
  50     static SecCFObject *fromSecKeyRef(CFTypeRef ref);
  51     void attachSecKeyRef() const;
  52     void initializeWithSecKeyRef(SecKeyRef ref);
  53
  54 private:
  55     // This weak backpointer to owning SecKeyRef instance (which is created by iOS SecKey code).
  56     mutable SecKeyRef mWeakSecKeyRef;
  57
  58         // db item constructor
  59 private:
  60     KeyItem(const Keychain &keychain, const PrimaryKey &primaryKey, const CssmClient::DbUniqueRecord &uniqueId);
  61
  62         // PrimaryKey item constructor
  63     KeyItem(const Keychain &keychain, const PrimaryKey &primaryKey);
  64
  65 public:
  66         static KeyItem* make(const Keychain &keychain, const PrimaryKey &primaryKey, const CssmClient::DbUniqueRecord &uniqueId);
  67         static KeyItem* make(const Keychain &keychain, const PrimaryKey &primaryKey);
  68
  69         KeyItem(KeyItem &keyItem);
  70
  71         KeyItem(const CssmClient::Key &key);
  72
  73     virtual ~KeyItem();
  74
  75         virtual void update();
  76         virtual Item copyTo(const Keychain &keychain, Access *newAccess = NULL);
  77         virtual Item importTo(const Keychain &keychain, Access *newAccess = NULL, SecKeychainAttributeList *attrList = NULL);
  78         virtual void didModify();
  79
  80         CssmClient::SSDbUniqueRecord ssDbUniqueRecord();
  81         CssmClient::Key &key();
  82         CssmClient::CSP csp();
  83
  84     // Returns the header of the unverified key (without checking integrity). This will skip ACL checks, but don't trust the data very much.
  85     // Can't return a reference, because maybe the unverified key will get released upon return.
  86     CssmKey::Header unverifiedKeyHeader();
  87
  88         const CSSM_X509_ALGORITHM_IDENTIFIER& algorithmIdentifier();
  89         unsigned int strengthInBits(const CSSM_X509_ALGORITHM_IDENTIFIER *algid);
  90     CssmClient::Key publicKey();
  91
  92         const AccessCredentials *getCredentials(
  93                 CSSM_ACL_AUTHORIZATION_TAG operation,
  94                 SecCredentialType credentialType);
  95
  96         bool operator == (KeyItem &other);
  97
  98         static void createPair(
  99                 Keychain keychain,
 100         CSSM_ALGORITHMS algorithm,
 101         uint32 keySizeInBits,
 102         CSSM_CC_HANDLE contextHandle,
 103         CSSM_KEYUSE publicKeyUsage,
 104         uint32 publicKeyAttr,
 105         CSSM_KEYUSE privateKeyUsage,
 106         uint32 privateKeyAttr,
 107         SecPointer<Access> initialAccess,
 108         SecPointer<KeyItem> &outPublicKey,
 109         SecPointer<KeyItem> &outPrivateKey);
 110
 111         static void importPair(
 112                 Keychain keychain,
 113                 const CSSM_KEY &publicCssmKey,
 114                 const CSSM_KEY &privateCssmKey,
 115         SecPointer<Access> initialAccess,
 116         SecPointer<KeyItem> &outPublicKey,
 117         SecPointer<KeyItem> &outPrivateKey);
 118
 119         static SecPointer<KeyItem> generate(
 120                 Keychain keychain,
 121                 CSSM_ALGORITHMS algorithm,
 122                 uint32 keySizeInBits,
 123                 CSSM_CC_HANDLE contextHandle,
 124                 CSSM_KEYUSE keyUsage,
 125                 uint32 keyAttr,
 126                 SecPointer<Access> initialAccess);
 127
 128         static SecPointer<KeyItem> generateWithAttributes(
 129                 const SecKeychainAttributeList *attrList,
 130                 Keychain keychain,
 131                 CSSM_ALGORITHMS algorithm,
 132                 uint32 keySizeInBits,
 133                 CSSM_CC_HANDLE contextHandle,
 134                 CSSM_KEYUSE keyUsage,
 135                 uint32 keyAttr,
 136                 SecPointer<Access> initialAccess);
 137
 138         virtual const CssmData &itemID();
 139
 140         virtual CFHashCode hash();
 141
 142     virtual void setIntegrity(bool force = false);
 143     virtual bool checkIntegrity();
 144
 145     // Call this function to remove the integrity and partition_id ACLs from
 146     // this item. You're not supposed to be able to do this, so force the issue
 147     // by providing credentials to this keychain.
 148     virtual void removeIntegrity(const AccessCredentials *cred);
 149
 150     static void modifyUniqueId(Keychain keychain, SSDb ssDb, DbUniqueRecord& uniqueId, DbAttributes& newDbAttributes, CSSM_DB_RECORDTYPE recordType);
 151
 152 protected:
 153         virtual PrimaryKey add(Keychain &keychain);
 154 private:
 155     CssmClient::Key unverifiedKey();
 156
 157         CssmClient::Key mKey;
 158         const CSSM_X509_ALGORITHM_IDENTIFIER *algid;
 159         CssmAutoData mPubKeyHash;
 160     CssmClient::Key mPublicKey;
 161 };
 162
 163 } // end namespace KeychainCore
 164
 165 } // end namespace Security
 166
 167 struct OpaqueSecKeyRef {
 168     CFRuntimeBase _base;
 169     const SecKeyDescriptor *key_class;
 170     SecKeyRef cdsaKey;
 171     Security::KeychainCore::KeyItem *key;
 172     SecCredentialType credentialType;
 173 };
 174
 175 #endif // !_SECURITY_KEYITEM_H_