]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_apple_csp/lib/AppleCSPSession.h
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-59754.80.3.tar.gz
[apple/security.git] / OSX / libsecurity_apple_csp / lib / AppleCSPSession.h
1 /*
2 * Copyright (c) 2000-2001,2011,2014 Apple Inc. All Rights Reserved.
3 *
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
8 * using this file.
9 *
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
16 */
17
18
19 //
20 // AppleCSPSession.h - top-level session class
21 //
22 #ifndef _APPLE_CSP_SESSION_H_
23 #define _APPLE_CSP_SESSION_H_
24
25 #include <security_cdsa_plugin/cssmplugin.h>
26 #include <security_cdsa_plugin/pluginsession.h>
27 #include <security_cdsa_plugin/CSPsession.h>
28 #include <security_utilities/threading.h>
29 #include "BinaryKey.h"
30 #include "AppleCSPUtils.h"
31
32 class CSPKeyInfoProvider;
33
34 /* avoid unnecessary includes.... */
35 class AppleCSPPlugin;
36 #ifdef CRYPTKIT_CSP_ENABLE
37 class CryptKitFactory;
38 #endif
39 class MiscAlgFactory;
40 #ifdef ASC_CSP_ENABLE
41 class AscAlgFactory;
42 #endif
43 class RSA_DSA_Factory;
44 class DH_Factory;
45
46 /* one per attach/detach */
47 class AppleCSPSession : public CSPFullPluginSession {
48 public:
49
50 AppleCSPSession(
51 CSSM_MODULE_HANDLE handle,
52 AppleCSPPlugin &plug,
53 const CSSM_VERSION &Version,
54 uint32 SubserviceID,
55 CSSM_SERVICE_TYPE SubServiceType,
56 CSSM_ATTACH_FLAGS AttachFlags,
57 const CSSM_UPCALLS &upcalls);
58
59 ~AppleCSPSession();
60
61 CSPContext *contextCreate(
62 CSSM_CC_HANDLE handle,
63 const Context &context);
64 void setupContext(
65 CSPContext * &cspCtx,
66 const Context &context,
67 bool encoding);
68
69 // Functions declared in CSPFullPluginSession which we override.
70
71 // Free a key. If this is a reference key
72 // we generated, remove it from refKeyMap.
73 void FreeKey(const AccessCredentials *AccessCred,
74 CssmKey &KeyPtr,
75 CSSM_BOOL Delete);
76
77 void UnwrapKey(CSSM_CC_HANDLE CCHandle,
78 const Context &Context,
79 const CssmKey *PublicKey,
80 const CssmKey &WrappedKey,
81 uint32 KeyUsage,
82 uint32 KeyAttr,
83 const CssmData *KeyLabel,
84 const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry,
85 CssmKey &UnwrappedKey,
86 CssmData &DescriptiveData,
87 CSSM_PRIVILEGE Privilege);
88 void WrapKey(CSSM_CC_HANDLE CCHandle,
89 const Context &Context,
90 const AccessCredentials &AccessCred,
91 const CssmKey &Key,
92 const CssmData *DescriptiveData,
93 CssmKey &WrappedKey,
94 CSSM_PRIVILEGE Privilege);
95 void DeriveKey(CSSM_CC_HANDLE CCHandle,
96 const Context &Context,
97 CssmData &Param,
98 uint32 KeyUsage,
99 uint32 KeyAttr,
100 const CssmData *KeyLabel,
101 const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry,
102 CssmKey &DerivedKey);
103 void PassThrough(CSSM_CC_HANDLE CCHandle,
104 const Context &Context,
105 uint32 PassThroughId,
106 const void *InData,
107 void **OutData);
108 void getKeySize(const CssmKey &key,
109 CSSM_KEY_SIZE &size);
110
111 // add a BinaryKey to our refKeyMap. Sets up cssmKey
112 // as appropriate.
113 void addRefKey(
114 BinaryKey &binKey,
115 CssmKey &cssmKey);
116
117 // Given a CssmKey in reference form, obtain the associated
118 // BinaryKey.
119 BinaryKey &lookupRefKey(
120 const CssmKey &cssmKey);
121
122 // CSP's RNG. This redirects to Yarrow.
123 void getRandomBytes(size_t length, uint8 *cp);
124 void addEntropy(size_t length, const uint8 *cp);
125
126 Allocator &normAlloc() { return normAllocator; }
127 Allocator &privAlloc() { return privAllocator; }
128
129 #ifdef CRYPTKIT_CSP_ENABLE
130 CryptKitFactory &cryptKitFactory;
131 #endif
132 MiscAlgFactory &miscAlgFactory;
133 #ifdef ASC_CSP_ENABLE
134 AscAlgFactory &ascAlgFactory;
135 #endif
136 RSA_DSA_Factory &rsaDsaAlgFactory;
137 DH_Factory &dhAlgFactory;
138
139 private:
140 // storage of binary keys (which apps know as reference keys)
141 typedef std::map<KeyRef, const BinaryKey *> keyMap;
142 keyMap refKeyMap;
143 Mutex refKeyMapLock;
144 Allocator &normAllocator;
145 Allocator &privAllocator;
146
147 BinaryKey *lookupKeyRef(KeyRef keyRef);
148 void DeriveKey_PBKDF2(
149 const Context &Context,
150 const CssmData &Param,
151 CSSM_DATA *keyData);
152
153 void DeriveKey_PKCS5_V1_5(
154 const Context &context,
155 CSSM_ALGORITHMS algId,
156 const CssmData &Param,
157 CSSM_DATA *keyData);
158
159 void DeriveKey_OpenSSH1(
160 const Context &context,
161 CSSM_ALGORITHMS algId,
162 const CssmData &Param,
163 CSSM_DATA *keyData);
164
165 /* CMS wrap/unwrap, called out from standard wrap/unwrap */
166 void WrapKeyCms(
167 CSSM_CC_HANDLE CCHandle,
168 const Context &Context,
169 const AccessCredentials &AccessCred,
170 const CssmKey &UnwrappedKey,
171 CssmData &rawBlob,
172 bool allocdRawBlob, // callee has to free rawBlob
173 const CssmData *DescriptiveData,
174 CssmKey &WrappedKey,
175 CSSM_PRIVILEGE Privilege);
176
177 void UnwrapKeyCms(
178 CSSM_CC_HANDLE CCHandle,
179 const Context &Context,
180 const CssmKey &WrappedKey,
181 const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry,
182 CssmKey &UnwrappedKey,
183 CssmData &DescriptiveData,
184 CSSM_PRIVILEGE Privilege,
185 cspKeyStorage keyStorage);
186
187 /* OpenSSHv1 wrap/unwrap, called out from standard wrap/unwrap */
188 void WrapKeyOpenSSH1(
189 CSSM_CC_HANDLE CCHandle,
190 const Context &Context,
191 const AccessCredentials &AccessCred,
192 BinaryKey &unwrappedBinKey,
193 CssmData &rawBlob,
194 bool allocdRawBlob, // callee has to free rawBlob
195 const CssmData *DescriptiveData,
196 CssmKey &WrappedKey,
197 CSSM_PRIVILEGE Privilege);
198
199 void UnwrapKeyOpenSSH1(
200 CSSM_CC_HANDLE CCHandle,
201 const Context &Context,
202 const CssmKey &WrappedKey,
203 const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry,
204 CssmKey &UnwrappedKey,
205 CssmData &DescriptiveData,
206 CSSM_PRIVILEGE Privilege,
207 cspKeyStorage keyStorage);
208
209 /*
210 * Used for generating crypto contexts at this level.
211 * Analogous to AlgorithmFactory.setup().
212 */
213 bool setup(
214 CSPFullPluginSession::CSPContext * &cspCtx,
215 const Context &context);
216
217 /*
218 * Find a CSPKeyInfoProvider subclass for the specified key.
219 */
220 CSPKeyInfoProvider *infoProvider(
221 const CssmKey &key);
222
223 void pkcs8InferKeyHeader(
224 CssmKey &key);
225
226 void opensslInferKeyHeader(
227 CssmKey &key);
228
229 }; /* AppleCSPSession */
230
231
232 #endif //_APPLE_CSP_SESSION_H_
mirror of Security