2 * Copyright (c) 2000-2004,2006,2011,2013-2014 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
26 // sstransit - Securityd client side transition support.
28 #include "sstransit.h"
29 #include <security_cdsa_client/cspclient.h>
30 #include <security_utilities/mach++.h>
33 namespace SecurityServer
{
35 using MachPlusPlus::check
;
36 using MachPlusPlus::VMGuard
;
40 // This happens "at the end" of a glue method, via the DataOutput destructor.
42 DataOutput::~DataOutput()
44 // @@@ Why are we setting up a VMGuard if mData is NULL?
45 VMGuard
_(mData
, mLength
);
46 if (mData
) // was assigned to; IPC returned OK
47 if (mTarget
) { // output CssmData exists
48 if (mTarget
->data()) { // caller provided buffer
49 if (mTarget
->length() < mLength
)
50 CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR
);
51 mTarget
->length(mLength
); // no allocation; shorten buffer
52 } else { // allocate buffer
53 *mTarget
= CssmData(allocator
.malloc(mLength
), mLength
);
55 memcpy(mTarget
->data(), mData
, mLength
);
61 // Copy an AccessCredentials for shipment.
62 // In addition, scan the samples for "special" database locking samples
63 // and translate certain items for safe shipment. Note that this overwrites
64 // part of the CssmList value (CSPHandle -> SS/KeyHandle), but we do it on
65 // the COPY, so that's okay.
67 DatabaseAccessCredentials::DatabaseAccessCredentials(const AccessCredentials
*creds
, Allocator
&alloc
)
68 : Copier
<AccessCredentials
>(creds
, alloc
)
71 for (uint32 n
= 0; n
< value()->samples().length(); n
++) {
72 TypedList sample
= value()->samples()[n
];
74 switch (sample
.type()) {
75 case CSSM_SAMPLE_TYPE_KEYCHAIN_LOCK
:
76 sample
.snip(); // skip sample type (snip() advances to next)
78 if (sample
.type() == CSSM_SAMPLE_TYPE_SYMMETRIC_KEY
||
79 sample
.type() == CSSM_SAMPLE_TYPE_ASYMMETRIC_KEY
) {
80 secinfo("SSclient", "key sample encountered");
81 // proper form is sample[1] = DATA:CSPHandle, sample[2] = DATA:CSSM_KEY,
82 // sample[3] = auxiliary data (not changed)
83 if (sample
.length() != 4
84 || sample
[1].type() != CSSM_LIST_ELEMENT_DATUM
85 || sample
[2].type() != CSSM_LIST_ELEMENT_DATUM
86 || sample
[3].type() != CSSM_LIST_ELEMENT_DATUM
)
87 CssmError::throwMe(CSSM_ERRCODE_INVALID_SAMPLE_VALUE
);
90 *sample
[2].data().interpretedAs
<CssmKey
>(CSSM_ERRCODE_INVALID_SAMPLE_VALUE
));
93 case CSSM_SAMPLE_TYPE_KEYCHAIN_CHANGE_LOCK
:
94 sample
.snip(); // skip sample type
96 if (sample
.type() == CSSM_SAMPLE_TYPE_SYMMETRIC_KEY
||
97 sample
.type() == CSSM_SAMPLE_TYPE_ASYMMETRIC_KEY
) {
98 secinfo("SSclient", "key sample encountered");
99 // proper form is sample[1] = DATA:CSPHandle, sample[2] = DATA:CSSM_KEY
100 if (sample
.length() != 3
101 || sample
[1].type() != CSSM_LIST_ELEMENT_DATUM
102 || sample
[2].type() != CSSM_LIST_ELEMENT_DATUM
)
103 CssmError::throwMe(CSSM_ERRCODE_INVALID_SAMPLE_VALUE
);
106 *sample
[2].data().interpretedAs
<CssmKey
>(CSSM_ERRCODE_INVALID_SAMPLE_VALUE
));
116 void DatabaseAccessCredentials::mapKeySample(CssmData
&cspHandleData
, CssmKey
&key
)
118 // We use a CSP passthrough to get the securityd key handle for a (reference) key.
119 // We try the passthrough on everyone, since there's multiple CSP/DL modules
120 // that play games with securityd, and we want to give everyone a chance to play.
122 // @@@ can't use CssmClient (it makes its own attachments)
124 CSSM_CSP_HANDLE
&cspHandle
= *cspHandleData
.interpretedAs
<CSSM_CSP_HANDLE
>(CSSM_ERRCODE_INVALID_SAMPLE_VALUE
);
125 CssmError::check(CSSM_CSP_CreatePassThroughContext(cspHandle
, &key
, &ctx
));
127 CSSM_RETURN passthroughError
=
128 CSSM_CSP_PassThrough(ctx
, CSSM_APPLESCPDL_CSP_GET_KEYHANDLE
, NULL
, (void **)&ssKey
);
129 CSSM_DeleteContext(ctx
); // ignore error
130 switch (passthroughError
) {
131 case CSSM_OK
: // got the passthrough; rewrite the sample
132 assert(sizeof(CSSM_CSP_HANDLE
) >= sizeof(KeyHandle
)); // future insurance
134 cspHandleData
.length(sizeof(KeyHandle
));
135 secinfo("SSclient", "key sample mapped to key 0x%x", ssKey
);
137 case CSSMERR_CSP_INVALID_PASSTHROUGH_ID
:
138 return; // CSP didn't understand the callback; leave the sample alone
140 CssmError::throwMe(passthroughError
); // error
146 // Inbound/outbound transit for the elaborate data-access attribute vectors
148 DataRetrieval::DataRetrieval(CssmDbRecordAttributeData
*&attributes
, Allocator
&alloc
)
149 : Copier
<CssmDbRecordAttributeData
>(attributes
),
150 mAllocator(alloc
), mAttributes(attributes
), mAddr(NULL
), mBase(NULL
), mLength(0)
154 DataRetrieval::~DataRetrieval()
157 relocate(mAddr
, mBase
);
158 if (mAttributes
->size() != mAddr
->size()) {
159 secemergency("~DataRetrieval: size mismatch, %u != %u", mAttributes
->size(), mAddr
->size());
163 // global (per-record) fields
164 mAttributes
->recordType(mAddr
->recordType());
165 mAttributes
->semanticInformation(mAddr
->semanticInformation());
167 // transfer data values (but not infos, which we keep in the original vector)
168 for (uint32 n
= 0; n
< mAttributes
->size(); n
++)
169 mAttributes
->at(n
).copyValues(mAddr
->at(n
), mAllocator
);
174 } // namespace SecurityServer
175 } // end namespace Security
projects / apple / security.git / blob